Web Security Research - Lab

CMSmap tool v0.6 - Simple CMS Vulnerability Scanner

2015-07-01T20:06:00.000-07:00

https://hacksearch.wordpress.com/2015/07/02/cmsmap-tool-v0-6-simple-cms-vulnerability-scanner/

Zarp Hacking Toolkit - zarp.py

2015-05-27T10:24:00.000-07:00

Poisoners

Denial of Service

Sniffers

Scanners

Services

Parameter

Attacks

https://hacksearch.wordpress.com/2015/05/27/zarp-hacking-toolkit-zarp-py/

Facebook Password Cracker

2015-05-05T11:17:00.001-07:00

https://hacksearch.wordpress.com/2015/05/05/facebook-password-cracker/

SpearPhisher - Phishing Email Generation Tool

2015-05-05T06:53:00.000-07:00

SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body. If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.

https://hacksearch.wordpress.com/2015/05/05/spearphisher-phishing-email-generation-tool/

CookieCatcher - Session Hijacking Tool

2015-05-05T05:14:00.000-07:00

(Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.

Features:
- Prebuilt payloads to steal cookie data
- Just copy and paste payload into a XSS vulnerability
- Will send email notification when new cookies are stolen
- Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
- Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
- Will attempt to load a preview when viewing the cookie data
- PAYLOADS
- Basic AJAX Attack
- HTTPONLY evasion for Apache CVE-20120053
- More to come

https://hacksearch.wordpress.com/2015/05/05/cookiecatcher-session-hijacking-tool/

SpiderFoot v2.30 - Footprinting tool

2015-05-04T17:25:00.001-07:00

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.

Main features

Fast, Easy to Use
Highly Configurable
For Windows & Linux
Create your own modules in Python

Changelog v2.04

New module: Search all Internet TLDs for targets with the same name (sfp_searchtld), with threading and handling wildcard DNS
New module: Obtain SSL certificate information (issued to, issued by) and check for host-mismatch, expiry and approaching expiry
Improve sfp_dns to identify and handle cases where wildcard DNS is enabled
A number of bug fixes, should improve the amount of results returned

Full Changelog: https://github.com/Theethical/spiderfoot

More Information:http://www.spiderfoot.net/

Downland : https://hacksearch.wordpress.com/2015/05/05/spiderfoot-v2-30-footprinting-tool/

IronWASP [ v0.9.8.6 ] Open Source Advanced Web Security Testing Vulnerability

2015-05-03T18:32:00.000-07:00

Performing Vulnerability Scans with IronWASP
Recording a Login Sequence to use in Vulnerability Scanning
Automatically Testing for CSRF Vulnerabilities using IronWASP
Automatically Testing for Broken Authentication with IronWASP
Automatically Testing for Hidden Parameters using IronWASP
Automatically Testing for Privilege Escalation Vulnerabilities using IronWASP
Hunting for DOM based Cross-site Scripting Vulnerabilities with IronWASP
Using IronWASP's built-in pre-configured browser to automatically intercept HTTP and HTTPS traffic
Using WiHawk - WiFi Router Vulnerability Scanner
Using XmlChor - XPATH Injection Exploitation Tool

https://hacksearch.wordpress.com/2015/05/04/ironwasp-v0-9-8-6-open-source-advanced-web-security-testing-platform/

Arachni - The Web Application Security Scanner Framework

2015-05-02T15:37:00.001-07:00

https://hacksearch.wordpress.com/2015/05/02/arachni-the-web-application-security-scanner-framework/

HconSTF Pentest Browser # Open Source Penetration Testing Ethical Hacking Framework

2015-05-01T15:18:00.001-07:00

https://hacksearch.wordpress.com/2015/05/01/hconstf-pentest-browser-open-source-penetration-testing-ethical-hacking-framework/

Hardanger - Web Application Penetration Testing

2015-05-01T13:48:00.000-07:00

Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window

https://hacksearch.wordpress.com/2015/05/01/hardanger-web-application-penetration-testing/

WebVulScan - Web Application Vulnerability Scanner

2015-05-01T12:53:00.000-07:00

The vulnerabilities tested by WebVulScan are:

Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Standard SQL Injection
Broken Authentication using SQL Injection
Autocomplete Enabled on Password Fields
Potentially Insecure Direct Object References
Directory Listing Enabled
HTTP Banner Disclosure
SSL Certificate not Trusted
Unvalidated Redirects

Features:

Crawler: Crawls a website to identify and display all URLs belonging to the website.
Scanner: Crawls a website and scans all URLs found for vulnerabilities.
Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
Register: Allows a user to register with the web application.
Login: Allows a user to login to the web application.
Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
PDF Generation: Dynamically generates a detailed PDF report.
Report Delivery: The PDF report is emailed to the user as an attachment.

https://hacksearch.wordpress.com/2015/05/01/webvulscan-web-application-vulnerability-scanner/

IP Thief - Simple IP Stealer in PHP

2015-03-22T22:26:00.001-07:00

A simple PHP script to capture the IP address of anyone that send the "imagen.php" file with the following options:

[+] It comes with an administrator to view and delete IP

[+] You can change the redirect URL image

[+] Can you see the country of the visitor

https://hacksearch.wordpress.com/2015/03/23/ip-thief-simple-ip-stealer-in-php/

USBPcap - USB Packet capture for Windows

2015-03-18T21:23:00.000-07:00

USBPcap - USB Packet capture for Windows

https://hacksearch.wordpress.com/2015/03/19/usbpcap-usb-packet-capture-for-windows-open-source-usb-sniffer-for-windows/

Ethical Hacking 2 Görsel Eğitim Seti İndir Türkçe Full

2015-02-27T17:30:00.001-08:00

Boyut:1.3-gb
Sıkıştırma: Rar / Şifresiz
Tarama: Webroot. / Durum Temiz

https://hacksearch.wordpress.com/2015/02/28/ethical-hacking-2-gorsel-egitim-seti-indir-turkce-full/

ETHİCAL HACKİNG VE GÜVENLİK EĞİTİM SETİ TURKCE FULL İNDİR

2015-02-27T16:49:00.000-08:00

Boyut:600-mb Sıkıştırma: Rar / Şifresiz Tarama: Webroot. / Durum Temiz

https://hacksearch.wordpress.com/2015/02/23/ethical-hacking-ve-guvenlik-egitim-seti-turkce-full-indir/

ICONİUM EKONOMİK THEME – MULTİPLE VULNERABİLİTİES

2015-02-13T17:53:00.000-08:00

ICONİUM EKONOMİK THEME – MULTİPLE VULNERABİLİTİES

https://hacksearch.wordpress.com/2015/02/13/iconium-ekonomik-theme-multiple-vulnerabilities/

Windows 8 Hacks - Ebook PDF

2015-01-26T13:46:00.002-08:00

Windows 8 Hacks - Ebook PDF

http://filepi.com/i/LZuDmDl

Ubuntu Hacks - Ebook PDF

2015-01-26T12:56:00.004-08:00

Ubuntu Hacks - Ebook PDF

http://filepi.com/i/4Vg8RKR

PDF Hacks - Ebook Downland

2015-01-26T12:10:00.001-08:00

PDF Hacks - Ebook Downland

http://filepi.com/i/OqhapRt

Network Security Hacks - Ebook PDF

2015-01-25T11:12:00.002-08:00

Network Security Hacks - Ebook PDF

http://filepi.com/i/gwjgO1X

Machine Learning for Hackers - Free Ebook PDF

2015-01-25T11:01:00.000-08:00

Machine Learning for Hackers - Free Ebook PDF

http://filepi.com/i/O593cTx

Mac Hacks - Ebook PDF

2015-01-25T10:29:00.003-08:00

Mac Hacks - Ebook PDF

http://filepi.com/i/sLf5e7K

Linux Server Hacks - Ebook PDF

2015-01-25T09:20:00.002-08:00

Linux Server Hacks - Ebook PDF

http://filepi.com/i/G3S2mA9

Knoppix Hacks - Ebook PDF Downland

2015-01-25T08:52:00.000-08:00

Knoppix Hacks - Ebook PDF Downland

http://filepi.com/i/OOS9svK

Kinect Hacks - E-book Downland PDF

2015-01-24T14:46:00.000-08:00

http://filepi.com/i/GdSZX1T