In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …
Tag Archives: infogathering
lbd – Tool to Detect Whether a Domain has Load Balancing Enabled
Load balancing(lbd) is the technique used in different services for balancing the load across different servers or NICs. It can be in any form. Load balancing can be done to evenly distribute workload through a series of Computer clusters. Or it can be used within a single system to balance connections across a set of …
Continue reading “lbd – Tool to Detect Whether a Domain has Load Balancing Enabled”
Arping – To Discover Hosts on a Computer Network
Arping is a computer software tool that is used to discover hosts on a computer network. The program tests whether a given IP address is in use on the local network, and can get additional information about the device using that address. Arping operates work at the layer 2 (or the link layer of the …
Continue reading “Arping – To Discover Hosts on a Computer Network”
How to use Masscan to Enumerate Large Number of Hosts Quickly
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million packets per second. It uses asynchronous transmission & a custom TCP/IP stack. So different threads are used for transmission & reception of packets. Masscan can be used to enumerate a …
Continue reading “How to use Masscan to Enumerate Large Number of Hosts Quickly”
Unicornscan – Network Scanning Tool to Find the Open Ports
Unicornscan is an asynchronous network stimulus delivery/response recording tool. Meaning it sends out broken/unorganized/fragmented packets (without a regular pattern unlike other port scanning tools) to a host and waits for the target’s response. After getting the response the TTL value is calculated for each port and thereby identifying the operating system. For eg, if the …
Continue reading “Unicornscan – Network Scanning Tool to Find the Open Ports”
Fragroute – A Network Packet Fragmentation & Firewall Testing Tool
Fragroute intercepts modify and rewrite egress traffic destined for the specified host. Simply frag route fragments packets originating from our(attacker) system to the destination system. Its used by security personnel or hackers for evading firewalls, avoiding IDS/IPS detections & alerts etc. Also, pentesters use it to gather information from a highly secured remote host. Options …
Continue reading “Fragroute – A Network Packet Fragmentation & Firewall Testing Tool”
Netdiscover – Live Host Identification
Netdiscover – simple ARP Scanner to scan for live hosts in a network Netdiscover is a simple ARP scanner that can be used to scan for live hosts in a network. It can scan for multiple subnets also. It simply produces the output in a live display(ncurse). This can be used in the first phases …
SQLMAP – Introduction & Automation of SQLi
Basic Operation of SQLMAP & enumeration of Server through automatic SQL Injection. SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very …
Continue reading “SQLMAP – Introduction & Automation of SQLi”
World Wide Live Attack Map & Analytics
Ever wanted to see live DOS attacks across the globe? There is a website from a security firm that shows live attacks from all over the globe including the protocol information, IP addresses and country. All this information is put together in a wonderful hacker-like map. Live attacks & traffic are shown once you start the …
parasite6 – Redirect all IPv6 traffic through your attacker machine
Redirect all IPv6 traffic through your attacker machine with parasite6 Parasite6 is the arpspoof in IPv6 networks and also a part of the THC-IPv6 tools suite. As always they have made it very simple & effective. Parasite6 just spoofs the neighbor advertisement & solicitation packets. Specifically, it advertises that the attacker machine is the router …
Continue reading “parasite6 – Redirect all IPv6 traffic through your attacker machine”