5315 matches found
xst
This plugin finds the Cross Site Tracing XST vulnerability. No configurable paramaters are available. The TRACE method echos back requests sent to it. This plugin sends a TRACE request to the server and if the request is echoed back then XST is confirmed. Plugin type Audit Options This plugin...
server_status
This plugin fetches the server-status file used by Apache, and parses it. After parsing, new URLs are found, and in some cases, the plugin can deduce the existance of other domains hosted on the same server. Plugin type Infrastructure Options This plugin doesnt have any user configured options...
wordnet
This plugin finds new URLs using wn. An example is the best way to explain what this plugin does, lets suppose that the input for this plugin is: http://a/index.asp?color=blue The plugin will search the wordnet database for words that are related with "blue", and return for example: "black" and...
urllist_txt
This plugin searches for the urllist.txt file, and parses it. The urllist.txt file is/was used by Yahoos search engine. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...
rnd_param
This evasion plugin adds a random parameter. Example: Input: /bar/foo.asp Output : /bar/foo.asp?alsfkj=f09 Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
sed
This plugin is a stream editor for web requests and responses. Three configurable parameters exist: priority expressions fixContentLen Stream edition expressions are strings that tell the sed plugin what to change. Sed plugin uses regular expressions, some examples: qh/User/NotLuser/ This will ma...
fingerprint_waf
Try to fingerprint the Web Application Firewall that is running on the remote end. Please note that the detection of the WAF is performed by the infrastructure.afd plugin afd stands for Active Filter Detection. Plugin type Infrastructure Options This plugin doesnt have any user configured options...
finger_google
This plugin finds mail addresses in google. Two configurable parameters exist: resultlimit fastsearch If fastsearch is set to False, this plugin searches google for : "@domain.com", requests all search results and parses them in order to find new mail addresses. If the fastsearch configuration...
content_negotiation
This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases: Identify if the web server has content negotiation enabled. For every resource found by any other plugin, perform a request to find new related resources. For example, if another plugin finds...
oracle_discovery
This plugin retrieves Oracle Application Server URLs and extracts information available on them. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exact...
email_report
This plugin sends short report only vulnerabilities by email to specified addresses. There are some configurable parameters: smtpServer smtpPort toAddrs fromAddr Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- smtpServer | string | localhost | SMTP...
lang
This plugin reads N pages and determines the language the site is written in. This is done by saving a list of prepositions in different languages, and counting the number of matches on every page. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more...
detect_transparent_proxy
This plugin tries to detect transparent proxies. The procedure for detecting transparent proxies is simple, I try to connect to a series of IP addresses, to the port 80, if all of them return an opened socket, then its the proxy server responding. Plugin type Infrastructure Options This plugin...
rnd_hex_encode
This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...
finger_pks
This plugin finds mail addresses in PGP PKS servers. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...
google_spider
This plugin finds new URLs using google. It will search for "site:domain.com" and do GET requests all the URLs found in the result. One configurable parameter exists: resultlimit Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- resultlimit | integer |...
pykto
This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...
console
This plugin writes the framework messages to the console. One configurable parameter exists: verbose Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- verbose | boolean | False | Enables verbose output for the console | No detailed help available Sour...
directory_indexing
This plugin greps every response directory indexing problems. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin sour...
get_emails
This plugin greps every page for emails, these can be used in other places, like bruteforce plugins, and are of great value when doing a complete information security assessment. Plugin type Grep Options Name | Type | Default Value | Description | Help ---|---|---|---|--- onlytargetdomain | boole...