ToolWar | Information Security (InfoSec) Tools: Vulnerability

PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142-rw/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179-rw/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears
cd PatrowlHears
./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230-rw/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web 
application security security testing tool for Mac, Windows and Linux, 
suitable for novice as well as advanced users.</p>
<p>WebReaver allows you easily test any web application for a large 
variety of web vulnerabilities from the sever kinds such as SQL 
Injection, Local and Remote File Includes, Command Injection, Cross-site
 Scripting and Expression Injection to the less severe ones such as 
variety of session and headers problems, information leakage and many 
more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400-rw/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div>
<br />
<div style="text-align: justify;">
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div>
<b><br />
</b> <b>Information Gathering Techniques Used:</b><br />
<br />
<div style="text-align: justify;">
1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Video Tutorial:</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Documentation:  </h3>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div>
<h3 style="text-align: justify;">
Download:</h3>
<div style="text-align: justify;">
Amass is available for various platforms like Linux, Windows, MacOS etc.</div>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

FireEye Commando VM : Distribution

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s1600/CVM+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="commando vm fireeye" border="0" data-original-height="750" data-original-width="974" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s320-rw/CVM+logo.png" title="commando vm fireeye" width="320" /></a></div>
<div style="text-align: justify;">
CommandoVM - a fully customized, Windows-based security <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">distribution</a> for penetration testing and red teaming. </div>
<div style="text-align: justify;">
Penetration testers commonly use their own variants of Windows 
machines when assessing Active Directory environments. Commando VM was 
designed specifically to be the go-to platform for performing these 
internal penetration tests. The benefits of using a Windows machine 
include native support for Windows and Active Directory, using your VM 
as a staging area for C2 frameworks, browsing shares more easily (and 
interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.</div>
<div style="text-align: justify;">
Commando VM uses Boxstarter, Chocolatey, and MyGet packages
 to install all of the software, and delivers many tools and utilities 
to support penetration testing. This list includes more than 140 tools, 
including:</div>
<ul style="list-style-position: inside; text-align: justify;">
<li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li>
<li><a href="http://www.toolwar.com/2013/09/wireshark-tools.html" target="_blank">Wireshark</a></li>
<li>Covenant</li>
<li>Python</li>
<li>Go</li>
<li>Remote Server Administration Tools</li>
<li><a href="http://www.toolwar.com/2013/09/sysinternals.html" target="_blank">Sysinternals</a></li>
<li>Mimikatz</li>
<li><a href="http://www.toolwar.com/2013/09/burp-suite-tools.html" target="_blank">Burp-Suite</a></li>
<li>x64dbg</li>
<li>Hashcat</li>
</ul>
<div style="text-align: justify;">
With such versatility, Commando VM aims to be the de facto <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a>machine for every penetration tester and red teamer. For the blue 
teamers reading this, don’t worry, we’ve got full blue team support as 
well! The versatile tool sets included in Commando VM provide blue teams
 with the tools necessary to audit their networks and improve their 
detection capabilities. With a library of offensive tools, it makes it 
easy for blue teams to keep up with offensive tooling and attack trends.</div>
<div style="text-align: justify;">
<br /></div>
<h4>
Requirements</h4>
<ul>
<li>Windows 7 Service Pack 1 or Windows 10</li>
<li>60 GB Hard Drive</li>
<li>2 GB RAM</li>
</ul>
<h3 style="text-align: justify;">
Installation Instruction: </h3>
<ol>
<li>Create and configure a new Windows Virtual Machine</li>
</ol>
<ul>
<li>Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain</li>
<li>Take a snapshot of your machine!</li>
<li>Download and copy <code>install.ps1</code> on your newly configured machine.</li>
<li>Open PowerShell as an Administrator</li>
<li>Enable script execution by running the following command:
<ul>
<li><code>Set-ExecutionPolicy Unrestricted</code></li>
</ul>
</li>
<li>Finally, execute the installer script as follows:
<ul>
<li><code>.\install.ps1</code></li>
<li>You can also pass your password as an argument: <code>.\install.ps1 -password <password></code></li>
</ul>
</li>
</ul>
<div style="text-align: justify;">
<b>Detailed Installation Instruction: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Click Here</a><b> </b></div>
<div style="text-align: justify;">
<b>Download: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Commando VM</a></div>
<div style="text-align: justify;">
<b>Official Website: </b><a href="https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html" rel="nofollow" target="_blank">FireEye</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>

FireEye Commando VM : Distribution

CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Penetration testers comm...

