Thursday, 10 November 2016

F-Scrack service weak password detection script




  1. Write a python function <br> lightweight weak password detection script, currently supports the following services: FTP, MYSQL, MSSQL, MONGODB , REDIS, TELNET, ELASTICSEARCH, POSTGRESQL. 
  2. Features <br> command-line, single-file, green, easy to use in each case.
    Without any external library and external program support, all protocols are used socket and built-in library for testing.
    Compatible OSX, LINUX, WINDOWS, Python 2.6 + (lower version of your own tests, theoretically can run). 
  3. Parameter Description
    Python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]
    -h must enter the parameters to support ip (192.168.1.1), ip segment (192.168.1), ip range specified (192.168.1.1-192.168.1.254), ip list file (ip.ini), limit up to one scan 65,535 IP.
    -p Specifies that multiple ports be used, such as 1433, 3306, 5432, to scan the port list. Unspecified Scanning with built-in default port (21,23,1433,3306,5432,6379,9200,11211,27017)
    -m Specifies the default thread count of 100 threads
    -t Specifies the time-out for the request.
    -d Specifies the password dictionary.
    -n Do not perform live detection (ICMP) to scan directly.   
  4. Use examples
    Python Scrack.py -h 10.111.1
    Python Scrack.py -h 192.168.1.1 -d pass.txt
    Python Scrack.py -h 10.111.1.1-10.111.2.254 -p 3306,5432 -m 200 -t 6
    Python NAScan.py -h ip.ini -n    
  5. Special Statement <br> This script is only available for authorized penetration testing as well as its own security detection.
    This script is for learning and use only, is free to improve, forbidden to extract to join any commercial product.   

How to install and use : 






Download tool : https://goo.gl/aayb1P

Tuesday, 8 November 2016

XSS Scanner

Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

Vulnerable

As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

How to use 



Download tool : https://goo.gl/0bLt5d

Wednesday, 2 November 2016

vBulletin Vulnerability Scanner

OWASP VBScan

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . 

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

  • Project Leader : Mohammad Reza Espargham                                                                           
  •     How to use  :




Download Tool : https://goo.gl/vHEV9o

Tuesday, 1 November 2016

An open source XSS vulnerability scanner.


anti-XSS is an open source XSS scanning tool which comes with a powerful detection engine. It automates the process of detecting as well as mining XSS scripts and generate the scanning report automatically.


Requirements



How to install   





Download Tool : https://goo.gl/sigm58

Sunday, 23 October 2016

Jboss verify and EXploitation Tool


JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.  


Features 

The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.

The exploitation vectors are:

  • /admin-console [ NEW ]
    • tested and working in JBoss versions 5 and 6
  • /jmx-console
    • tested and working in JBoss versions 4, 5 and 6
  • /web-console/Invoker
    • tested and working in JBoss versions 4
  • /invoker/JMXInvokerServlet
    • tested and working in JBoss versions 4 and 5   

How to use :    





Download Tool : https://goo.gl/ONnBQv