Acunetix Online Vulnerability Scanner

Acunetix Online Vulnerability Scanner acts as a virtual security officer for your company, scanning your websites, including integrated web applications, web servers and any additional perimeter servers for vulnerabilities. And allowing you to fix them before hackers exploit the weak points in your IT infrastructure!

Leverages Acunetix leading web application scanner

Building on Acunetix’ advanced web scanning technology, Acunetix OVS scans your website for vulnerabilities – without requiring to you to license, install and operate Acunetix Web Vulnerability scanner. Acunetix OVS will deep scan your website – with its legendary crawling capability – including full HTML 5 support, and its unmatched SQL injection and Cross Site Scripting finding capabilities.

Unlike other online security scanners, Acunetix is able to find a much greater number of vulnerabilities because of its intelligent analysis engine – it can even detect DOM Cross-Site Scripting and Blind SQL Injection vulnerabilities. And with a minimum of false positives. Remember that in the world of web scanning its not the number of different vulnerabilities that it can find, its the depth with which it can check for vulnerabilities. Each scanner can find one or more SQL injection vulnerabilities, but few can find ALMOST ALL. Few scanners are able to find all pages and analyze all content, leaving large parts of your website unchecked. Acunetix will crawl the largest number of pages and analyze all content.

Utilizes OpenVAS for cutting edge network security scanning

And Acunetix OVS does not stop at web vulnerabilities. Recognizing the need to scan at network level and wanting to offer best of breed technology only, Acunetix has partnered with OpenVAS – the leading network security scanner. OpenVAS has been in development for more then 10 years and is backed by renowned security developers Greenbone. OpenVAS draws on a vulnerability database of thousands of network level vulnerabilities. Importantly, OpenVAS vulnerability databases are always up to date, boasting an average response rate of less than 24 hours for updating and deploying vulnerability signatures to scanners.

Start your scan today

Getting Acunetix on your side is easy – sign up in minutes, install the site verification code and your scan will commence. Scanning can take several hours, depending on the amount of pages and the complexity of the content. After completion, scan reports are emailed to you – and Acunetix Security Consultants are on standby to explain the results and help you action remediation. For a limited time period, 2 full Network Scans are included for FREE in the 14-day trial. 

Acunetix Online Vulnerability Scanner

Read More

Nipper - Toolkit Web Scan for Android

La Primera herramienta de escáner de vulnerabilidades WEB, En entorno Android (Versión para iOS en desarrollo), este escáner de vulnerabilidad fue enfocado para CMS más usadas, (WordPress, Drupal, Joomla. Blogger ).

En su primera versión Nipper cuenta con 10 módulos distintos, para recopilar información acerca de un URL en específica.

Su interfaz ha sido pensada para que tan solo con unos “toques” en su interfaz extraerías gran parte de su información.

Módulos Disponibles:

• IP Server
• CMS Detect & Version
• DNS Lookup
• Nmap ports IP SERVER
• Enumeration Users
• Enumeration Plugins
• Find Exploit Core CMS
• Find Exploit DB
• CloudFlare Resolver

Nipper NO requiere ROOT, tan solo requiere permiso a internet.

Compatible desde 2.3 a Android L.

Download Nipper

Read More

MASSCAN - Mass IP port scanner (fastest Internet port scanner)

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

This tool is free, but consider funding it here: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T

Building

On Debian/Ubuntu, it goes something like this:

$ sudo apt-get install git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make

This puts the program in the masscan/bin subdirectory. You'll have to manually copy it to something like /usr/local/bin if you want to install it elsewhere on the system.

The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build:

$ make -j

While Linux is the primary target platform, the code runs well on many other systems. Here's some additional build info:

• Windows w/ Visual Studio: use the VS10 project
• Windows w/ MingGW: just type make
• Windows w/ cygwin: won't work
• Mac OS X /w XCode: use the XCode4 project
• Mac OS X /w cmdline: just type make
• FreeBSD: type gmake
• other: I don't know, don't care

Usage

Usage is similar to nmap. To scan a network segment for some ports:

# masscan -p80,8000-8100 10.0.0.0/8

This will:

• scan the 10.x.x.x subnet, all 16 million addresses
• scans port 80 and the range 8000 to 8100, or 102 addresses total
• print output to <stdout> that can be redirected to a file

To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:

# masscan -p80,8000-8100 10.0.0.0/8 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000

Download MASSCAN

Read More

Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Nmap is ...

• Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
• Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
• Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
• Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
• Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
• Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
• Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
• Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press pagefor further details.
• Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.  

Changelog Nmap 6.47:

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
  (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
  Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
  OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
  Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]

o (Windows, RPMs) Upgraded the included OpenSSL to version 1.0.1i. [Daniel Miller]

o (Windows) Upgraded the included Python to version 2.7.8. [Daniel Miller]

o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
  was added in 6.45, and resulted in trouble for Nmap XML parsers without
  network access, as well as increased traffic to Nmap's servers. The doctype
  is now:
  

o [Ndiff] Fixed the installation process on Windows, which was missing the
  actual Ndiff Python module since we separated it from the driver script.
  [Daniel Miller]

o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
  which was giving the error, "\Microsoft was unexpected at this time." See
  https://support.microsoft.com/kb/2524009 [Daniel Miller]

o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
  producing this error:
    Could not import the zenmapGUI.App module:
    'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
    Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
    Referenced from:
    /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
    Reason: image not found'.

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
  being written in the wrong place, so authentication could not succeed.
  Reported with patch by Pierluigi Vittori.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
  this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]

o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
  installed. Python tries to be nice and loads it when we import xml, but it
  isn't compatible. Instead, we force Python to use the standard library xml
  module. [Daniel Miller]

o Handle ICMP admin-prohibited messages when doing service version detection.
  Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
  callback.  Error code: 101 (Network is unreachable) [David Fifield]

o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]

o [Zenmap] Fix a bug in DiffViewer causing this crash:
     TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
     buffer, not NmapParserSAX
  Crash happened when trying to compare two scans within Zenmap. [Daniel Miller]

Download Nmap 6.47

Read More

Netsparker v3.5.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on. 

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

NEW FEATURES 
* New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS 
* Improved the performance of the DOM Parser
* Improved the performance of the DOM cross-site scripting scanner
* Optimized DOM XSS Scanner to avoid scanning pages with same source code
* Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
* Improved selected element simulation for select HTML elements
* Added new patterns for Open Redirect engine

FIXES 
* Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
* Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
* Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
* Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
* Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
* Fixed a bug in DOM Parser where events are not simulated for elements inside frames
* Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response

Download Netsparker v3.5.5

Read More

FuckShitUp - Multi Vulnerabilities Scanner written in PHP

Basically, FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url's using search engines - and so, dork for interesting files and full path disclosures. Using list of url's, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files - just like url's, and any other files. FSU is based on PHP and text files, it's still under construction so i am aware of any potential bugs. Principle of operation is simple.

More url's -> more vuln's. For educational purposes only.

Intro

• Data grabbing:
  • URL's (geturl/massurl) -> (scan)
  • Configs, Databases, SQLi's (dork)
  • Full Path Disclosures / Users (fpds) -> (brutefpds)
  • Top websites info (top)
• Massive scanning
  • XSS, SQLi, LFI, RFI (scan)
  • FTP, SSH, DB's, IMAP (multibruter)
  • Accurate SSH bruteforce (brutefpds)

Plan

• Web Apps
  • Grab url's via 'geturl' or 'massurl' (massurl requires list of tags as file)
  • Scan url's parameters for vulns with 'scan'
• Servers
  • Pick target, get ip range
  • Scan for services on each IP and bruteforce with 'multibruter'
  • Grab full path disclosures, and so linux usernames
  • Perform SSH bruteforce for specific user with 'brutefpds'
• Info grabbing
  • Use 'dork' for automatic dorking
  • Use 'fpds' for full path disclosure grabbing
  • Use 'search' for searching someone in ur databases
  • Use 'top' for scanning all top websites of specific nation
• Others
  • 'Stat' shows actual statistics and informations
  • 'Show' display specific file
  • 'Clear' and 'filter' - remove duplicates, remove blacklisted url's

Others

MultiBrtuer requirements (php5):

• php5-mysql - for mysql connections
• php5-pgsql - for postgresql connections
• libssh2-php - for ssh connections
• php5-sybase - for mssql connections
• php5-imap - for imap connections

TODO:

• Fix problems with grabbing large amount of url's
• More search engines
• SQL Injector
• RFI shell uploader
• FSU is not secure as it should be

Download FuckShitUp

Read More

aNmap - Android Network Mapper (Nmap for Android)

Nmap is one of the most improtant tools for every cracker (white, grey black hat "hacker"). Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But now its available at android platform too. It is compiled from real Nmap source code by some developers to provide the support for android devices.

