AdminLoginFnder is a perl script that scans webservers for administrative login / control panel sections.
c6352f572295348d638d3e75f43a032da8cb5d74c8e64a799be012aef074e564WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
1c9176931e9eb16200b5f597d7e02aa077d50ac84bc99faa3d877cb9a2fa7907Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
4f7aab33039ef0826cbb1473f80c7de5c0319bb5c435c94688e44069e395bcd8WebEnum is a tool to enumerate http responses to dynamically generated queries. It is a flexible universal tool to perform penetration testing on web servers. It's useful for guessing resource names and columns size in SQL injection, bruteforce web accounts and passwords, discovery web directories and files, fuzz HTTP requests including GET, POST and HTTP Header, and audit webserver behaviours generating multiple HTTP requests.
96f96eb0922e314f7f118166ad01b8b86180e3bc6fde7ae95205f299e1056956Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the "Search Engine Reconnaissance" section of the OWASP Testing Guide version 3.
42571e3120e00887108e79161991c1e09c0a3fb72178bd4a81286effe45c918fWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
cdeb79db86c92b37ee6aef9f12f6a6178982e75ecd8468ae3754bfb915c35df1This is a simple script that attempts to check if a CGI script suffers from an input validation command execution vulnerability.
ee39234eb7bfde6be7b06a471b85c22615c756334e75f9853f44970c002c335bIPv6 Hacking - IPv6 enumeration tool. Supports host enumeration, TCP port scanning, and find AAAA IPv6 host record.
babbfce2ca0a7c77ef1a1ff338b745d7f23442aaeba6097deebbd34f69e4d102WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
7266766b712bc00e0299f97a39549b351e1594a72c96c91399a2d01357ce289dUmap (UPNP Map) attempts to scan open TCP ports on the hosts behind a UPNP enabled Internet Gateway Device(IGD) NAT. It sends SOAP requests to map ports and then attempts to connect to the mapped ports discovering hosts and services behind the device's NAT.
8e483e902d0fd518df5635f2f6c1c2075aa43ca5cda810b93e7ba1ebec756e3fScannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
89e9edf66437efedf5fad8134fc523e4293b7917f1b8346840c540c6dbdfa9ffPadding Oracle Exploit Tool (POET). This tool demonstrates a powerful side-channel attack known as the padding oracle attack.
c5777abae995bdbc2b61ee3cdec92eb8df6ec1f9f3399908c8c1f9437adba0e0Simple Log File Analyzer is a tool that looks for different attack attempts in Apache2 access logs. Written in Python.
dc83d6b8d40632e18697f4392d2309499e45fec75ed2aede879735ffae1421deiScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages.
d4c9d2d99009583dad4b5bbf6475c12f5129ef7ea541f342fd1848abe5f98f0bSimple SQL Injection Vulnerability Scanner is a tool that helps you find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Written in Python.
96063e29053ad04993390a1466220d3646a0934ad8abc17d8811741f2145659aWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
0ac0df0abf6e8e36d2d884fa1131410d54795f793c79a33b866246e2069bd4b7This tool is called the Automated Joomla SQL Injection Exploiter.
b7a442a7e45bc0b1442049e0a08758e0b677ea61b0b13261acede0d565aa4984Darkjumper is a scanner that checks for SQL injection, local file inclusion, and remote file inclusion vulnerabilities.
0f037590da60c4f1aa9f6ddc5b8eb9332328e3aa64a7ceecedef30769b52a22csqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
8646406446808a3bf250d6247fa27345d4552b9e67a4c5257c33719a579ff644iScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages.
8cac6c9a5c49b87e3a7190d441bba01a1173469b816326f9286f03b8ef38d46fWhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
de9e6e8be69942bfb60ac6211dab149dbee1f67f0217105def741a0f6804663aWhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 70 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
aceeab845573c4cd8661eb2c47f2086cfd6616595069ba6227bdfd86bf423c08This Ruby script scans a given site looking for administrator login pages.
4807fc91ca699c013d3390a37be1c780e241a1029fe00cbc5dffd54990d56312This tarball has a couple of bash scripts that use netcat to brute force ftp and scan for local and remote file inclusion vulnerabilities.
e19a0914b0f6880f78c49d6c67f5ecd55462ffd15303f6b5a94f170bc503365bScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
7fb576e16c3f05c9be726475382cdbd4c91cdb4277029e92a5cdccf479c2f3eb
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed