Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Showing posts with label OWASP Xenotix XSS Exploit Framework. Show all posts
Showing posts with label OWASP Xenotix XSS Exploit Framework. Show all posts

OWASP Xenotix XSS Exploit Framework 6

6:43 PM  , , , , , , ,  


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be. It is claimed to have the world’s 2nd largest XSS Payloads of about 4800+ distinctive XSS Payloads. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes real world offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.


Features

SCANNER MODULES
  • GET Request Manual Mode
  • GET Request Auto Mode
  • Multiple Parameter Scanner
  • GET Request Fuzzer
  • POST Request Fuzzer
  • Advanced Request Fuzzer
  • OAuth 1.0a Request Scanner
  • DOM Scanner
  • Hidden Parameter Detector
INFORMATION GATHERING MODULES
  • WAF Fingerprinting
  • Victim Fingerprinting
    • IP to Location
    • IP to GeoLocation
  • Network
    • Network IP (WebRTC)
    • Ping Scan
    • Port Scan
    • Internal Network Scan
  • Browser
    • Fingerprinting
    • Features Detector
EXPLOITATION MODULES
  • Send Message
  • Cookie Thief
  • Keylogger
  • HTML5 DDoSer
  • Load File
  • Grab Page Screenshot
  • JavaScript Shell
  • Reverse HTTP WebShell
  • Metasploit Browser Exploit
  • Social Engineering
    • Phisher
    • Tabnabbing
    • Live WebCam Screenshot
    • Download Spoofer
    • Geolocation HTML5 API
    • Java Applet Drive-By (Windows)
    • Java Applet Drive-By Reverse Shell (Windows)
    • HTA Network Configuration (Windows, IE)
    • HTA Drive-By (Windows, IE)
    • HTA Drive-By Reverse Shell (Windows, IE)
  • Firefox Addons
    • Reverse TCP Shell Addon (Windows, Persistent)
    • Reverse TCP Shell Addon (Linux, Persistent)
    • Session Stealer Addon (Persistent)
    • Keylogger Addon (Persistent)
    • DDoSer Addon (Persistent)
    • Linux Credential File Stealer Addon (Persistent)
    • Drop and Execute Addon (Persistent)
AUXILIARY MODULES
  • WebKit Developer Tools
  • Encoder/Decoder
  • JavaScript Encoders
    • JSFuck 6 Char Encoder
    • jjencode Encoder
    • aaencode Encoder
  • JavaScript Beautifier
  • Hash Calculator
  • Hash Detector
  • View Injected JavaScript
  • View XSS Payloads
XENOTIX SCRIPTING ENGINE
  • Xenotix API
  • IronPython Scripting Support
  • Trident and Gecko Web Engine Support 

Read More

OWASP Xenotix XSS Exploit Framework v5

3:18 PM  , , , , , , , ,  


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1600+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Following are the V5 Additions

  • Xenotix Scripting Engine
  • Xenotix API
  • V4.5 Bug Fixes
  • GET Network IP (Information Gathering)
  • QR Code Generator for Xenotix xook
  • HTML5 WebCam Screenshot(Exploitation Module)
  • HTML5 Get Page Screenshot (Exploitation Module)
  • Find Feature in View Source.
  • Improved Payload Count to 1630
  • Name Changes

Xenotix Scripting Engine and API


This release features the Xenotix Scripting Engine that works on the top of Xenotix API. The Scripting Engine helps you to create tools and test cases on the go based on your requirements. There are situations when you have to go the manual way and since the ruleset set of an automated tool is not applicable in certain situations. Xenotix Scripting Engine powered by Xenotix API come into your rescue. Now you can make sure your tool works based on your requirements. Apply your Python scripting skills on the latest Scripting Engine.
Xenotix API features
  • 1630 XSS Detection Payloads.
  • An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS Vulnerability Detection.
  • Analyze Response in Trident and Gecko Web Engines to make sure that there are no false positives.
  • Interact with Web Engines from the scope of a Python Script.
  • Make GET and POST Requests with one liner codes.

