Gitrob - Reconnaissance tool for GitHub organizations

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous information.

How it works

Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.

The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a list of repositories that might be related or have relevance to the organization.

When the list of repositories has been compiled, it proceeds to gather all the filenames in each repository and runs them through a series of observers that will flag the files, if they match any patterns of known sensitive files. This step might take a while if the organization is big or if the members have a lot of public repositories.

All of the members, repositories and files will be saved to a PostgreSQL database. When everything has been sifted through, it will start a Sinatra web server locally on the machine, which will serve a simple web application to present the collected data for analysis.

Download Gitrob

Read More

Acunetix Online Vulnerability Scanner

Acunetix Online Vulnerability Scanner acts as a virtual security officer for your company, scanning your websites, including integrated web applications, web servers and any additional perimeter servers for vulnerabilities. And allowing you to fix them before hackers exploit the weak points in your IT infrastructure!

Leverages Acunetix leading web application scanner

Building on Acunetix’ advanced web scanning technology, Acunetix OVS scans your website for vulnerabilities – without requiring to you to license, install and operate Acunetix Web Vulnerability scanner. Acunetix OVS will deep scan your website – with its legendary crawling capability – including full HTML 5 support, and its unmatched SQL injection and Cross Site Scripting finding capabilities.

Unlike other online security scanners, Acunetix is able to find a much greater number of vulnerabilities because of its intelligent analysis engine – it can even detect DOM Cross-Site Scripting and Blind SQL Injection vulnerabilities. And with a minimum of false positives. Remember that in the world of web scanning its not the number of different vulnerabilities that it can find, its the depth with which it can check for vulnerabilities. Each scanner can find one or more SQL injection vulnerabilities, but few can find ALMOST ALL. Few scanners are able to find all pages and analyze all content, leaving large parts of your website unchecked. Acunetix will crawl the largest number of pages and analyze all content.

Utilizes OpenVAS for cutting edge network security scanning

And Acunetix OVS does not stop at web vulnerabilities. Recognizing the need to scan at network level and wanting to offer best of breed technology only, Acunetix has partnered with OpenVAS – the leading network security scanner. OpenVAS has been in development for more then 10 years and is backed by renowned security developers Greenbone. OpenVAS draws on a vulnerability database of thousands of network level vulnerabilities. Importantly, OpenVAS vulnerability databases are always up to date, boasting an average response rate of less than 24 hours for updating and deploying vulnerability signatures to scanners.

Start your scan today

Getting Acunetix on your side is easy – sign up in minutes, install the site verification code and your scan will commence. Scanning can take several hours, depending on the amount of pages and the complexity of the content. After completion, scan reports are emailed to you – and Acunetix Security Consultants are on standby to explain the results and help you action remediation. For a limited time period, 2 full Network Scans are included for FREE in the 14-day trial. 

Acunetix Online Vulnerability Scanner

Read More

Nipper - Toolkit Web Scan for Android

La Primera herramienta de escáner de vulnerabilidades WEB, En entorno Android (Versión para iOS en desarrollo), este escáner de vulnerabilidad fue enfocado para CMS más usadas, (WordPress, Drupal, Joomla. Blogger ).

En su primera versión Nipper cuenta con 10 módulos distintos, para recopilar información acerca de un URL en específica.

Su interfaz ha sido pensada para que tan solo con unos “toques” en su interfaz extraerías gran parte de su información.

Módulos Disponibles:

• IP Server
• CMS Detect & Version
• DNS Lookup
• Nmap ports IP SERVER
• Enumeration Users
• Enumeration Plugins
• Find Exploit Core CMS
• Find Exploit DB
• CloudFlare Resolver

Nipper NO requiere ROOT, tan solo requiere permiso a internet.

Compatible desde 2.3 a Android L.

Download Nipper

Read More

AutoScan-Network - Automatically scan your network

AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.

System Requirements :

•Mac OS X 10.5 or later

•Microsoft Windows (XP, Vista)

•GNU/Linux

•Maemo 4

•Sun OpenSolaris

Features:

• Fast network scanner

 • Automatic network discovery

 • TCP/IP scanner

 • Wake on lan functionality

 • Multi-threaded Scanner

 • Port scanner

 • Low surcharge on the network

 • VNC Client

 • Telnet Client

 • SNMP scanner

 • Simultaneous subnetworks scans without human intervention

 • Realtime detection of any connected equipment

 • Supervision of any equipment (router, server, firewall...)

