Thursday, 10 November 2016

F-Scrack service weak password detection script

  1. Write a python function <br> lightweight weak password detection script, currently supports the following services: FTP, MYSQL, MSSQL, MONGODB , REDIS, TELNET, ELASTICSEARCH, POSTGRESQL. 
  2. Features <br> command-line, single-file, green, easy to use in each case.
    Without any external library and external program support, all protocols are used socket and built-in library for testing.
    Compatible OSX, LINUX, WINDOWS, Python 2.6 + (lower version of your own tests, theoretically can run). 
  3. Parameter Description
    Python -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]
    -h must enter the parameters to support ip (, ip segment (192.168.1), ip range specified (, ip list file (ip.ini), limit up to one scan 65,535 IP.
    -p Specifies that multiple ports be used, such as 1433, 3306, 5432, to scan the port list. Unspecified Scanning with built-in default port (21,23,1433,3306,5432,6379,9200,11211,27017)
    -m Specifies the default thread count of 100 threads
    -t Specifies the time-out for the request.
    -d Specifies the password dictionary.
    -n Do not perform live detection (ICMP) to scan directly.   
  4. Use examples
    Python -h 10.111.1
    Python -h -d pass.txt
    Python -h -p 3306,5432 -m 200 -t 6
    Python -h ip.ini -n    
  5. Special Statement <br> This script is only available for authorized penetration testing as well as its own security detection.
    This script is for learning and use only, is free to improve, forbidden to extract to join any commercial product.   

How to install and use : 

Download tool :

Tuesday, 8 November 2016

XSS Scanner

Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.


As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

How to use 

Download tool :

Wednesday, 2 November 2016

vBulletin Vulnerability Scanner


OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . 

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

  • Project Leader : Mohammad Reza Espargham                                                                           
  •     How to use  :

Download Tool :

Tuesday, 1 November 2016

An open source XSS vulnerability scanner.

anti-XSS is an open source XSS scanning tool which comes with a powerful detection engine. It automates the process of detecting as well as mining XSS scripts and generate the scanning report automatically.


How to install   

Download Tool :

Sunday, 23 October 2016

Jboss verify and EXploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.  


The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.

The exploitation vectors are:

  • /admin-console [ NEW ]
    • tested and working in JBoss versions 5 and 6
  • /jmx-console
    • tested and working in JBoss versions 4, 5 and 6
  • /web-console/Invoker
    • tested and working in JBoss versions 4
  • /invoker/JMXInvokerServlet
    • tested and working in JBoss versions 4 and 5   

How to use :    

Download Tool :