Daily 200 Spin Link Below

Daily 200 Spin Link | Collect 200 spin Now

BlindElephant

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

Scan the remote host (http://192.168.1.252/wp), specifying the web application in use (wordpress):

 

Plecost

 
WordPress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. Plecost retrieves the information contained on Web sites supported by WordPress, and also allows a search on the results indexed by Google.
Use 100 plugins (-n 100), sleep for 10 seconds between probes (-s 10) but no more than 15 (-M 15) and use the plugin list (-i /usr/share/plecost/wp_plugin_list.txt) to scan the given URL (192.168.1.202/wordpress):

 [email protected]:~# plecost -n 100 -s 10 -M 15 -i /usr/share/plecost/wp_plugin_list.txt 192.168.1.202/wordpress


WPScan

 

WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.


Scan a target WordPress URL and enumerate any plugins that are installed:

 [email protected]:~# wpscan –url http://wordpress.local –enumerate p

 



Database Exploitation

 

These tools are used to pentest the database including finding vulnerability,exploiting the vulnerability to gather database.

 

bbqsql

BBQSQL is a SQL injection framework specifically designed to be hyper fast, database agnostic, easy to setup, and easy to modify. The tool is extremely effective at exploiting a particular type of SQL injection flaw known as blind/semi-blind SQL injection. When doing application security assessments we often uncover SQL vulnerabilities that are difficult to exploit.

While current tools have an enormous amount of capability, when you can’t seem to get them to work you are out of luck. We frequently end up writing custom scripts to help aid in the tricky data extraction, but a lot of time is invested in developing, testing and debugging these scripts.

BBQSQL helps automate the process of exploiting tricky blind SQL injection. We developed a very easy UI to help you setup all the requirements for your particular vulnerability and provide real time configuration checking to make sure your data looks right. On top of being easy to use, it was designed using the event driven concurrency provided by Python’s gevent. This allows BBQSQL to run much faster than existing single/multithreaded applications.

 

 [email protected]:~# bbqsql



sqlninja

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.

Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Connect to the target in test mode (-m t) with the specified config file (-f /root/sqlninja.conf):

 [email protected]:~# sqlninja -m t -f /root/sqlninja.conf 

 

sqlsus

sqlsus is an open source MySQL injection and takeover tool, written in perl.

Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…

Whenever relevant, sqlsus will mimic a MySQL console output.

sqlsus focuses on speed and efficiency, optimising the available injection space, making the best use (I can think of) of MySQL functions.

It uses stacked subqueries and an powerful blind injection algorithm to maximise the data gathered per web server hit.

Using multithreading on top of that, sqlsus is an extremely fast database dumper, be it for inband or blind injection.

If the privileges are high enough, sqlsus will be a great help for uploading a backdoor through the injection point, and takeover the web server.

It uses SQLite as a backend, for an easier use of what has been dumped, and integrates a lot of usual features (see below) such as cookie support, socks/http proxying, https.

Generate a configuration file for the scan (-g sqlsus.cfg):

 

 [email protected]:~# sqlsus -g sqlsus.cfg

 

IDS/IPS Identification

Used in computer security, intrusion detection refers to the process of monitoring computer and network activities and analyzing those events to look for signs of intrusion in your system. The point of looking for unauthorized intrusions is to alert IT professionals and system administrators within your organization to potential system or network security threats and weaknesses.


IDS — A Passive Security Solution
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network activity and identify any suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS essentially reviews your network traffic and data and will identify probes, attacks, exploits and other vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event or even paging an administrator. In some cases the IDS may be prompted to reconfigure the network to reduce the effects of the suspicious intrusion.An IDS specifically looks for suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.The term IDS actually covers a large variety of products, for which all produce the end result of detecting intrusions. An IDS solution can come in the form of cheaper shareware or freely distributed open source programs, to a much more expensive and secure vendor software solution. Additionally, some IDSs consist of both software applications and hardware appliances and sensor devices which are installed at different points along your network.IPS — An Active Security SolutionIPS or intrusion prevention system, is definitely the next level of security technology with its capability to provide security at all system levels from the operating system kernel to network data packets. It provides policies and rules for network traffic along with an IDS for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also some unknown attacks due to its database of generic attack behaviors. Thought of as a combination of IDS and an application layer firewall for protection, IPS is generally considered to be the “next generation” of IDS.Currently, there are two types of IPSs that are similar in nature to IDS. They consist of host-based intrusion prevention systems (HIPS) products and network-based intrusion prevention systems (NIPS).ua-testerThis tool is designed to automatically check a given URL using a list of standard and non-standard User Agent strings provided by the user (1 per line). The results of these checks are then reported to the user for further manual analysis where required.Connect to the URL (-u http://192.168.1.202/joomla) and use mobile device User-Agent strings (-d M) to check for different content:

 [email protected]:~# ua-tester -u http://192.168.1.202/joomla -d M

 

Web Applicaion Fuzzer

Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

 [email protected]:~# burpsuite

 

Powerfuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user friendly, modern, effective and working.

Designed and coded to be modular and extendable. Adding new checks should simply entail adding new methods.

 [email protected]:~# powerfuzzer

 

WebScarab

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

 [email protected]:~# webscarab

 

 


WebSlayer

Webslayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer.

You can perform attacks like:


  • Predictable resource locator, recursion supported (Discovery)
  • Login forms brute force
  • Session brute force
  • Parameter brute force
  • Parameter fuzzing and injection (XSS, SQL)
  • Basic and Ntml authentication brute forcing

 [email protected]:~# webslayer

 
 
WebSploit
 
 
WebSploit Is An Open Source Project For:
  • Social Engineering Works
  • Scan,Crawler & Analysis Web
  • Automatic Exploiter
  • Support Network Attacks
  • Autopwn – Used From Metasploit For Scan and Exploit Target Service
  • wmap – Scan,Crawler Target Used From Metasploit wmap plugin
  • format infector – inject reverse & bind payload into file format
  • phpmyadmin Scanner
  • CloudFlare resolver
  • LFI Bypasser
  • Apache Users Scanner
  • Dir Bruter
  • admin finder
  • MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
  • MITM – Man In The Middle Attack
  • Java Applet Attack
  • MFOD Attack Vector
  • USB Infection Attack
  • ARP Dos Attack
  • Web Killer Attack
  • Fake Update Attack
  • Fake Access point Attack
  • Wifi Honeypot
  • Wifi Jammer
  • Wifi Dos
  • Bluetooth POD Attack
  •  

 [email protected]:~# websploit 

 
 
Wfuzz
 
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.
 
Use colour output (-c), a wordlist as a payload (-z file,/usr/share/wfuzz/wordlist/general/common.txt), and hide 404 messages (–hc 404) to fuzz the given URL (http://192.168.1.202/FUZZ):
 

 [email protected]:~# wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt –hc 404 http://192.168.1.202/FUZZ

 
 
XSSer
 
Cross Site “Scripter” (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
 

 [email protected]:~# xsser –gtk

 
 
Owasp-zap
 
OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.
 
For this tutorial we will be using Kali Linux and Metasploitable 2 virtual machines. 
 
Metasploitable 2 is purposefully vulnerable virtual machine that contains tons of vulnerabilities to find and exploit. I just used VMWare player for this tutorial running on a Windows 7 host.
 
Download both virtual machines and open them in VMWare player.
 
Kali Linux username and password is root/admin
 
Metasploitable username and password is msfadmin/msfadmin
 
Before we get started and as always, never use any security tools to scan or test a network that you do not own or have permission to do so. Also do not put Metasploitable 2 on a system that has open access to the internet as it is very vulnerable!
 
 
Web Application Proxies
 
 
Paros
 
A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
 

 [email protected]:~# paros

 
 
ProxyStrike
 
 
ProxyStrike is an active Web Application Proxy. It’s a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.
 
Right now it has available Sql injection and XSS plugins. Both plugins are designed to catch as many vulnerabilities as we can, it’s that why the SQL Injection plugin is a Python port of the great DarkRaver “Sqlibf”.
 
The process is very simple, ProxyStrike runs like a proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.
 

 [email protected]:~# proxystrike

 
 
Vega
 
Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
 
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.
 

 [email protected]:~# v

 
 
Web Crawlers
 
 
apache-users
 
This Perl script will enumerate the usernames on any system that uses Apache with the UserDir module.
 