 • Supervision of any network service (smtp, http, pop, ...)

 • Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database

 • The graphical interface can connect one or more scanner agents (local or remote)

 • Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)

 • Network Intruders detection (in intruders detection mode, all new equipments blacklisted)

 • Complete network tree can be saved in a XML file.

 • Privileged account is not required

Download AutoScan-Network

Read More

zANTI 2.0 - Android Network Toolkit

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Scan

Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans.

Diagnose

Enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.

Report

Highlight security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.

Download zANTI 2.0

Read More

Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications

WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) and with a low rate of false positives. WAP detects and corrects the following vulnerabilities:

• SQL Injection (SQLI)
• Cross-site scripting (XSS)
• Remote File Inclusion (RFI)
• Local File Inclusion (LFI)
• Directory Traversal or Path Traversal (DT/PT)
• Source Code Disclosure (SCD)
• OS Command Injection (OSCI)
• PHP Code Injection

This tool semantically analyses the source code. More precisely, it does taint analysis (data-flow analysis) to detect the input validation vulnerabilities. The aim of the taint analysis is to track malicious inputs inserted by entry points ($_GET, $_POST arrays) and to verify if they reaches some sensitive sink (PHP functions that can be exploited by malicious input). After the detection, the tool uses data mining to confirm if the vulnerabilities are real or false positives. At the end, the real vulnerabilities are corrected with the insertion of the fixes (small pieces of code) in the source code. WAP is written in Java language and is constituted by three modules:

• Code Analyzer: composed by tree generator and taint analyser. The tool has integrated a lexer and a parser generated by ANTLR, and based in a grammar and a tree grammar written to PHP language. The tree generator uses the lexer and the parser to build the AST (Abstract Sintatic Tree) to each PHP file. The taint analyzer performs the taint analysis navigating through the AST to detect potentials vulnerabilities.


• False Positives Predictor: composed by a supervised trained data set with instances classified as being vulnerabilities and false positives and by the Logistic Regression machine learning algorithm. For each potential vulnerability detected by code analyser, this module collects the presence of the attributes that define a false positive. Then, the Logistic Regression algorithm receives them and classifies the instance as being a false positive or not (real vulnerability).


• Code Corrector: Each real vulnerability is removed by correction of its source code. This module for the type of vulnerability selects the fix that removes the vulnerability and signalizes the places in the source code where the fix will be inserted. Then, the code is corrected with the insertion of the fixes and new files are created.     

Download WAP

Read More

Arachni v1.0 - Web Application Security Scanner Framework

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. 

It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly. 

Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. 

Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Download Arachni v1.0

Read More

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.

Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. It's purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases), as there are better tools out there to do that (BURP scanner for example). So it's the only tool which sits in between manual hacking with BURP repeater, and automated scanning with BURP scanner.

To use it, just send a suspicious HTTP request from BURP proxy to Sentinel. Then the user is able to select certain attack patterns for selected parameters (say, XSS attacks for parameter "id"). Sentinel will issue several requests, with the attack patterns inserted. It will also help find suspicious behaviour and pattern in the accompaining HTTP responses (for example, identify decoded HTML magic chars).

Features

Big Features:

• AutomatedDetection Automated XSS/SQL Detection
• AttackLists Self-Defined Attack Lists
• Sessions Session Definition
• Categorizer Categorizer
• Reporter Generate Report
• FirefoxAddon Firefox Addon

UI Features:

• Beautify
• UI-Diff Diff
• UI-Link Link

Download BurpSentintel 

Read More

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.

zANTI produces an Automated Network Map that shows any vulnerabilities of a given target.

Pick your audit

zANTI offers a host of penetration-testing features, including everything from Man-In-The-Middle and password complexity audits to port monitoring and a sophisticated packet sniffer.

End the discussion

zANTI employs advanced cloud-based reporting that makes it easy to demonstrate flaws and rationalize budgeting for necessary network upgrades.

Keep it simple

zANTI offers a user-friendly web-based interface that turns complex audits into a walk in the park; to quote Forbes, it’s “as polished as a video game”.

Download zAnti

Read More

Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Nmap is ...

• Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
• Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
• Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
• Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
• Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
• Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
• Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
• Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press pagefor further details.
• Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.  