Download aNmap

Read More

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on. 

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

Changelog - 3.5.3

NEW FEATURES

* DOM based cross-site scripting vulnerability scanning
* Chrome based web browser engine for DOM parsing
* URL rewrite rules configuration wizard (to scan parameters in URLs)
* "Ignore Vulnerability from Scan" option to exclude vulnerabilities from reports

NEW SECURITY TESTS

* Nginx web server Out-of-date version check
* Perl possible source code disclosure
* Python possible source code disclosure
* Ruby possible source code disclosure
* Java possible source code disclosure
* Nginx Web Server identification
* Apache Web Server identification
* Java stack trace disclosure

IMPROVEMENTS

* Improved the correctness and coverage of Remote Code Execution via Local File Inclusion vulnerabilities
* Improved cross-site scripting vulnerability confirmation patterns
* Added support for viewing JSON arrays in document roots in request/response viewers
* Added support for Microsoft Office ACCDB database file detection
* Improved DOM parser to exclude non-HTML files
* Improved PHP Source Code Disclosure vulnerability detection
* Improved Nginx Version Disclosure vulnerability template
* Improved IIS 8 Default Page detection
* Improved Email List knowledgebase report to include generic email addresses
* Improved Configure Form Authentication wizard by replacing embedded record browser with a Chrome based browser
* Improved the form authentication configuration wizard to handle cases where Basic/NTLM/Digest is used in conjunction with Form Authentication
* Added a cross-site scripting attack pattern which constructs a valid XHTML in order to trigger the XSS
* Added double encoded attack groups in order to reduce local file inclusion vulnerability confirmation requests
* Added status bar label which displays current VDB version and VDB version update notifications
* Added login activity indicator to Scan Summary Dashboard
* Added a new knowledgebase out-of-scope reason for links which exceed maximum depth
* Updated external references in cross-site scripting vulnerability templates
* Improved DOM parser by providing current cookies and referer to DOM/JavaScript context
* Added several new DOM events to simulate including keyboard events
* Improved the parsing of "Anti-CSRF token field names" setting by trimming each individual token name pattern
* Added support for simulating DOM events inside HTML frames/iframes
* Consolidated XSS exploitation function name (netsparker()) throughout all the areas reported
* Removed redundant semicolon followed by waitfor delay statements from time based SQLi attack patterns to bypass more blacklistings
* Changed default user-agent string to mimic a Chrome based browser
* Improved LFI extraction file list to extract files from target system according to detected OS
* Removed outdated PCI 1.2 classifications

FIXES

* Fixed indentation problem of bullets in knowledgebase reports
* Fixed path disclosure reports in MooTools JavaScript file
* Fixed KeyNotFoundException occurs when a node from Sitemap tree is clicked
* Fixed NullReferenceException thrown from Boolean SQL Injection Engine
* Fixed an issue in WebDav Engine where an extra parameter is added when requesting with Options method
* Fixed a bug where LFI exploitation does not work for double encoded paths
* Fixed a bug in Export file dialog where .nss extension isn't appended if file name ends with a known file extension
* Fixed a bug in Configure Form Authentication wizard where the number of scripts loaded shows incorrectly
* Fixed a bug which occurs while retesting with CSRF engine
* Fixed a bug where retest does not work after loading a saved scan session
* Fixed a bug where Netsparker reports out of date PHP even though PHP is up to date
* Fixed a UI hang where Netsparker tries to display a binary response in Browser View tab
* Fixed an ArgumentNullException thrown when clicking Heartbleed vulnerability
* Fixed a bug where Netsparker makes requests to DTD URIs in XML documents
* Fixed a bug in Scan Policy settings dialog where list of user agents are duplicated
* Fixed a typo in ViewState MAC Not Enabled vulnerability template
* Fixed a bug in auto updater where the updater doesn't honour the AutoPilot and Silent command line switches
* Fixed XSS exploit generation code to handle cases where input name is "submit"
* Fixed a bug that prevents Netsparker.exe process from closing if you try to close Netsparker immediately after starting a new scan
* Fixed a UI hang happens when the highlighted text is huge in response source code
* Fixed issues with decoded HTML attribute values in text parser
* Fixed session cookie path issues according to how they are implemented in modern browsers
* Fixed scan stuck at re-crawling issue for imported scan sessions
* Fixed highlighting issues for possible XSS vulnerabilities
* Fixed a crash due to empty/missing URL value for form authentication macro requests
* Fixed a NullReferenceException in Open Redirect Engine which occurs if redirect response is missing Location header
* Fixed an error in authentication macro sequence player happens when the request URI is wrong or missing

