Showing posts with label Netsparker. Show all posts

Netsparker v3.5.5 - Web Application Security Scanner

5:56 PM Netsparker, Network Scanner, Passive scanner, Scan, Scanner, Security Scanner, Web Application Security Scanner, Windows

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on.

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

NEW FEATURES
* New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS
* Improved the performance of the DOM Parser
* Improved the performance of the DOM cross-site scripting scanner
* Optimized DOM XSS Scanner to avoid scanning pages with same source code
* Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
* Improved selected element simulation for select HTML elements
* Added new patterns for Open Redirect engine

FIXES
* Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
* Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
* Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
* Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
* Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
* Fixed a bug in DOM Parser where events are not simulated for elements inside frames
* Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response

Download Netsparker v3.5.5

Netsparker v3.5 - Web Application Security Scanner

2:08 PM Netsparker, Network Scanner, Passive scanner, Scan, Scanner, Security Scanner, Web Application Security Scanner, Windows

Changelog - 3.5.3

NEW FEATURES

* DOM based cross-site scripting vulnerability scanning
* Chrome based web browser engine for DOM parsing
* URL rewrite rules configuration wizard (to scan parameters in URLs)
* "Ignore Vulnerability from Scan" option to exclude vulnerabilities from reports

NEW SECURITY TESTS

* Nginx web server Out-of-date version check
* Perl possible source code disclosure
* Python possible source code disclosure
* Ruby possible source code disclosure
* Java possible source code disclosure
* Nginx Web Server identification
* Apache Web Server identification
* Java stack trace disclosure

IMPROVEMENTS

* Improved the correctness and coverage of Remote Code Execution via Local File Inclusion vulnerabilities
* Improved cross-site scripting vulnerability confirmation patterns
* Added support for viewing JSON arrays in document roots in request/response viewers
* Added support for Microsoft Office ACCDB database file detection
* Improved DOM parser to exclude non-HTML files
* Improved PHP Source Code Disclosure vulnerability detection
* Improved Nginx Version Disclosure vulnerability template
* Improved IIS 8 Default Page detection
* Improved Email List knowledgebase report to include generic email addresses
* Improved Configure Form Authentication wizard by replacing embedded record browser with a Chrome based browser
* Improved the form authentication configuration wizard to handle cases where Basic/NTLM/Digest is used in conjunction with Form Authentication
* Added a cross-site scripting attack pattern which constructs a valid XHTML in order to trigger the XSS
* Added double encoded attack groups in order to reduce local file inclusion vulnerability confirmation requests
* Added status bar label which displays current VDB version and VDB version update notifications
* Added login activity indicator to Scan Summary Dashboard
* Added a new knowledgebase out-of-scope reason for links which exceed maximum depth
* Updated external references in cross-site scripting vulnerability templates
* Improved DOM parser by providing current cookies and referer to DOM/JavaScript context
* Added several new DOM events to simulate including keyboard events
* Improved the parsing of "Anti-CSRF token field names" setting by trimming each individual token name pattern
* Added support for simulating DOM events inside HTML frames/iframes
* Consolidated XSS exploitation function name (netsparker()) throughout all the areas reported
* Removed redundant semicolon followed by waitfor delay statements from time based SQLi attack patterns to bypass more blacklistings
* Changed default user-agent string to mimic a Chrome based browser
* Improved LFI extraction file list to extract files from target system according to detected OS
* Removed outdated PCI 1.2 classifications

FIXES

* Fixed indentation problem of bullets in knowledgebase reports
* Fixed path disclosure reports in MooTools JavaScript file
* Fixed KeyNotFoundException occurs when a node from Sitemap tree is clicked
* Fixed NullReferenceException thrown from Boolean SQL Injection Engine
* Fixed an issue in WebDav Engine where an extra parameter is added when requesting with Options method
* Fixed a bug where LFI exploitation does not work for double encoded paths
* Fixed a bug in Export file dialog where .nss extension isn't appended if file name ends with a known file extension
* Fixed a bug in Configure Form Authentication wizard where the number of scripts loaded shows incorrectly
* Fixed a bug which occurs while retesting with CSRF engine
* Fixed a bug where retest does not work after loading a saved scan session
* Fixed a bug where Netsparker reports out of date PHP even though PHP is up to date
* Fixed a UI hang where Netsparker tries to display a binary response in Browser View tab
* Fixed an ArgumentNullException thrown when clicking Heartbleed vulnerability
* Fixed a bug where Netsparker makes requests to DTD URIs in XML documents
* Fixed a bug in Scan Policy settings dialog where list of user agents are duplicated
* Fixed a typo in ViewState MAC Not Enabled vulnerability template
* Fixed a bug in auto updater where the updater doesn't honour the AutoPilot and Silent command line switches
* Fixed XSS exploit generation code to handle cases where input name is "submit"
* Fixed a bug that prevents Netsparker.exe process from closing if you try to close Netsparker immediately after starting a new scan
* Fixed a UI hang happens when the highlighted text is huge in response source code
* Fixed issues with decoded HTML attribute values in text parser
* Fixed session cookie path issues according to how they are implemented in modern browsers
* Fixed scan stuck at re-crawling issue for imported scan sessions
* Fixed highlighting issues for possible XSS vulnerabilities
* Fixed a crash due to empty/missing URL value for form authentication macro requests
* Fixed a NullReferenceException in Open Redirect Engine which occurs if redirect response is missing Location header
* Fixed an error in authentication macro sequence player happens when the request URI is wrong or missing