Raptor (Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600-rw/Raptor.png" title="Raptor Web Application Firewall" /></a></div>
<div style="text-align: justify;">
<b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div>
<ul>
<li>    You can block XSS, SQL injection attacks and path traversal with Raptor</li>
<li>    You can use blacklist of IPs to block some users at config/blacklist ip.txt</li>
<li>    You can use IPv6 and IPv4 at communications</li>
<li>    At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li>
<li>    At the future SSL/TLS...</li>
</ul>
<b>Installation: </b><br />
to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br />
<br />
<b>Usage: </b><br />
Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br />
<b> </b><br />
<b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br />
<h3>
<b>Download: </b></h3>
<b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a>  <b><br /></b>

Raptor (Web Application Firewall) :: Tools

Raptor is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’...

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Mobile Security Framework : ToolWar" border="0" height="232" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400-rw/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div>
<div style="text-align: justify;">
<b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open 
source mobile application (Android/iOS) automated pen-testing framework 
capable of performing static and dynamic analysis. It can be used for 
effective and fast security analysis of Android and iOS Applications and
 supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> 
can also perform Web API Security testing with it's API Fuzzer that can 
do Information Gathering, analyze Security Headers, identify Mobile API 
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other
 logical issues related to Session and API Rate Limiting.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorial: </h3>
<ul>
<li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li>
</ul>
<h3>
Video Tutorial: </h3>
<h3>
Download: <strong> </strong></h3>
<strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br />
<strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br />
<strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br />
<br />
<div style="text-align: justify;">
<br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600-rw/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Sandcat Browser (Web Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s1600/sandcat+browser+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sandcat browser screenshot" border="0" height="310" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s400-rw/sandcat+browser+screenshot.png" title="sandcat browser screenshot" width="400" /></a></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Sandcat Browser</b> is the fastest web browser combined with the fastest scripting language packed with features for pen-testers<b>. Sandcat Browser</b> is a freeware portable pen-test oriented multi-tabbed  web browser with extensions support developed by the Syhunt team. The <b> Sandcat Browser</b> is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. </div>
<div class="vspace" style="text-align: justify;">
Some of its unique features include: </div>
<ul style="text-align: justify;">
<li><b>Live HTTP Headers</b> — built-in live headers with a dedicated cache per tab and support for preview extensions </li>
<li><b>Sandcat Console</b> — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page </li>
<li><b>Resources</b> tab  — allows you to view the page resources, such as JavaScript files and other web files. </li>
<li><b>Page Menu</b> extensions — allows you to view details about a page and more. </li>
<li><b>Pen-Tester Tools</b> — Sandcat comes with a  multitude of pen-test oriented extensions. This includes a Fuzzer, a  Script Runner, HTTP & XHR Editors, Request Loader, Request Replay  capabilities and more. </li>
</ul>
<div class="vspace" style="text-align: justify;">
Features inherited from Chromium include: </div>
<ul style="text-align: justify;">
<li><b>Multi-Process Architecture</b> — each tab is its own process </li>
<li><b>Developer Tools</b> — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles. </li>
</ul>
<h3 style="text-align: justify;">
<b> </b></h3>
<h3 style="text-align: justify;">
<b>Tutorials ::</b></h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/xdeXF4F4T_Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
<b>Download ::</b></h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.syhunt.com/pub/downloads/sandcat-browser-4.4.exe" target="_blank">Sandcat v4.4</a><b> </b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.syhunt.com/?n=Sandcat.Browser">http://www.syhunt.com/?n=Sandcat.Browser</a><b>
</b></div>
<h3 style="text-align: justify;">
</h3>
<div style="text-align: justify;">
</div>

Sandcat Browser (Web Penetration Testing) :: Framework

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers . Sandcat...