Changelog Nmap 6.47:

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
  (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
  Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
  OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
  Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]

o (Windows, RPMs) Upgraded the included OpenSSL to version 1.0.1i. [Daniel Miller]

o (Windows) Upgraded the included Python to version 2.7.8. [Daniel Miller]

o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
  was added in 6.45, and resulted in trouble for Nmap XML parsers without
  network access, as well as increased traffic to Nmap's servers. The doctype
  is now:
  

o [Ndiff] Fixed the installation process on Windows, which was missing the
  actual Ndiff Python module since we separated it from the driver script.
  [Daniel Miller]

o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
  which was giving the error, "\Microsoft was unexpected at this time." See
  https://support.microsoft.com/kb/2524009 [Daniel Miller]

o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
  producing this error:
    Could not import the zenmapGUI.App module:
    'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
    Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
    Referenced from:
    /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
    Reason: image not found'.

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
  being written in the wrong place, so authentication could not succeed.
  Reported with patch by Pierluigi Vittori.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
  this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]

o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
  installed. Python tries to be nice and loads it when we import xml, but it
  isn't compatible. Instead, we force Python to use the standard library xml
  module. [Daniel Miller]

o Handle ICMP admin-prohibited messages when doing service version detection.
  Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
  callback.  Error code: 101 (Network is unreachable) [David Fifield]

o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]

o [Zenmap] Fix a bug in DiffViewer causing this crash:
     TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
     buffer, not NmapParserSAX
  Crash happened when trying to compare two scans within Zenmap. [Daniel Miller]

Download Nmap 6.47

Read More

Netsparker v3.5.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on. 

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

NEW FEATURES 
* New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS 
* Improved the performance of the DOM Parser
* Improved the performance of the DOM cross-site scripting scanner
* Optimized DOM XSS Scanner to avoid scanning pages with same source code
* Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
* Improved selected element simulation for select HTML elements
* Added new patterns for Open Redirect engine

FIXES 
* Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
* Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
* Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
* Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
* Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
* Fixed a bug in DOM Parser where events are not simulated for elements inside frames
* Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response

Download Netsparker v3.5.5

Read More

FuckShitUp - Multi Vulnerabilities Scanner written in PHP

Basically, FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url's using search engines - and so, dork for interesting files and full path disclosures. Using list of url's, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files - just like url's, and any other files. FSU is based on PHP and text files, it's still under construction so i am aware of any potential bugs. Principle of operation is simple.

More url's -> more vuln's. For educational purposes only.

Intro

• Data grabbing:
  • URL's (geturl/massurl) -> (scan)
  • Configs, Databases, SQLi's (dork)
  • Full Path Disclosures / Users (fpds) -> (brutefpds)
  • Top websites info (top)
• Massive scanning
  • XSS, SQLi, LFI, RFI (scan)
  • FTP, SSH, DB's, IMAP (multibruter)
  • Accurate SSH bruteforce (brutefpds)

Plan

• Web Apps
  • Grab url's via 'geturl' or 'massurl' (massurl requires list of tags as file)
  • Scan url's parameters for vulns with 'scan'
• Servers
  • Pick target, get ip range
  • Scan for services on each IP and bruteforce with 'multibruter'
  • Grab full path disclosures, and so linux usernames
  • Perform SSH bruteforce for specific user with 'brutefpds'
• Info grabbing
  • Use 'dork' for automatic dorking
  • Use 'fpds' for full path disclosure grabbing
  • Use 'search' for searching someone in ur databases
  • Use 'top' for scanning all top websites of specific nation
• Others
  • 'Stat' shows actual statistics and informations
  • 'Show' display specific file
  • 'Clear' and 'filter' - remove duplicates, remove blacklisted url's

Others

MultiBrtuer requirements (php5):

• php5-mysql - for mysql connections
• php5-pgsql - for postgresql connections
• libssh2-php - for ssh connections
• php5-sybase - for mssql connections
• php5-imap - for imap connections

TODO:

• Fix problems with grabbing large amount of url's
• More search engines
• SQL Injector
• RFI shell uploader
• FSU is not secure as it should be

Download FuckShitUp

Read More

aNmap - Android Network Mapper (Nmap for Android)

Nmap is one of the most improtant tools for every cracker (white, grey black hat "hacker"). Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But now its available at android platform too. It is compiled from real Nmap source code by some developers to provide the support for android devices.