Download Netsparker v3.5

[Netsparker v3.2] Web Application Security Scanner

12:14 PM Cross-site Scripting, EN, Netsparker, Remote Code Execution, SQL Injection, Web Security Scanner, Windows

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.

The main highlight of this version is the web services scanner; now scan and identify vulnerabilities and security issues in web services automatically and easily.

Changelog v3.2

New Features

Ability to scan SOAP web services for security issues and vulnerabilities
Request and Response viewers to view HTTP requests/responses like XML and JSON tree views
New knowledge base node that will include all AJAX/XML HTTP Requests
New value matching options for form values other than regex pattern (exact, contains, starts, ends)
New report template for parsing source information Crawled URLs List (CSV)

New Security Checks

Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path
Added Programming Error Message vulnerability detection for SOAP faults
Added AutoComplete vulnerability for password inputs
NuSOAP version disclosure
NuSOAP version check

Improvements

Improved XSS vulnerability confirmation
Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources
Added latest version custom field for the version vulnerabilities
Added standard context menus to text editors
Sitemap tree will displan nodes of JSON, XML and SOAP requests and responses with no parameters
Added force option to form value settings to enforce user specified values
Optimized attack patterns for JSON and XML attacks by reducing attack requests
Optimized Common Directories list and removed the limit for Extensive Security Checks policy
Improved the license dialog to show whether a license is missing or expired

Fixes

Fixed update dialog to not show on autopilot mode
Fixed an interim auto update crash
Fixed typo in Out of Scope Links knowledge base report template
Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation
Fixed Controlled Scan button disabled issue for some sitemap nodes
Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template
Fixed form authentication wizard to use user agent set on currently selected policy
Fixed zero response time issue for some sitemap nodes
Fixed dashboard progress bar showing 100%
Fixed random crashes on license dialog while loading license file or closing dialog
Fixed Microsoft Anti-XSS Library links on vulnerability references

Download Netsparker v3.2

[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner

10:18 PM EN, Netsparker, Scan, Scanner, Windows

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.

Changelog v3.0.2.0

New Features

Scan Policy Editor that allows you to build own scan policies for more efficient web application security scans.
Oracle CHR encoding and decoding facility in the Encoder pane
Support for multiple exclude and include URL patterns which can also be specified in REGEX
Knowledge base node where additional information about the scanned website is reported to the user
New PCI Compliance Report template

New Security Tests

Ruby on Rails Remote Code Execution vulnerability
Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal)
Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server
Identification of phpMyAdmin and Webalizer
Detection of SHTML error messages that could disclose sensitive information
New WebDAV engine that detects WebDAV implementation security issues and vulnerabilities
Server-Side Includes (SSI) Injection checks

Improvements

Default include and exclude URL pattern has been improved
DOM Parser now supports proxies and client certification support
The performance of the Controlled Scan user interface has been improved
HTTP Response text editor automatically scrolls to the first highlighted text when viewed
Improved vulnerability classifications
Vulnerability templates text has been improved
Updated the look and feel of the vulnerability templates
Version vulnerability database updated with new web applications version for better finger printing
Cross-site scripting exploit generation improved
Improved confirmed vulnerability representation on Detailed Scan Report
Internal Path Disclosure for Windows and Unix security tests have been improved
Improved version disclosure security tests for Perl and ASP.NET MVC
Start a Scan user interface by moving rarely used settings to Netsparker general settings
Improved the performance of security scans which are started using the same Netsparker process
Scope documentation text has been updated
Updated WASC links to point to the exact threat classification page
Improved custom 404 detection on sites where the start URL is redirected

