In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …
Tag Archives: information gathering
Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App
Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like: Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion …
Continue reading “Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App”
URLextractor : Information Gathering & Website Reconnaissance
URLextractor is a tool for Information Gathering & Website Reconnaissance. Following are some of the features of this tool; IP and hosting info like city and country (using FreegeoIP) DNS servers (using dig) ASN, Network range, ISP name (using RISwhois) Load balancer test Whois for abuse mail (using Spamcop) PAC (Proxy Auto Configuration) file Compares hashes to diff code …
Continue reading “URLextractor : Information Gathering & Website Reconnaissance”
Infog – Information Gathering Tool
InfoG is a Shellscript to perform Information Gathering. Infog Features Check Website info Check Phone info IP Tracker Check Valid E-mail Check if site is Up/Down Check internet speed Check Personal info Find IP behind Cloudflare Find Subdomains Port Scan (Multi-threaded) Check CMS Check DNS leaking Also ReadRemoteRecon – Remote Recon and Collection Usage git …
lbd – Tool to Detect Whether a Domain has Load Balancing Enabled
Load balancing(lbd) is the technique used in different services for balancing the load across different servers or NICs. It can be in any form. Load balancing can be done to evenly distribute workload through a series of Computer clusters. Or it can be used within a single system to balance connections across a set of …
Continue reading “lbd – Tool to Detect Whether a Domain has Load Balancing Enabled”
How to use Masscan to Enumerate Large Number of Hosts Quickly
Masscan has been around for some time now and already it’s in use by pentesters all around. It’s a reconnaissance tool which can transmit up to 10 million packets per second. It uses asynchronous transmission & a custom TCP/IP stack. So different threads are used for transmission & reception of packets. Masscan can be used to enumerate a …
Continue reading “How to use Masscan to Enumerate Large Number of Hosts Quickly”
Unicornscan – Network Scanning Tool to Find the Open Ports
Unicornscan is an asynchronous network stimulus delivery/response recording tool. Meaning it sends out broken/unorganized/fragmented packets (without a regular pattern unlike other port scanning tools) to a host and waits for the target’s response. After getting the response the TTL value is calculated for each port and thereby identifying the operating system. For eg, if the …
Continue reading “Unicornscan – Network Scanning Tool to Find the Open Ports”
Netdiscover – Live Host Identification
Netdiscover – simple ARP Scanner to scan for live hosts in a network Netdiscover is a simple ARP scanner that can be used to scan for live hosts in a network. It can scan for multiple subnets also. It simply produces the output in a live display(ncurse). This can be used in the first phases …
SQLMAP – Introduction & Automation of SQLi
Basic Operation of SQLMAP & enumeration of Server through automatic SQL Injection. SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very …
Continue reading “SQLMAP – Introduction & Automation of SQLi”
World Wide Live Attack Map & Analytics
Ever wanted to see live DOS attacks across the globe? There is a website from a security firm that shows live attacks from all over the globe including the protocol information, IP addresses and country. All this information is put together in a wonderful hacker-like map. Live attacks & traffic are shown once you start the …