Download aNmap

Read More

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on. 

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

Changelog - 3.5.3

NEW FEATURES

* DOM based cross-site scripting vulnerability scanning
* Chrome based web browser engine for DOM parsing
* URL rewrite rules configuration wizard (to scan parameters in URLs)
* "Ignore Vulnerability from Scan" option to exclude vulnerabilities from reports

NEW SECURITY TESTS

* Nginx web server Out-of-date version check
* Perl possible source code disclosure
* Python possible source code disclosure
* Ruby possible source code disclosure
* Java possible source code disclosure
* Nginx Web Server identification
* Apache Web Server identification
* Java stack trace disclosure

IMPROVEMENTS

* Improved the correctness and coverage of Remote Code Execution via Local File Inclusion vulnerabilities
* Improved cross-site scripting vulnerability confirmation patterns
* Added support for viewing JSON arrays in document roots in request/response viewers
* Added support for Microsoft Office ACCDB database file detection
* Improved DOM parser to exclude non-HTML files
* Improved PHP Source Code Disclosure vulnerability detection
* Improved Nginx Version Disclosure vulnerability template
* Improved IIS 8 Default Page detection
* Improved Email List knowledgebase report to include generic email addresses
* Improved Configure Form Authentication wizard by replacing embedded record browser with a Chrome based browser
* Improved the form authentication configuration wizard to handle cases where Basic/NTLM/Digest is used in conjunction with Form Authentication
* Added a cross-site scripting attack pattern which constructs a valid XHTML in order to trigger the XSS
* Added double encoded attack groups in order to reduce local file inclusion vulnerability confirmation requests
* Added status bar label which displays current VDB version and VDB version update notifications
* Added login activity indicator to Scan Summary Dashboard
* Added a new knowledgebase out-of-scope reason for links which exceed maximum depth
* Updated external references in cross-site scripting vulnerability templates
* Improved DOM parser by providing current cookies and referer to DOM/JavaScript context
* Added several new DOM events to simulate including keyboard events
* Improved the parsing of "Anti-CSRF token field names" setting by trimming each individual token name pattern
* Added support for simulating DOM events inside HTML frames/iframes
* Consolidated XSS exploitation function name (netsparker()) throughout all the areas reported
* Removed redundant semicolon followed by waitfor delay statements from time based SQLi attack patterns to bypass more blacklistings
* Changed default user-agent string to mimic a Chrome based browser
* Improved LFI extraction file list to extract files from target system according to detected OS
* Removed outdated PCI 1.2 classifications

FIXES

* Fixed indentation problem of bullets in knowledgebase reports
* Fixed path disclosure reports in MooTools JavaScript file
* Fixed KeyNotFoundException occurs when a node from Sitemap tree is clicked
* Fixed NullReferenceException thrown from Boolean SQL Injection Engine
* Fixed an issue in WebDav Engine where an extra parameter is added when requesting with Options method
* Fixed a bug where LFI exploitation does not work for double encoded paths
* Fixed a bug in Export file dialog where .nss extension isn't appended if file name ends with a known file extension
* Fixed a bug in Configure Form Authentication wizard where the number of scripts loaded shows incorrectly
* Fixed a bug which occurs while retesting with CSRF engine
* Fixed a bug where retest does not work after loading a saved scan session
* Fixed a bug where Netsparker reports out of date PHP even though PHP is up to date
* Fixed a UI hang where Netsparker tries to display a binary response in Browser View tab
* Fixed an ArgumentNullException thrown when clicking Heartbleed vulnerability
* Fixed a bug where Netsparker makes requests to DTD URIs in XML documents
* Fixed a bug in Scan Policy settings dialog where list of user agents are duplicated
* Fixed a typo in ViewState MAC Not Enabled vulnerability template
* Fixed a bug in auto updater where the updater doesn't honour the AutoPilot and Silent command line switches
* Fixed XSS exploit generation code to handle cases where input name is "submit"
* Fixed a bug that prevents Netsparker.exe process from closing if you try to close Netsparker immediately after starting a new scan
* Fixed a UI hang happens when the highlighted text is huge in response source code
* Fixed issues with decoded HTML attribute values in text parser
* Fixed session cookie path issues according to how they are implemented in modern browsers
* Fixed scan stuck at re-crawling issue for imported scan sessions
* Fixed highlighting issues for possible XSS vulnerabilities
* Fixed a crash due to empty/missing URL value for form authentication macro requests
* Fixed a NullReferenceException in Open Redirect Engine which occurs if redirect response is missing Location header
* Fixed an error in authentication macro sequence player happens when the request URI is wrong or missing