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600-rw/Liffy.jpg" title="Liffy Tool" width="400" /></a></div>
<div style="text-align: justify;">
<b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using 
the built-in wrappers php://input, data://, and a process control 
extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div>
<ul class="task-list" style="text-align: justify;">
<li>Updates * Now comes with ability to use poisoned Apache access logs,
 and php://filter for code execution and arbitrary file reads.</li>
</ul>
<div style="text-align: justify;">
<b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 
8000.  Further development of the tool will eventually include spawning a
 built-in web server in order to download, for now you can adjust the 
location and port in the source code for your needs.  These can be 
changed in core.py under the execute functions.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600-rw/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div>
<div style="text-align: justify;">
<b>Nipper (short for Network Infrastructure Parser, previously known as 
CiscoParse)</b> audits the security of network devices such as switches, 
routers, and firewalls.  It works by parsing and analyzing device 
configuration file which the <b>Nipper</b> user must supply.  This was an open 
source tool until its developer (Titania) released a commercial version 
and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br />
<ul>
<li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li>
<li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li>
<li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li>
<li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li>
<li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li>
<li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li>
<li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<h3>
Download ::</h3>
<b>Windows | Linux | Mac :: </b>
<b> </b><br />
<b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b>
<b> </b><br />
<b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b>
<b> </b><br />
<b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600-rw/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div>
<div style="text-align: justify;">
<b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability  management</b> offering.  It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and  mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and  remediation tracking according to business risk.  Internal scans are  handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a>  system.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<h3 style="text-align: justify;">
</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="SAINT LOGO" border="0" height="107" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600-rw/SAINT.jpg" title="SAINT LOGO" width="200" /></div>
<b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering 
tools and configuration assessments. Use the combined power of these 
tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems,
 desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run 
packaged penetration tests through pre-configured policies, run 
vulnerability-specific exploits for target-directed investigation; 
execute social engineering through packaged exploit Tools; and execute 
platform-specific configuration auditing, using NIST’s SCAP standards 
and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and 
reporting features to perform ad hoc analytics, view strategic level 
results across 1 or many assessments, and then build reports from 
pre-defined templates, compliance reports or build your own custom 
reports from over 150 customizable settings. <b>SAINT's</b> current repository 
includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span 
over 48,000 Common Vulnerability Exposures (CVEs), plus numerous 
vulnerabilities that do not currently have a CVE assigned. Vulnerability
 checks and exploit development is a daily activity, that includes 
delivery of new checks twice a week, through an automated plug-in. This 
agentless scanning solution can be delivered via a cloud-based version <b>
(WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based 
solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or 
load balanced scanning.</div>
<br />
<h3>
Tutorials ::</h3>
<b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br />
<b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br />
<br />
<h3>
Download :: </h3>
<b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br />
<b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br />
<b>Submitted By :: </b>SAINT Corporation <br />
<div style="text-align: justify;">
<br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="IronWASP Screenshot" border="0" height="222" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600-rw/IronWASP+Screenshot.png" title="IronWASP Screenshot" width="640" /></a></div>
<b>IronWASP (Iron Web application Advanced Security testing Platform)</b> is an  open source <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> for <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application <a href="http://www.toolwar.com/search/label/Vulenrability" target="_blank">vulnerability</a> testing. It is  designed to be customizable to the extent where users can create their  own custom <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> using it.         Though an advanced user with <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>/Ruby scripting expertise  would be able to make full use of the platform, a lot of the tool's  features are simple enough to be used by absolute beginners. </div>
<div style="text-align: justify;">
<b>IronWASP</b> has a plugin system that supports Python and Ruby. The version  of Python and Ruby used in <b>IronWASP</b> is IronPython and IronRuby which is  syntactically similar to CPython and CRuby. However some of the standard  libraries might not be available, instead plugin authors can make use  of the powerful IronWASP API.                   </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>IronWASP Blog : : </b><a href="http://blog.ironwasp.org/" target="_blank">Click Here </a></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/yUoPRnEf22I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://ironwasp.org/ironwasp.zip" target="_blank">IronWASP v0.9.7.5</a><b> </b>(.zip)</div>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<div style="text-align: justify;">
<b><span style="font-family: "Courier New",Courier,monospace;">wget http://blog.anantshri.info/content/uploads/2013/01/ironwasp_installer.sh.txt -O ~/ironwasp_installer.sh && sh ~/ironwasp_installer.sh </span></b></div>
<div style="text-align: justify;">
<b>Mac :: </b>IronWASP runs on Mac with <a href="http://www.codeweavers.com/products/">CrossOver</a>.</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://ironwasp.org/">http://ironwasp.org/</a></div>

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testin...

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dllhijackauditor" border="0" height="303" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600-rw/dllhijackauditor_screenshot1_main_small.jpg" title="dllhijackauditor" width="400" /></a></div>
<div style="text-align: justify;">
<b>Dll Hijack Auditor</b> is the smart tool to <b>Audit against the Dll Hijacking Vulnerability</b> in any <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> application. This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> which can allow any attacker to completely take over the system. DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.<br /><br />With its simple <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI interface</a> <b>DllHijackAuditor</b> makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application. <b>DllHijackAuditor</b> is a standalone portable application which also comes with Installer for local Installation & Uninstallation of software. </div>
<div style="text-align: justify;">
It works on wide range of platforms starting from Windows XP to latest operating system, Windows 8.<br /><h3>
Features ::</h3>
<ul>
<li>Here are some of the smart features of<b> DllHijackAuditor,</b></li>
<li>Directly & Instantly audit any Windows Application.</li>
<li>Allows complete testing to uncover all Vulnerable points in the target Application</li>
<li>Smart <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">Debugger</a> based 'Interception Engine' for consistent and efficent performance without intrusion.</li>
<li>Support for specifying as well as auditing of application with custom & multiple Extensions.</li>
<li>Timeout Configuration to alter the waiting time for each Application.</li>
<li>Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.</li>
<li>GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.</li>
<li>Does not require any special privilege for auditing of the application (unless target application requires)</li>
<li>Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.</li>
<li>Fully portable tool which can be run directly on any system.</li>
<li>Support for local Installation and uninstallation of the software. </li>
</ul>
<h3>
Tutorials :: </h3>
</div>
<div style="text-align: justify;">
<b>Installation & Uninstallation ::</b><br />It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)</div>
<div style="text-align: justify;">
<br />[Windows 32 bit]<br />C:\Program Files\SecurityXploded\DllHijackAuditor<br /><br />[Windows 64 bit]<br />C:\Program Files (x86)\SecurityXploded\DllHijackAuditor<br /><br /><b>How to use ::</b><br /><ul>
<li>Here are simple tests to use <b>DllHijackAuditor</b> for auditing of any Windows application.</li>
<li>Launch the DllHijackAuditor after copying it or installing it on your local system. </li>
<li>Now click on 'Browse' button to select application and then click on 'Start Audit' to begin the operation.</li>
<li>Next click on 'Exploit' button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.</li>
<li>Finally click on 'Report' button to generate complete Audit report. </li>
</ul>
You can tick the check box ( 'Do not terminate application' ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that <b>DllHijackAuditor</b> will continue with auditing operation.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video :: </b></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBXGA8eMrT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<b> </b></div>
<div style="text-align: justify;">
<h3>
<b>Download ::</b></h3>
</div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://securityxploded.com/download-file.php?id=7777" target="_blank">DLL Hijack Auditor v3.0 </a><b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://securityxploded.com/dllhijackauditor.php">http://securityxploded.com/dllhijackauditor.php</a></div>

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

Dll Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is one of the c...

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320-rw/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the  <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a>  security issues. Beside security related information it will also scan  for general system information, installed packages and possible  configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based  systems. It scans the system by performing many security control checks,  looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the  end of the scan it will provide the warnings and suggestions to help  you improving the security defense of your systems.<br />
<br />
This software aims in assisting automated  auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and  <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without  prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a>  stick, cd/dvd).<br />
<br />
<b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br />
<br />
<b>Intended audience:</b><br />
Security specialists, penetration testers, system auditors, system/network managers.<br />
<br />
<b>Examples of audit tests:</b><br />
- Available authentication methods<br />
- Expired SSL certificates<br />
- Outdated software<br />
- User accounts without password<br />
- Incorrect file permissions<br />
- Configuration errors<br />
- Firewall auditing<br />
<br />
<b>Current state:</b><br />
Stable releases are available, development is active.<br />
<h3>
Tutorials :: </h3>
<b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
<b>Download </b></h3>
<b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div>
</div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