Download Netsparker v3.5

Read More

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

A simple scan in bash to extract sites from a bing search and check if is vulnerable.

Download Bing Heartbleed Scan

Read More

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. 

IronWASP has a plugin system that supports Python and Ruby. The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API. 

One of the design goals of IronWASP is to be usable without reading a documentation. So whether you want to use the UI or do awesome things in the scripting shell, you can dive right in.

The UI has a clean design with helpful wizards for complex tasks, small snippets of text descriptions in different sections and 'Help' sections all over the tool that provide contextual documentation when required.

If you want to do scripting then make use of the 'Script Creation Assistant' that can take you requirement and create the script automatically for you. You could be someone who is trying to learn scripting or an experienced scripting ninja, you will find this feature to be extremly useful.

If you want to create a new vulnerabilty check or write your own security tool in the shortest possible time using the powerful API of IronWASP then use the 'Coding Assistants' available in the 'Dev Tools' menu.

Download IronWASP v0.9.7.5

Read More

[IPNetInfo v1.53] Retrieves IP Address Information

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses. 

Download IPNetInfo v1.53

Read More

[pMap v1.10] Passive Discovery, Scanning, and Fingerprinting

Discovery, Scanning, and Fingerprinting via Broadcast and Multicast Traffic

Features

• Reveals open TCP and UDP ports
• Uses UDP, mDNS, and SSDP to identify PCs, NAS, Printers, Phones, Tablets, CCTV, DVR, and Others
• Device Type, Make, and Model
• Operating Systems and Version
• Service Versions and Configuration
• Stand-Alone (Nmap-like output) or Agent Mode (SYSLOG)
• Metasploit Script Included

Download pMap v1.10

Read More

[Rootkit Hunter] Scanning tool to ensure you for about 99.9%* you're clean of nasty tools

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare

- Look for default files used by rootkits

- Wrong file permissions for binaries

- Look for suspected strings in LKM and KLD modules

- Look for hidden files

- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer 

System requirements:

- Compatible operating system (see 'Supported operating systems')

- Bourne Again Shell (BASH)

Dowload Rootkit Hunter

Read More

[Fing] Tool for Network Scan and Analysis for iPhone

Highlight of features: 

+ Discovers all devices connected to a Wi-Fi network. No limitation! 

+ Displays the MAC Address and up-to-date Vendor names. 

+ Customize names, icons and notes. 

+ Wake On LAN. Switch on your cable-connected devices.

+ History of all discovered networks. You can review and edit your past scans at any time, also offline. 

+ Checks the availability of Internet connection, reporting the geographic location of the ISP (Internet Service Provider). 

+ Share a detailed report of any scan via email

+ Search devices by IP, MAC, Name, Vendor and Notes

+ In-app settings

+ Scans the open ports to find available services. It uses a fast engine that supports hundreds of well-known ports, that you can customize with your own

+ Translates IP addresses to its Domain Names, and reverse 

+ Works also with hosts outside your local network

+ Tracks when a device has gone UP or DOWN, keeping disconnected devices in the list.

+ Discovers NetBIOS names.

+ Supports identification by IP address. Allows to customize nodes hidden behind a network switch.

+ Can sort devices by IP, MAC, Name, Vendor, State, Last Change.

+ Free of charge, Free of Ads 

+ Integrates with Fingbox to sync and backup your customizations, merge networks with multiple access points, monitor remote networks via Fingbox Sentinels, get notifications of changes, and much more.