Bug Fixes

Fixed a bug in XSS report templates where plus char encoding was wrong
Fixed a bug which causes multibyte unicode characters to be corrupted upon retrieval
Fixed a bug where “Auto Complete Enabled” isn’t reported
Fixed a bug where Community Edition was asking for exporting sessions
Fixed a bug causes redundant responses to be stored on redirects
Fixed a bug causing a NullReferenceException during reporting
Fixed a bug where custom cookies are not preserved when an exported session is imported
Fixed a bug on report templates where extra fields were missing when there are multiple fields
Fixed the radio button overlap issue on Encoder panel for high DPIs
Fixed an issue where CSRF tokens weren’t applied for time based (blind) engines in late confirmation
Fixed an issue where data grids on Settings dialog were preventing to cancel the dialog when an invalid row is present
Fixed an issue where some logouts occurred on attack phase couldn’t be detected
Fixed a bug which causes requests to URLs containing text HTMLElementInputClass
Fixed a bug where the injection request/response could be clipped wrong in the middle of HTML tags
Fixed the size of the Configure Authentication wizard for higher DPIs
Fixed an issue with CLI interpretation where built-in profiles couldn’t be specified
Fixed the COMException thrown on Configure Authentication wizard on pages that contain JavaScript calls to window.close()
Fixed clipped text issue on scan summary dashboard severity bar chart
Fixed the anchors to vulnerability details in OWASP Top Ten 2010 report template
Fixed incorrect buttons sizes on message dialogs on high DPI settings
Fixed a startup crash which occurs on systems where “Use FIPS compliant algorithms for encryption, hashing, and signing” group policy setting is enabled
Fixed click sounds on vulnerability view tab
Fixed an issue where find next button was not working on HTTP Request / Response tab
Fixed a bug on Configure Authentication wizard occurs when the response contains multiple headers with same names

Note: Due to major updates to the scan files, Netsparker version 3 cannot open scans exported with previous versions of Netsparker (.nss files).

Full Changelog: here

Download Netsparker v3.0.2.0

[Netsparker Community Edition v2.5.2.0] Released!

8:30 AM EN, Netsparker, Scan, Scanner, SQLi, Windows

Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.

It shares many features with professional edition. It can detect SQL Injection and XSS issues better than many other scanners (if not all), and it’s completely FREE.

Netsparker can scan for lots of web security vulnerabilities, this free version of Netsparker is a great SQL injection scanner. It can scan and exploit SQL Injection vulnerabilities in different back-end databases with really high accuracy and without any false-positives. Netsparker is the best SQL Injection Scanner among the all commercial, free and open source web vulnerability scanner according to 3rd party benchmark by finding 98.53% of all SQL Injections in tests1^.

Netsparker CE features

False-Positive Free
AjAX/JavaScript Supp0rt
Hassle Free Licensing
Heuristic Cust0m 4o4 Support
Free Automated Updates
Error Based SqL Injection
Boolean Based SQL Injection
Reflective Cross-site ScriptIng (xss)
Permanent/St0red Cross-site Scripting (XSS)
and many more

Security Checks that come with CE

Error Based SQL Injection
Boolean Based SQL Injection
Time Based Blind SQL Injection
Local File Inclusion
Remote File Inclusions
Remote Code Injection / Evaluation
Cross-site Scripting (XSS) via RFI
Reflective Cross-site Scripting (XSS)
Permanent/Stored Cross-site Scripting (XSS)
OS Level Command Injection
CRLF / HTTP Header Injection / Response Splitting
Open Redirect
Find Backup Files
Crossdomain.xml Analysis
Finds and Analyse Potential Issues in Robots.txt
Finds and Analyse Google Sitemap Files
Detect TRACE / TRACK Method Support
Detect ASP.NET Debugging
Detect ASP.NET Trace
ASP.NET ViewState Analysis
ViewState is not Signed
ViewState is not Encrypted
Post Exploitation Checks
E-mail Address Disclosure
Internal IP Disclosure
Cookies are not marked as Secure
Cookies are not marked as HTTPOnly
Directory Listing
Stack Trace Disclosure
Version Disclosure
Access Denied Resources
Internal Path Disclosure
Programming Error Messages
Database Error Messages
CVS, GIT and SVN Information and Source Code Disclosure
Find PHPInfo() pages and PHPInfo() disclosures
Apache Server-Status and Apache Server-Info pages
Find Hidden Resources
Basic Authentication over HTTP
Password Transmitted over HTTP
Password Form Served over HTTP
Source Code Disclosure
Auto Complete Enabled

Download

Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Hacking Và Penetration Test Với Metasploit

Tài Liệu Computer Forensic Của C50

Sinh Viên Với Hacking Và Bảo Mật Thông Tin