iScan Online :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="iscan logo online " border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeslw6s4bc1vdJpAy_EBblVvuVFaHURRWxOkNzjUnX9V89kGe-adrQQhV7XBSPrnczstoi85guEuodmRteZGABDY-ALPPiGYapmKUWj2XLLvFzmZ0CHTSFwsYTyffYtCtRHMwmzMDQPNqj/s1600-rw/iscan+online+logo.png" title="iscan logo online " /></div>
<div style="text-align: justify;">
<b>iScan Online</b> is the <i>vulnerability scanning solutions for  Computing and Mobility.</i> <b>iScan Online</b> delivers its <i><a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a></i>   through a <b>browser plugin, native mobile app</b> or alternatively as a  downloadable <a href="http://www.toolwar.com/search/label/CLI" target="_blank">CLI</a> executable.<br />
<br />
For BYOD environments, HTML and  Javascript snippets are provided to scan any laptop or <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile device</a>  connecting to a network and/or <a href="http://www.toolwar.com/search/label/Web" target="_blank">web </a>application.<br />
<br />
Data is submitted  to the cloud console where HTML, CSV and <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> reports are available.  JSON data is readily available with the RESTful API.<br />
<br />
Supported  platforms covered for vulnerability and data discovery scanning are:   <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>, <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a> and Apple iOS. Desktops, Servers, Smartphones  and Tablets supported.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/SIIbrXW8ZMg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Android (Play Store) ::</b> <a href="https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid" target="_blank">https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid </a></div>
<div style="text-align: justify;">
<b>Official Website & Online Plugins ::</b> <a href="https://www.iscanonline.com/" target="_blank">https://www.iscanonline.com/</a></div>
<div style="text-align: justify;">
<b>Submitted By ::</b> iScan Online </div>

iScan Online :: Tools

iScan Online is the vulnerability scanning solutions for Computing and Mobility. iScan Online delivers its vulnerability scanning ...

Beast-Check (SSL/TLS BEAST Vulnerability Check) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPX99p7OpWXx86CRPoDgco35kA8zXAjBG_l0dAQqBWT0feEqj9A1w1aPOcGpyS0DbdryxrvPzF4dTTNWY5ygzT9bP3hy9j04M3iACwFr6i2ykH2cC2G1p5-gauXZ_gz_9gWFAsUToI4Bik/s1600/beast-check+vulnerability+scanner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="beast-check vulnerability scanner" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPX99p7OpWXx86CRPoDgco35kA8zXAjBG_l0dAQqBWT0feEqj9A1w1aPOcGpyS0DbdryxrvPzF4dTTNWY5ygzT9bP3hy9j04M3iACwFr6i2ykH2cC2G1p5-gauXZ_gz_9gWFAsUToI4Bik/s640-rw/beast-check+vulnerability+scanner.jpg" title="beast-check vulnerability scanner" width="640" /></a></div>
<div style="text-align: justify;">
<b>Beast-Chec</b>k is a small <i>perl script</i> that <i>checks a target server</i> whether it is <i><b>prone to  BEAST <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a></b></i> via target preferred cipher. It assumes no  workaround (i.e. EMPTY FRAGMENT) applied in target server. Some sources  said this workaround was disabled by default for compatibility reasons.  This may be the reason why RC4 ciphersuite was widely chosen as highest  preferred ciphersuite for the primary workaround. </div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div style="text-align: justify;">
<span style="font-size: large;">Uses ::  </span></div>
<pre class="prettyprint"><span class="pln">$ </span><span class="pun">./</span><span class="pln">beast</span><span class="pun">.</span><span class="pln">pl
</span><span class="pun">===============================================</span><span class="pln">

