5315 matches found
xst
This plugin finds the Cross Site Tracing XST vulnerability. No configurable paramaters are available. The TRACE method echos back requests sent to it. This plugin sends a TRACE request to the server and if the request is echoed back then XST is confirmed. Plugin type Audit Options This plugin...
detect_transparent_proxy
This plugin tries to detect transparent proxies. The procedure for detecting transparent proxies is simple, I try to connect to a series of IP addresses, to the port 80, if all of them return an opened socket, then its the proxy server responding. Plugin type Infrastructure Options This plugin...
server_status
This plugin fetches the server-status file used by Apache, and parses it. After parsing, new URLs are found, and in some cases, the plugin can deduce the existance of other domains hosted on the same server. Plugin type Infrastructure Options This plugin doesnt have any user configured options...
lang
This plugin reads N pages and determines the language the site is written in. This is done by saving a list of prepositions in different languages, and counting the number of matches on every page. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more...
sed
This plugin is a stream editor for web requests and responses. Three configurable parameters exist: priority expressions fixContentLen Stream edition expressions are strings that tell the sed plugin what to change. Sed plugin uses regular expressions, some examples: qh/User/NotLuser/ This will ma...
urllist_txt
This plugin searches for the urllist.txt file, and parses it. The urllist.txt file is/was used by Yahoos search engine. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...
rnd_param
This evasion plugin adds a random parameter. Example: Input: /bar/foo.asp Output : /bar/foo.asp?alsfkj=f09 Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
wordnet
This plugin finds new URLs using wn. An example is the best way to explain what this plugin does, lets suppose that the input for this plugin is: http://a/index.asp?color=blue The plugin will search the wordnet database for words that are related with "blue", and return for example: "black" and...
rnd_hex_encode
This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...
fingerprint_waf
Try to fingerprint the Web Application Firewall that is running on the remote end. Please note that the detection of the WAF is performed by the infrastructure.afd plugin afd stands for Active Filter Detection. Plugin type Infrastructure Options This plugin doesnt have any user configured options...
google_spider
This plugin finds new URLs using google. It will search for "site:domain.com" and do GET requests all the URLs found in the result. One configurable parameter exists: resultlimit Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- resultlimit | integer |...
get_emails
This plugin greps every page for emails, these can be used in other places, like bruteforce plugins, and are of great value when doing a complete information security assessment. Plugin type Grep Options Name | Type | Default Value | Description | Help ---|---|---|---|--- onlytargetdomain | boole...
content_negotiation
This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases: Identify if the web server has content negotiation enabled. For every resource found by any other plugin, perform a request to find new related resources. For example, if another plugin finds...
htaccess_methods
This plugin finds .htaccess misconfigurations in the LIMIT configuration parameter. This plugin is based on a paper written by Frame and madjoker from kernelpanik.org. The paper is called : "htaccess: bilbao method exposed" The idea of the technique and the plugin is to exploit common...
domain_dot
This plugin finds misconfigurations in the virtual host settings by sending a specially crafted request with a trailing dot in the domain name. For example, if the input for this plugin is http://host.tld/ , the plugin will perform a request to http://host.tld./ . In some misconfigurations, the...
dot_net_event_validation
ASP.NET implements a method to verify that every postback comes from the corresponding control, which is called EventValidation. In some cases the developers disable this kind of verifications by adding EnableEventValidation="false" to the .aspx file header, or in the web.config or system.config...
email_report
This plugin sends short report only vulnerabilities by email to specified addresses. There are some configurable parameters: smtpServer smtpPort toAddrs fromAddr Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- smtpServer | string | localhost | SMTP...
finger_pks
This plugin finds mail addresses in PGP PKS servers. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...
finger_google
This plugin finds mail addresses in google. Two configurable parameters exist: resultlimit fastsearch If fastsearch is set to False, this plugin searches google for : "@domain.com", requests all search results and parses them in order to find new mail addresses. If the fastsearch configuration...
pykto
This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...