 Reguirements

Read More

OWASP Xenotix XSS Exploit Framework v4.5

1:34 PM  , , , , , , , ,  


Version 4.5 Additions
  • JavaScript Beautifier
  • Pause and Resume support for Scan
  • Jump to Payload
  • Cookie Support for POST Request
  • Cookie Support and Custom Headers for Header Scanner
  • Added TRACE method Support
  • Improved Interface
  • Better Proxy Support
  • WAF Fingerprinting
  • Load Files
  • Hash Calculator
  • Hash Detector

Read More

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

6:27 PM  , , , , , , ,  


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.


SCANNER MODULES

  • Manual Mode Scanner
  • Auto Mode Scanner
  • DOM Scanner
  • Multiple Parameter Scanner
  • POST Request Scanner
  • Header Scanner
  • Fuzzer
  • Hidden Parameter Detector

INFORMATION GATHERING MODULES

  • Victim Fingerprinting
  • Browser Fingerprinting
  • Browser Features Detector
  • Ping Scan
  • Port Scan
  • Internal Network Scan

EXPLOITATION MODULES

  • Send Message
  • Cookie Thief
  • Phisher
  • Tabnabbing
  • Keylogger
  • HTML5 DDoSer
  • Executable Drive By
  • JavaScript Shell
  • Reverse HTTP WebShell
  • Drive-By Reverse Shell
  • Metasploit Browser Exploit
  • Firefox Reverse Shell Addon (Persistent)
  • Firefox Session Stealer Addon (Persistent)
  • Firefox Keylogger Addon (Persistent)
  • Firefox DDoSer Addon (Persistent)
  • Firefox Linux Credential File Stealer Addon (Persistent)
  • Firefox Download and Execute Addon (Persistent)

UTILITY MODULES

  • WebKit Developer Tools
  • Payload Encoder 

Read More

[OWASP Xenotix XSS Exploit Framework v4 2013] Herramienta para detectar errores de Cross Site Scripting (XSS)

5:00 PM  , , , , , , , ,  


OWASP Xenotix XSS Exploit Framework es un herramienta para detectar errores de Cross Site Scripting (XSS). Xenotic ofrece un scanner triple para los motores de renderizado Trident de IE, WebKit de Chrome, Safari y Opera y Gecko de Mozilla Firefox y tiene más de 1.500 payloads distintivos para detectar eficientemente vulnerabilidades XSS y sobrepasar los WAF más utilizados.

Además, incorpora un módulo de recopilación de información para realizar reconocimiento del objetivo e incluye módulos de explotación ofensivos para realizar pruebas de penetración y pruebas de concepto sobre el mismo.

Módulos de escaneo

  • Manual Mode Scanner
  • Auto Mode Scanner
  • DOM Scanner
  • Multiple Parameter Scanner
  • POST Request Scanner
  • Header Scanner
  • Fuzzer
  • Hidden Parameter Detector 

Information Gathering

  • Victim Fingerprinting
  • Browser Fingerprinting
  • Browser Features Detector
  • Ping Scan
  • Port Scan
  • Internal Network Scan

Explotación

  • Send Message
  • Cookie Thief
  • Phisher
  • Tabnabbing
  • Keylogger
  • HTML5 DDoSer
  • Executable Drive By
  • JavaScript Shell
  • Reverse HTTP WebShell
  • Drive-By Reverse Shell
  • Metasploit Browser Exploit
  • Firefox Reverse Shell Addon (Persistent)
  • Firefox Session Stealer Addon (Persistent)
  • Firefox Keylogger Addon (Persistent)
  • Firefox DDoSer Addon (Persistent)
  • Firefox Linux Credential File Stealer Addon (Persistent)
  • Firefox Download and Execute Addon (Persistent)

Utilidades

  • WebKit Developer Tools
  • Payload Encoder 

Desde aquí se puede descargar el paper de su autor, ver los videos introductorios y la herramienta.


Read More
Subscribe to: Posts (Atom)