16 matches found
Collaborative Penetration Test & Vulnerability Management Platform: Faraday
Collaborative Penetration Test & Vulnerability Management Platform Faraday introduces a new concept – IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of...
xsscrapy - XSS/SQLi Spider
Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection. From within the main folder run: ./xsscrapy.py -u http://example.com If you wish to login then crawl:...
Web Security Dojo
Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions are available for download. Dojo is an open source project intended to be used as a training environment, and shouldn’t be used as a pen-testing platform due to the...
w3af Security Scanner
w3af is a vulnerability scanning product. Remote attackers can use w3af to detect vulnerabilities on a target server...
[Samurai Web Testing Framework v2.1] Live linux environment that has been pre-configured to function as a web pen-testing environment
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool...
export_requests
This plugin exports all discovered HTTP requests URL, Method, Params to the given file CSV which can then be imported in another scan by using the crawl.importresults. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help...
xss
This plugin finds Cross Site Scripting XSS vulnerabilities. One configurable parameters exists: persistentxss To find XSS bugs the plugin will send a set of javascript strings to every parameter, and search for that input in the response. The "persistentxss" parameter makes the plugin store all...
reversed_slashes
This evasion plugin changes the slashes from / to \ . Example: Input: /bar/foo.asp Output : \bar\foo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...
rfi
This plugin finds remote file inclusion vulnerabilities. Three configurable parameters exist: listenaddress listenport usew3afsite There are two ways of running this plugin, the most common one is to use w3afs site w3af.sf.net as the URL to include. This is convenient and requires zero...
ghdb
This plugin finds possible vulnerabilities using google. One configurable parameter exist: resultlimit Using the google hack database released by Exploit-DB.com, this plugin searches Google for possible vulnerabilities in the target domain. Special thanks go to the guys at...
http_auth_detect
This plugin greps every page and finds responses that indicate that the resource requires authentication. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...
BackBox Linux 2.01 released
BackBox Linux 2.01 released The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images 32bit & 64bit can be downloaded from the following location: What's new System upgrade...
w3af v.1.1 - Web Application Attack and Audit Framework Released
w3af v.1.1 - Web Application Attack and Audit Framework Released w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives. w3af i...
Rapid7 Security Advisory 37
R7-0037: SAP BusinessObjects Axis2 Default Admin Password October 13th, 2010 Description: The SAP BusinessObjects product contains a module dswsbobje.war which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port...
w3af (NASL wrapper)
This VT is deprecated. Copyright C 2009 Vlatko Kosturjak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it unde...
w3af (NASL wrapper)
This plugin uses w3af w3afconsole to be exact to find web security issues. See the preferences section for w3af options. Note that OpenVAS is using limited set of w3af options. Therefore, for more complete web assessment, you should use standalone w3af tool for deeper/customized checks. OpenVAS...