port </span><span class="pun">=</span><span class="pln"> </span><span class="lit">443</span><span class="pln"> </span><span class="kwd">by</span><span class="pln"> </span><span class="kwd">default</span><span class="pln"> </span><span class="pun">{</span><span class="pln">optional</span><span class="pun">}</span></pre>
<pre class="prettyprint"><span class="pun"> </span></pre>
<div class="prettyprint">
<span style="font-family: inherit;"><span style="font-size: small;"><span class="pun"><b>Example :: Scanning Google</b></span></span></span></div>
<pre class="prettyprint"><span class="pun"><b><span class="pln"> </span></b></span></pre>
<pre class="prettyprint"><span style="background-color: white;"><span class="pun"><span class="pln">$ </span><span class="pun">./</span><span class="pln">beast</span><span class="pun">.</span><span class="pln">pl www</span><span class="pun">.</span><span class="pln">google</span><span class="pun">.</span><span class="pln">com
</span><span class="pun">===============================================</span><span class="pln">

SSL</span><span class="pun">/</span><span class="pln">TLS BEAST </span><span class="typ">Vulnerability</span><span class="pln"> </span><span class="typ">Check</span><span class="pln">
 </span><span class="kwd">by</span><span class="pln"> YGN </span><span class="typ">Ethical</span><span class="pln"> </span><span class="typ">Hacker</span><span class="pln"> </span><span class="typ">Group</span><span class="pun">,</span><span class="pln"> http</span><span class="pun">:</span><span class="com">//yehg.net/</span><span class="pln">
</span><span class="pun">===============================================</span><span class="pln">
</span><span class="typ">Target</span><span class="pun">:</span><span class="pln"> www</span><span class="pun">.</span><span class="pln">google</span><span class="pun">.</span><span class="pln">com</span><span class="pun">:</span><span class="lit">443</span><span class="pln">
</span><span class="com">## The target is NOT vulnerable to BEAST attack. ##</span><span class="pln">
</span><span class="typ">Protocol</span><span class="pun">:</span><span class="pln"> TLS v1</span><span class="typ">Server</span><span class="pln"> </span><span class="typ">Preferred</span><span class="pln"> </span><span class="typ">Cipher</span><span class="pun">:</span><span class="pln"> ECDHE</span><span class="pun">-</span><span class="pln">RSA</span><span class="pun">-</span><span class="pln">RC4</span><span class="pun">-</span><span class="pln">SHA</span><span class="typ">Vulnerable</span><span class="pun">:</span><span class="pln"> NO</span>  </span></span></pre>
<pre class="prettyprint"><span style="background-color: white;"><span class="pun"> </span></span></pre>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/4uCn1bjEC7s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<pre class="prettyprint"><span style="background-color: white;"><span class="pun"> </span></span></pre>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b><span style="font-size: small;">Linux & Windows :: </span></b><a href="http://beast-check.googlecode.com/files/beast.pl" target="_blank">Beast-Check </a>(Perl Script)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://yehg.net/">http://yehg.net/</a></div>

Beast-Check (SSL/TLS BEAST Vulnerability Check) :: Tools

Beast-Chec k is a small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred ciphe...

