Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Showing posts with label Arachni. Show all posts
Showing posts with label Arachni. Show all posts

Arachni v1.0 - Web Application Security Scanner Framework

2:00 PM  , , , , , ,  


Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. 

It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly. 

Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. 

Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.


Read More

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework

9:30 PM  , , , , , ,  


Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.

Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling

through the paths of a web application’s cyclomatic complexity.

This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.


Changelog

Framework v0.4.6
  • Massively decreased RAM consumption.
  • Amount of performed requests cut down by 1/3 — and thus 1/3 decrease in scan times.
  • Overhauled timing attack and boolean/differential analysis algorithms to fix SQLi false-positives with misbehaving webapps/servers.
  • Vulnerability coverage optimizations with 100% scores on WAVSEP’s tests for:
    • SQL injection
    • Local File Inclusion
    • Remote File Inclusion
    • Non-DOM XSS — DOM XSS not supported until Arachni v0.5.
WebUI v0.4.3
  • Implemented Scan Scheduler with support for recurring scans.
  • Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.

Read More

[Arachni v0.4.5.1-0.4.2] Open Source Web Application Security Scanner Framework

4:39 PM  , , , , ,  


Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit.

Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible security/vulnerability assessments. More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most aspects to meet most needs.


New Changes

  • Optimized pattern matching to use less resources by grouping patterns to only be matched against the per-platform payloads. Bottom line, pattern matching operations have been greatly reduced overall and vulnerabilities can be used to fingerprint the remote platform.
  • Modules
    • Path traversal ( path_traversal)
      • Updated to use more generic signatures.
      • Added dot-truncation for MS Windows payloads.
      • Moved non-traversal payloads to the file_inclusion module.
    • File inclusion ( file_inclusion) — Extracted from path_traversal.
      • Uses common server-side files and errors to identify issues.
    • SQL Injection ( sqli) — Added support for the following databases:
      • Firebird
      • SAP Max DB
      • Sybase
      • Frontbase
      • IngresDB
      • HSQLDB
      • MS Access
    • localstart_asp — Checks if localstart.asp is accessible.
  • Plugins — Added:
    • Uncommon headers ( uncommon_headers) — Logs uncommon headers.

Read More

[Arachni v0.4.4] The Web Application Security Scanner Framework

9:48 PM  , , , , ,  


Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit.

Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible security/vulnerability assessments. More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most aspects to meet most needs.


Modules

There are new passive (recon) and active (audit) modules along with big coverage improvements for existing ones.

Recon

New

  • X-Forwarded-For Access Restriction Bypass ( x_forwarded_for_access_restriction_bypass)
    • Retries denied requests with a X-Forwarded-For header to try and trick the web application into thinking that the request originates from localhost and checks whether the restrictions were bypassed.
  • Form-based upload ( form_upload)
    • Flags file-upload forms as they require manual testing.

Improved

  • .htaccess LIMIT misconfiguration ( htaccess_limit)
    • Updated to use verb tampering as well.

Audit

New

  • Source code disclosure ( source_code_disclosure)
    • Checks whether or not the web application can be forced to reveal source code.
  • Code execution via the php://input wrapper ( code_execution_php_input_wrapper)
    • It injects PHP code into the HTTP request body and uses the php://input wrapper to try and load it.

Improved

  • Blind SQL Injection (Boolean/Differential analysis) ( sqli_blind_rdiff)
    • Improved accuracy of results.
  • Path traversal ( path_traversal)
    • Severity set to “High”.
    • Updated to start with / and go all the way up to /../../../../../../.
    • Added fingerprints for /proc/self/environ.
    • Improved coverage for MS Windows.
  • Remote file inclusion ( rfi)
    • Updated to handle cases where the web application appends its own extension to the injected string.


Read More

[Arachni v0.4.3] Ruby framework aimed towards helping penetration testers

10:13 PM  , , , ,  

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.

Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity.

This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.



Changelog v0.4.3

Framework (v0.4.3)
  • Stable multi-Instance scans, taking advantage of SMP/Grid architectures for higher efficiency and performance.
  • Automated Grid load-balancing.
  • Platform fingerprinting for tailor-made audits resulting in less bandwidth consumption, less server stress and smaller scan runtimes.
Web User Interface (v0.4.1)
  • Support for PostgreSQL.
  • Support for importing data and configuration from the previous 0.4.2-0.4 packages.
Packages
  • Downgraded to require GLIBC >= 2.12 for improved portability.
More Information: here

Read More

[Arachni v0.4.2] web application security scanner (Boosted with new UI)

4:29 PM  , , , , , ,  

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.


It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform

Features

  • Cookie-jar/cookie-string support.
  • Custom header support.
  • SSL support.
  • User Agent spoofing.
  • Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
  • Proxy authentication.
  • Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and others).
  • Automatic log-out detection and re-login during the audit (when the initial login was performed via the AutoLogin plugin).
  • Custom 404 page detection.
  • UI abstraction:
  • Pause/resume functionality.
  • High performance asynchronous HTTP requests.
      With adjustable concurrency.


Major improvements with 0.4.2


Users

Regular users can enjoy:
  • The ability to easily perform and manage scans via the brand new, Rails-based, simple, intuitive and beautiful web user interface — I’m overselling it a bit out of excitement.
  • Much reduced RAM usage.
  • More fluid and smoother progress %.
  • Issue remarks – Providing extra context to logged issues and assisting you in determining the nature, variation and special circumstances that may apply.
  • More resilient stance towards non-responsive servers.
  • Much improved profiling and detection of custom 404 responses.
  • Improved payloads for Windows machines for path traversal and OS command injection.
  • The ability to exclude pages from the scan based on content.


Developers

Oh you devs out there controlling Arachni via RPC are gonna love these:
  • Default serialization changed to Marshal, which translates to much faster and less bandwidth consuming RPC calls.
    • YAML serialization is still supported and it is an automatic fallback, YAML requests will still illicit a YAML response. Careful though, the engine has been changed to Psych, which has been the Ruby default for a while now.
  • A bunch of convenience methods have been added to Arachni::RPC::Server::Instance, allowing you to perform and control scans much easier than before.
  • More data returned for logged Issues during runtime.


Service providers

Well, you get to enjoy all of the above but at a higher, more abstract level:
  • Significantly reduced RAM consumption.
  • Significantly reduced bandwidth and CPU usage for RPC calls.
  • Improved progress information for statistics, issues and progress %.

Read More
Subscribe to: Posts (Atom)