VBScan – OWASP Is A Black Box vBulletin Vulnerability Scanner
OWASP VBScan (short for ulletin Vulnerability ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analysis them . If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! VBScan Usage ./vbscan.pl <target> ./vbscan.pl http://target.com/vbulletin Also ReadHUNT – Burp Suite Pro/Free and OWASP ZAP Extensions OWASP VBScan 0.1.7 introduction https://www.youtube.com/watch?v=SirozqDYERA Credit: Mohammad Reza...
PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine
PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS. The plugin has several settings that a user can define depending on their hardware setup. PhantomJS WebDrivers The number of Firefox headless browsers to open. Be mindful of Burp Suite's memory settings HTTP Response Parsers These are responsible for parsing requests generated by the...
Headless Burp – Automate security tests using Burp Suite
Headless Burp provides an extension to Burp that allows you to run Burp Suite's Spider and Scanner tools in headless mode via command-line. However, it can do more! It can produce a JUnit like report which in turn could instruct the CI server to mark the build as "failed" whenever any vulnerabilities are found. You can also mark some issues...
Firework – Tool To Interact With Microsoft Workplaces Creating Valid Files
Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may be used as part of a penetration test or red team...
HUNT – Burp Suite Pro/Free and OWASP ZAP Extensions
HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free). HUNT Parameter Scanner - Vulnerability Classes SQL Injection Local/Remote File Inclusion & Path Traversal Server Side Request Forgery & Open Redirect OS Command Injection Insecure...
MalwareCMDMonitor – Shows Command Lines Used By Latest Instances Analyzed On Hybrid-Analysis
By using MalwareCMDMonitor python script, you can observe the commands of the latest malware instances executed on hybrid-analysis.com sandbox. In a nutshell, it downloads the HA feed and then retrieves commands of unseen instances; the ones that did not appear in the previous feeds. Also ReadJava-Stager : A PoC To Download, Compile & Execute A Java File In Memory Running The...
SQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
SQLMap v1.2.9 is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the...
Peda – Python Exploit Development Assistance for GDB
PEDA is a python exploit development assistance for GDB. Features Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Add commands to support debugging and exploit development (for a full list of commands use peda help): aslr -- Show/set ASLR setting of GDB checksec -- Check for various security options of binary dumpargs --...
KisMac2 – Free Open Source Wireless Stumbling & Security Tool For Mac OS X
KisMAC2 is a free, open source wireless stumbling and security tool for Mac OS X. This project, is an active project to continue where original development of KisMac has stopped. The Trac for the original KisMac is at http://trac.kismac-ng.org Also ReadScrounger – Mobile Application Testing Toolkit What's new: Mac OS 10.9 - 10.12 (64-bit only) ARC (64-bit only) New GUI Modern Objective-c...
Java-Stager : A PoC To Download, Compile & Execute A Java File In Memory
A PoC Java-Stager which can download, compile, and execute a Java file in memory. The key parts of the talk for me are: Load a Stager onto victim (touches disk, but is a benign binary) Stager downloads raw code over HTTP (which stays in memory) Stager compiles raw code (also in memory) Stager then executes compiled code (also in memory) Also...