Run against the remote host (-h 192.168.1.202), passing a dictionary of usernames (-l /usr/share/wordlists/metasploit/unix_users.txt), the port to use (-p 80), disable SSL (-s 0), specify the HTTP error code (-e 403), using 10 threads (-t 10):
 

 [email protected]:~# apache-users -h 192.168.1.202 -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10

 
 
CutyCapt
 
CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP.
 
Take a capture of the URL (–url=http://www.kali.org) and save it to disk (–out=kali.png):
 

 [email protected]:~# cutycapt –url=http://www.kali.org –out=kali.png

 

 
DIRB
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analizing the response.
 
DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner.
 
DIRB main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that
 
other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerables.
 
Scan the web server (http://192.168.1.224/) for directories using a dictionary file (/usr/share/wordlists/dirb/common.txt):
 

 [email protected]:~# dirb http://192.168.1.224/ /usr/share/wordlists/dirb/common.txt 

 
DirBuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists, this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide.
 

 [email protected]:~# dirbuster

 
 
Web Vulnerability Scanner
 
 
DAVTest
 
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
 
Scan the given WebDAV server (-url http://192.168.1.209):
 

 [email protected]:~# davtest -url http://192.168.1.209

 
deblaze
 
Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. This tool will allow you to perform method enumeration and interrogation against flash remoting end points. Deblaze came about as a necessity during a few security assessments of flash based websites that made heavy use of flash remoting. I needed something to give me the ability to dig a little deeper into the technology and identify security holes. On all of the servers I’ve seen so far the names are not case sensitive, making it much easier to bruteforce. Often times HTTP POST requests won’t be logged by the server, so bruteforcing may go unnoticed on poorly monitored systems.
 
 
fimap
 
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.
 
Scan the web application (-u “http://192.168.1.202/index.php”) for file inclusion issues:
 

 [email protected]:~# fimap -u “http://192.168.1.202/index.php”

 
 
Grabber
 
Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
 
Spider the web application to a depth of 1 (–spider 1) and attempt SQL (–sql) and XSS (–xss) attacks at the given URL (–url http://192.168.1.224):
 

 [email protected]:~# grabber –spider 1 –sql –xss –url http://192.168.1.224 

 
 
joomscan
 
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.
 
Scan the Joomla installation at the given URL (-u http://192.168.1.202/joomla) for vulnerabilities:
 

 [email protected]:~# joomscan -u http://192.168.1.202/joomla

 
jSQL
 
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).
 

 [email protected]:~# jsql

 
PadBuster
 
PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks.
 
 
Skipfish
 
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
 
Using the given directory for output (-o 202) , scan the web application URL (http://192.168.1.202/wordpress):
 

 [email protected]:~# skipfish -o 202 http://192.168.1.202/wordpress

 
sqlmap
 
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
 
Attack the given URL (-u “http://192.168.1.250/?p=1&forumaction=search”) and extract the database names (–dbs):
 

 [email protected]:~# sqlmap -u “http://192.168.1.250/?p=1&forumaction=search” –dbs

 
Uniscan
 
Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
 
Scan the given URL (-u http://192.168.1.202/) for vulnerabilities, enabling directory and dynamic checks (-qd):
 

 [email protected]:~# uniscan -u http://192.168.1.202/ -qd

 
 
w3af
 
w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework. If you want a command-line application only, install w3af-console. The framework has been called the “metasploit for the web”, but it’s actually much more than that, because it also discovers the web application vulnerabilities using black-box scanning techniques!. The w3af core and it’s plugins are fully written in Python. The project has more than 130 plugins, which identify and exploit SQL injection, cross site scripting (XSS), remote file inclusion and more.
 

 [email protected]:~# w3af 

 
 
whatweb
 
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1500 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
 
How To Use Whatweb :

 Open terminal type:[email protected]:~# whateweb[url]


Avatar

Ashish Staff

Ashish Staff

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Spoilers and raw scan for Solo Leveling 135, Release date, assumptions and much more.

Sun Jan 10 , 2021
Solo Leveling ”is one of the best manhwa. People all over the world love him and whenever the time is right for the next chapter in history, fans look forward to him. Well, here is the good news for ‘Solo Leveling’ fans as a new chapter in the story is […]