Fing is born from the ashes of the famous Look@LAN, with a brand-new engine that makes it even faster and smarter! Available also for Windows, Mac OS X, Linux and more platforms!

Download Fing

Read More

[Vega v1.0 Build 108] Web Security Scanner

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. 

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

 Features

• Automated Crawler and Vulnerability Scanner
• Consistent UI
• Website Crawler
• Intercepting Proxy
• SSL MITM
• Content Analysis
• Extensibility through a Powerful Javascript Module API
• Customizable alerts
• Database and Shared Data Model

Some of the features in the 1.0 release include:

• Active proxy scanner
• Greatly improved detections
• Greatly improved support for authenticated scanning
• API enhancements
• HTTP message viewer enhancements

Modules

• Cross Site Scripting (XSS)
• SQL Injection
• Directory Traversal
• URL Injection
• Error Detection
• File Uploads
• Sensitive Data Discovery

Download Vega v1.0 Build 108

Read More

[flunym0us] Vulnerability Scanner for Wordpress and Moodle

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team.

Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.

Operation

Flunym0us requires python.

Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use

-t TIMEOUT, --timeout TIMEOUT: Connection timeout

-r RETRIES, --retries RETRIES: Connection retries

-p PROCESS, --process PROCESS: Number of process to use

-T THREADS, --threads THREADS: Number of threads (per process) to use

Versions

Flunym0us is distributed under the terms of GPLv3 license

ChangeLog 1.0:

[+] Search Wordpress Plugins

[+] Search Moodle Extensions

ChangeLog 2.0:

[+] http user-agent hijacking

[+] http referer hijacking

[+] Search Wordpress Version

[+] Search Wordpress Latest Version

[+] Search Version of Wordpress Plugins

[+] Search Latest Version of Wordpress Plugins

[+] Search Path Disclosure Vulnerabilities

[+] Search Wordpress Authors  

Download flunym0us

Read More

[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :

• File disclosure (Local and remote include/require, fopen, readfile...)
• Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
• XSS (Cross Site Scripting) injection (reflected and permanent)
• Command Execution detection (eval(), system(), passtru()...)
• CRLF Injection (HTTP Response Splitting, session fixation...)
• XXE (XmleXternal Entity) injection
• Use of know potentially dangerous files (thanks to the Nikto database)
• Weak .htaccess configurations that can be bypassed
• Presence of backup files giving sensitive information (source code disclosure)

Wapiti supports both GET and POST HTTP methods for attacks.

It also supports multipart and can inject payloads in filenames (upload).

Display a warning when an anomaly is found (for example 500 errors and timeouts)

Makes the difference beetween permanent and reflected XSS vulnerabilities.

General features :

• Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
• Can suspend and resume a scan or an attack
• Can give you colors in the terminal to highlight vulnerabilities
• Different levels of verbosity
• Fast and easy way to activate/deactivate attack modules
• Adding a payload can be as easy as adding a line to a text file

Browsing features

Support HTTP and HTTPS proxies

Authentication via several methods : Basic, Digest, Kerberos or NTLM

Ability to restrain the scope of the scan (domain, folder, webpage)

Automatic removal of a parameter in URLs

Safeguards against scan endless-loops (max number of values for a parameter)

Possibility to set the first URLs to explore (even if not in scope)

Can exclude some URLs of the scan and attacks (eg: logout URL)

Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools)

Can activate / deactivate SSL certificates verification

Extract URLs from Flash SWF files

Try to extract URLs from javascript (very basic JS interpreter)

HTML5 aware (understand recent HTML tags)

Wapiti is a command-line application.

Here is an exemple of output against a vulnerable web application.

You may find some useful informations in the README and the INSTALL files.

Download Wapiti

Read More

[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
ike-scan can perform the following functions:

• Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan.
• Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
• Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
• User Enumeration For some VPN systems, discover valid VPN usernames.
• Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses ike-scan to obtain the hash and other parameters, and psk-crack (which is part of the ike-scan package) to perform the cracking.

The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper which should be included in the ike-scan kit as UDP Backoff Fingerprinting Paper.