Download Netsparker v3.5

Read More

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie

XSSYA Features

 * Support HTTPS

* After Confirmation (execute payload to get cookies)

* Can be run in (Windows - Linux)

* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)

*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)

* Support Saving The Web HTML Code Before Executing

the Payload Viewing the Web HTML Code into the Screen or Terminal

Download XSSYA

Read More

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

A simple scan in bash to extract sites from a bing search and check if is vulnerable.

Download Bing Heartbleed Scan

Read More

RCEer - Simple Remote Command Execution scanner

Simple Remote Command Execution scanner written in Python 2.7

Download RCEer

Read More

OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.1

The following changes were made in this release:

• ZAP changes request data (while switching views) ( Issue 81 )
• Unfulfilled dependencies hang the active scan ( Issue 377 )
• Cant remove scripts marked as ‘load on start’ ( Issue 1073 )
• core.newSession doesn’t clear Sites ( Issue 1114 )
• Historical Request Tab Doesn’t allow formatting changes ( Issue 1155 )
• Proxy gzip decoder doesn’t update content length in response headers ( Issue 1156 )
• Unable to set a home directory with a space on the command line ( Issue 1163 )
• Redundant indexes in zapdb.script ( Issue 1166 )
• Add proxy support for “deflate” content encoding ( Issue 1168 )
• Spider Context/User pop up menus no longer shown ( Issue 1170 )
• Unable to select 2 requests in fuzz results (Ctrl + click) ( Issue 1179 )
• Vulnerable pages active scanned only once ( Issue 1181 )
• Alerts of same type for different parameters of same vulnerable page shown only once in “Alerts” tree ( Issue 1182 )
• NullPointerException while selecting a node in the “Alerts” tab after deleting a message ( Issue 1183 )
• Cmdline session params have no effect ( Issue 1191 )
• Scan URL path elements – turn off by default ( Issue 1193 )
• Command line arguments are not passed to extensions when starting ZAP in daemon mode ( Issue 1194 )
• AbstractPlugin.bingo incorrectly sets evidence to attack ( Issue 1196 )
• Issue with loading addons that did not initialize correctly ( Issue 1202 )
• WordPress Authentication Script ( Issue 1203 )
• ‘History’ tab is not cleared when a new session is created through the API with ZAP in GUI mode ( Issue 1206 )

Download OWASP ZAP v2.3.1

Read More

Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft.

How it works?

• You need to provide range of ip's (e.g. 127.0.0.1 - 127.0.0.10); program will perform operations on each address separately, basing on selected options, then it will print out the response.
• By default, program will only check open ports, print http response headers, test for HTTP methods and check FTP for anonymous login.
• If 'SSH/IMAP/DB's' are checked, program will try to bruteforce SSH,IMAP,MySQL,PostgreSQL & MsSQL using array of passwords and users defined on the beggining of script. Notice, that it will try to login as user with grand permissions (e.g. root, postgres), although you're able to edit it.
• If 'FTP User' is set, program will also try to bruteforce FTP with specific user using mentioned passwords array. By default it's not, and it will only test for anonymous login.
• If 'Deep Scan' is set, program will perform all aforementioned operations. Further, it will use nmap with specific parameters you're able to edit, also, the traceroute scan will be performed and displayed - just like nmap. Deep Scan also gather some useful informations about a website (if it's running), such as interesting files/folders and www title.
• ?url=website.com for quick IP address of specific website.
  ...so - what it does it do? Nmap, traceroute, port scan, ftp anonymous login, ftp/ssh/imap/mysql/pgsql/mssql bruteforce, http (website) info gathering, 
  Crawler accepts as a parameter array of files and folders that you can manually edit, just like others options.

Download Hostscan

Read More

w3af - Open Source Web Application Security Scanner

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.

Changelog v1.6

• Improved performance: your scans will run faster
• Improved quality: 1300+ unittests are run after each change to make sure we don’t add any regressions
• Now you’ll be able to easily integrate w3af into other projects with a simple import w3af
• Better documentation

Download w3af

Read More