Flunym0us (Wordpress Vulnerability Scanner) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRufBOKc1OhlATweF2T2DA6RzQ1RaW4teULU82vacYOyWYROE7IcTk2iaaqm8nd8OaWbZQKEKAcmX1x6UG1k6hOByiwXeU2uE2jDdkKAfuxwxAxBHilBRXcwC9kgA0aZyHPjIMuJhyphenhyphenDCN5/s1600/wordpress+vulnerability+scanner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Wordpress Vulnerability Scanner" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRufBOKc1OhlATweF2T2DA6RzQ1RaW4teULU82vacYOyWYROE7IcTk2iaaqm8nd8OaWbZQKEKAcmX1x6UG1k6hOByiwXeU2uE2jDdkKAfuxwxAxBHilBRXcwC9kgA0aZyHPjIMuJhyphenhyphenDCN5/s400-rw/wordpress+vulnerability+scanner.jpg" title="Wordpress Vulnerability Scanner" width="400" /></a></div>
<br />
<b>Flunym0us</b> is a <i><b>Vulnerability <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Scanner</a> for Wordpress and Moodle</b></i> designed by Flu Project Team. <b>Flunym0us</b>  has been developed in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.<b> Flunym0us</b> performs dictionary attacks  against <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> sites. By default, <b>Flunym0us</b> includes a dictionary for  <b>Wordpress </b>and other for Moodle. </div>
<h3>
Tutorials :: </h3>
<b>Flunym0us requires python. Arguments allowed: </b><br />
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-h, --help: Show this help message and exit  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-wp, --wordpress: Scan WordPress site  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-mo, --moodle: Scan Moodle site  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-H HOST, --host HOST: Website to be scanned  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-t TIMEOUT, --timeout TIMEOUT: Connection timeout  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-r RETRIES, --retries RETRIES: Connection retries  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-p PROCESS, --process PROCESS: Number of process to use  </span></blockquote>
<blockquote>
<span style="font-family: "Courier New",Courier,monospace;">-T THREADS, --threads THREADS: Number of threads (per process) to use  </span></blockquote>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/qDeHQYbFuxM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
<span style="font-family: inherit;">Download ::</span> </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://flunym0us.googlecode.com/files/flunym0us2.0.tar.gz" target="_blank">Flunym0us.tar.gz</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.flu-project.com/</div>

Flunym0us (Wordpress Vulnerability Scanner) :: Tools

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python ...

Bizploit (ERP Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="onapsis logo" border="0" height="157" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6I42nzkLY76YbK6quX_PVYjdXrZ8ZpxDui0742p564fJp9gziwUTmwc3CRFGoTz5et3sDfyb3dBOMb7o0I9stsuh20N8o7GqsAhA_mdKp5AO_osq2EkqNGSDHp9JvasUAXoL_9P3L4Ce/s400-rw/onapsis+logo.png" title="onapsis logo" width="400" /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
<b>Bizploit</b> is the first Opensource <i>ERP Penetration Testing framework</i>. 
Developed by the <b>Onapsis Research Labs,</b> <b>Bizploit</b> assists security 
professionals in the discovery, exploration, vulnerability assessment 
and exploitation phases of specialized <b>ERP Penetration Tests</b>.<br />
Currently, <b>Bizploit</b> is shipped with many plugins to assess the security 
of SAP business platforms. Plugins for other popular ERPs will be 
included in the short term.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-linux-1-5">Bizploit v1.50-rc1</a></div>
<div style="text-align: justify;">
<b>Windows ::</b> <a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-win32-1-5">Bizploit v1.50-rc1</a><br />
<b>Official Website :: </b><a href="http://www.onapsis.com/">http://www.onapsis.com</a>/</div>

Bizploit (ERP Penetration Testing) :: Framework

Bizploit is the first Opensource ERP Penetration Testing framework . Developed by the Onapsis Research Labs, Bizploit assists secur...

CSRFTester (CSRF Vulnerability Tester) :: Tools

<div style="text-align: justify;">
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s1600/CSRF-tester+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="csrf tester screenshot" border="0" height="250" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s400-rw/CSRF-tester+screenshot.png" title="csrf tester screenshot" width="400" /></a> </div>
<b>OWASP CSRFTester</b> is a tool for <b>testing CSRF vulnerability in websites</b>. Just when developers are starting to run in circles over Cross Site  Scripting, the 'sleeping giant' awakes for yet another web-catastrophe.<b>  Cross-Site Request Forgery (CSRF) </b>is an attack whereby the victim is  tricked into loading information from or submitting information to a web  application for which they are currently authenticated. The problem is  that the web application has no means of verifying the integrity of the  request. The <b>OWASP CSRFTester </b>Project attempts to give developers the  ability to test their applications for CSRF flaws. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Luocnr0t8_o?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Zip :: </b><a href="https://www.owasp.org/images/0/08/CSRFTester-1.0.zip" target="_blank">CSRFTester-1.0.zip</a><br />
<b>Official Website :: </b> <a href="https://www.owasp.org/">https://www.owasp.org/</a></div>

CSRFTester (CSRF Vulnerability Tester) :: Tools

OWASP CSRFTester is a tool for testing CSRF vulnerability in websites . Just when developers are starting to run in circles over Cross...

Subscribe to: Comments ( Atom )