The program sends IKE phase-1 (Main Mode or Aggressive Mode) requests to the specified hosts and displays any responses that are received. It handles retry and retransmission with backoff to cope with packet loss. It also limits the amount of bandwidth used by the outbound IKE packets.
IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive Mode.
Building and Installing

• Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code
• Run cd ike-scan to enter source directory
• Run autoreconf --install to generate a viable ./configure file
• Run ./configure or ./configure --with-openssl to use the OpenSSL libraries
• Run make to build the project
• Run make check to verify that everything works as expected
• Run make install to install (you’ll need root or sudo for this part)

Download ike-scan

Read More

[WebSurgery] Web application security testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).

Main Tools

Crawler

• High Performance Multi-Threading and Completely Parameterized Crawler
• Extracts Links from HTML / CSS / JavaScript / AJAX / XHR
• Hidden Structure Identification with Embedded Bruteforcer
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Limit Rules (Case Sensitive, Process Above / Below, Dir Depth, Max Same File / Script Parameters / Form Action File)
• Parameterized Extra Rules (Fetch Indexes / Sitemaps, Submit Forms, Custom Headers)
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Exclude, Page Not Found, Search Filters)

Bruteforcer

• High Performance Multi-Threading Bruteforcer for Hidden Structure (Files / Directories)
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Rules (Base Dir, Bruteforce Dirs / Files, Recursive, File Extension, Custom Headers)
• Parameterized Advanced Rules (Send GET / HEAD, Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Page Not Found, Search Filters)
• Supports List Generator with Advanced Rules

Fuzzer

• High Performance Multi-Threading Fuzzer Generates Requests based on Initial Request Template
• Exploitation for (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms
• Identification of Improper Input Handling and Firewall / Filtering Rules
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Advanced Rules (Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Stop / Reset Level, Search Filters)
• Supports List Generator with Advanced Rules
• Supports Multiple Lists with Different Levels

Proxy

• Proxy Server to Analyze, Intercept and Manipulate Traffic
• Parameterized Listening Interface IP Address & Port Number
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Intercept, Match-Replace, Search Filters)

Editor

• Advanced ASCII / HEX Editor to Manipulate Individual Requests
• Parameterized Timing Settings (Timeout, Max Data Size, Retries)
• Automatically Fix Request (Content-Length, New Lines at End)

Extra Tools

Scripting Filters

• Advanced Scripting Filters to Filter Specific Requests / Responses
• Main Variables (url, proto, hostport, host, port, pathquery, path, query, file, ext)
• Request Variables (size, hsize, dsize, data, hdata, ddata, method, hasparams, isform)
• Response Variables (size, hsize, dsize, data, hdata, ddata, status, hasform)
• Operators =, !=, ~, !~, >=, <=, >, <
• Conjunctions &, |
• Supports Reverse Filters and Parenthesis

List Generator

• List Generator for Different List Types (File, Charset, Numbers, Dates, IP Addresses, Custom)
• Parameterized Rules (Prefix, Suffix, Case, Reverse, Fixed-Length, Match-Replace)
• Parameterized Crypto / Hash Rules (URL, URL All, HTML, BASE-64, ASCII, HEX, MD5, SHA-512)

External Proxy

• External Proxy Redirects Traffic to Another Proxy
• Supports Non-Authenticated Proxies (HTTP, SOCKS4, SOCKS5)
• Supports Authenticated Proxies (HTTP Basic, SOCKS5 Username/Password)
• Supports DNS Lookups at Proxy Side

         

Download WebSurgery

Read More

[Bluelog v1.1.2] Linux Bluetooth scanner

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It's intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.

While there are many different Bluetooth scanners available, none I found did exactly what I wanted, most seemed focused on pulling down various bits of information from the target devices (like SDP records). I was also having trouble locating a scanner that didn't have a UI of some sort, which was a problem since I wanted to scan continuously without user intervention. After trying out all of the Linux Bluetooth scanners I could find, I eventually decided to simply write my own.

The more time I spent on Bluelog, the more features I worked into it. Eventually, Bluelog started evolving into a considerably more advanced tool then I initially intended. Still, all of the advanced features are completely optional, and if you chose it can still be used as the simple little scanner it started as.

Download Bluelog v1.1.2

Read More