Lucene search
K

9528 matches found

w3af
w3af
added 2013/06/10 11:2 p.m.14 views

finger_google

This plugin finds mail addresses in google. Two configurable parameters exist: resultlimit fastsearch If fastsearch is set to False, this plugin searches google for : "@domain.com", requests all search results and parses them in order to find new mail addresses. If the fastsearch configuration...

7AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.25 views

zone_h

This plugin searches the zone-h.org defacement database and parses the result. The information stored in that database is useful to know about previous defacements to the target website. In some cases, the defacement site provides information about the exploited vulnerability, which may be still...

6.7AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.21 views

halberd

This plugin tries to find if an HTTP Load balancer is present. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.17 views

detect_transparent_proxy

This plugin tries to detect transparent proxies. The procedure for detecting transparent proxies is simple, I try to connect to a series of IP addresses, to the port 80, if all of them return an opened socket, then its the proxy server responding. Plugin type Infrastructure Options This plugin...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.28 views

frontpage_version

This plugin searches for the FrontPage Server Info file and if it finds it will try to determine the version of the Frontpage Server Extensions. The file is located inside the web server webroot. For example: http://localhost/vtiinf.html Plugin type Infrastructure Options This plugin doesnt have...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.29 views

domain_dot

This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the...

0.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.14 views

xssed_dot_com

This plugin searches the xssed.com database and parses the result. The information stored in that database is useful to know about previous XSS vulnerabilities in the target website. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more informatio...

6.3AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.18 views

finger_bing

This plugin finds mail addresses in Bing search engine. One configurable parameter exist: resultlimit This plugin searches Bing for : "@domain.com", requests all search results and parses them in order to find new mail addresses. Plugin type Infrastructure Options Name | Type | Default Value |...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.31 views

fingerprint_waf

Try to fingerprint the Web Application Firewall that is running on the remote end. Please note that the detection of the WAF is performed by the infrastructure.afd plugin afd stands for Active Filter Detection. Plugin type Infrastructure Options This plugin doesnt have any user configured options...

0.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.22 views

hmap

This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lees hmap. One configurable parameters exist: genFpF If genFpF is set t...

Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.16 views

shared_hosting

This plugin tries to find out if the web application under test is stored in a shared hosting. The procedure is pretty simple, using bing search engine, the plugin searches for "ip:1.2.3.4" where 1.2.3.4 is the IP address of the webserver. One configurable option exists: resultlimit Fetch the fir...

6.9AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.92 views

dav

This plugin finds WebDAV configuration errors. These errors are generally server configuration errors rather than a web application errors. To check for vulnerabilities of this kind, the plugin will try to PUT a file on a directory that has WebDAV enabled, if the file is uploaded successfully, th...

7.3AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.28 views

find_vhosts

This plugin uses the HTTP Host header to find new virtual hosts. For example, if the intranet page is hosted in the same server that the public page, and the web server is misconfigured, this plugin will discover that virtual host. Please note that this plugin doesnt use any DNS technique to find...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.9 views

favicon_identification

This plugin identifies software version using favicon.ico file. It checks MD5 of favicon against the MD5 database of favicons. See also: http://www.owasp.org/index.php/Category:OWASPFaviconDatabaseProject http://kost.com.hr/favicon.php Plugin type Infrastructure Options This plugin doesnt have an...

7.2AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.20 views

server_status

This plugin fetches the server-status file used by Apache, and parses it. After parsing, new URLs are found, and in some cases, the plugin can deduce the existance of other domains hosted on the same server. Plugin type Infrastructure Options This plugin doesnt have any user configured options...

7.1AI score
Exploits0
w3af
w3af
added 2013/06/10 11:2 p.m.12 views

find_jboss

This plugin identifies JBoss installation directories and possible security vulnerabilities. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2013/06/04 2:19 p.m.9 views

Data Sharing, Cooperation Key to Critical Infrastructure Security

WASHINGTON–The topic of critical infrastructure security may be the prettiest girl at the dance right now for both politicians and technology companies, but the problem of attackers going after these targets is one that security people have been dealing with for some time. But that doesn’t mean...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2013/06/04 11:49 a.m.9 views

Politics, Uncertainty Slowing Down U.S. Response to Cyber Threats

WASHINGTON–The shift in the last few years to cyberespionage and online attacks against the nation’s critical infrastructure have left the United States government lagging behind, and “a day late and a dollar short”, the former director of the National Security Agency said. The ongoing campaigns...

Exploits0References2
NVD
NVD
added 2013/05/31 9:55 p.m.32 views

CVE-2013-1247

Cross-site scripting XSS vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356...

4.3CVSS5.7AI score0.01523EPSS
Exploits0References1
Prion
Prion
added 2013/05/31 9:55 p.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356...

4.3CVSS6.1AI score0.01523EPSS
Exploits0References1
Rows per page
Query Builder