Tuesday, May 13, 2014

Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner is designed to audit web applications with the objective of discovering security vulnerabilities that an attacker could abuse to gain access to a particular system and its data.



This mature vulnerability scanner is capable of discovering a host of vulnerabilities, including (but not limited to) Cross Site Scripting (XSS), SQL injections, and weak passwords.

Acunetix Web Vulnerability Scanner boasts the following features:

  • AcuSensor Technology
  • Advanced and in-depth SQL injection and Cross Site Scripting (XSS) testing capabilities
  • Advanced penetration testing tools such as HTTP Editor and HTTP Fuzzer
  • Support for two-factor authentication, single sign-on, and CAPTCHA pages
  • Extensive reporting that includes reports on PCI Compliance
  • Multi-threaded and fast scanning capabilities providing it with the ability to process thousands of pages with ease
  • Crawler capable of detecting web server type, application language, and smartphone-optimized web applications
  • Capable of scanning and analyzing HTML5, SOAP, and AJAX based web applications
  • Port scans web servers and performs security checks against network services running on the server.

Acunetix is now available as an Online Vulnerability Scanner and is also available for download here

Source: Acunetix and cccure.org

Thursday, February 13, 2014

Skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.



Key features: 

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. 
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. 

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. 

Download the latest version of Skipfish here

Detailed project documentation available here

Source: Skipfish 

Thursday, February 6, 2014

Netsparker - The False Positive Free Web Application Security Scanner

Netsparker is said to be the only false-positive-free web application security scanner. Its ease of use permits a penetration testers to simply point it at their website(s) to automatically discover security flaws.

Netsparker


This tool is capable of crawling, attacking, and identifying vulnerabilities in all custom web applications, irregardless of the platform and technologies used to build it - just like a an actual attacker.

It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it. For example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.

The latest version of Netsparker - V 3.2 was released on 22nd January 2014.

The new version includes several new features, improvements that make web vulnerability scans more efficient and also a number of bug fixes. The main highlight of this version is the web services scanner; Netsparker users can now scan and identify vulnerabilities and security issues in web services automatically and easily with Netsparker.

Download the 15 day trial edition of Netsparker Web Application Security Scanner here.

The FREE Community Edition, which is a SQL Injection Scanner is available for download here.

Source: Netsparker and Toolswatch.


Tuesday, February 4, 2014

Wapiti: The Vulnerable Web Application Scanner

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti


Wapiti can detect the following vulnerabilities :
  • File disclosure (Local and remote include/require, fopen, readfile...)
  • Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
  • XSS (Cross Site Scripting) injection (reflected and permanent)
  • Command Execution detection (eval(), system(), passtru()...)
  • CRLF Injection (HTTP Response Splitting, session fixation...)
  • XXE (XmleXternal Entity) injection
  • Use of know potentially dangerous files (thanks to the Nikto database)
  • Weak .htaccess configurations that can be bypassed
  • Presence of backup files giving sensitive information (source code disclosure)


Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart and can inject payloads in filenames (upload) and displays a warning when an anomaly is found (for example 500 errors and timeouts) makes the difference beetween permanent and reflected XSS vulnerabilities.

General features :
  • Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
  • Can suspend and resume a scan or an attack
  • Can give you colors in the terminal to highlight vulnerabilities
  • Different levels of verbosity
  • Fast and easy way to activate/deactivate attack modules
  • Adding a payload can be as easy as adding a line to a text file

Browsing features:
  • Support HTTP and HTTPS proxies
  • Authentication via several methods : Basic, Digest, Kerberos or NTLM
  • Ability to restrain the scope of the scan (domain, folder, webpage)
  • Automatic removal of a parameter in URLs
  • Safeguards against scan endless-loops (max number of values for a parameter)
  • Possibility to set the first URLs to explore (even if not in scope)
  • Can exclude some URLs of the scan and attacks (eg: logout URL)
  • Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools)
  • Can activate / deactivate SSL certificates verification
  • Extract URLs from Flash SWF files
  • Try to extract URLs from javascript (very basic JS interpreter)
  • HTML5 aware (understand recent HTML tags)
Wapiti is a command-line application.
Here is an exemple output against a vulnerable web application.
You may find some useful information in the README and the INSTALL files.
Download Wapiti here
Source: Sourceforge

Sunday, February 2, 2014

Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.

Wireshark Logo





Wireshark is cross-platform, using the GTK+ widget toolkit in current releases, and Qt in the development version, to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including GNU/Linux, OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.


Wireshark allows the user to put network interface controllers that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all of the traffic travelling through the switch will necessarily be sent to the port on which the capture is being done, so capturing in promiscuous mode will not necessarily be sufficient to see all traffic on the network. Port mirroring or various network taps extend capture to any point on the network. Simple passive taps are extremely resistant to tampering.

On Linux, BSD, and OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also put wireless network interface controllers into monitor mode.

Download Wireshark here

Source: Wikipedia

Tuesday, January 14, 2014

w3af: Web Application Attack and Audit Framework

The Web Application Attack and Audit framework, also referred to as w3af, was developed by Andres Riancho in March 2007 and is released as an open-source web application security scanner. Since July 2010, it has been announced that w3af was sponsored by and partnered with Rapid7.



At its core is a vulnerability scanner and exploitation tool aimed at auditing the security of web applications. This free tool is written in Python and is commonly used by penetration testers to provide information pertaining to security vulnerabilities of a particular web application.

This scanner is capable of identifying a mass of web application vulnerabilities with its extensive range of more than 130 plug-ins. Once identified, penetration testers may exploit vulnerabilities such as blind SQL injections, OS commanding, remote file inclusions (PHP), cross site scripting (XSS), as well as unsafe file uploads as a means of gaining access to the remote system.

The plugins available for w3af are categorised as follows:

  • Discovery
  • Audit
  • Grep
  • Attack
  • Output
  • Mangle
  • Evasion
  • Bruteforce


w3af is supported on a host of operating systems including Microsoft Windows, Linux, and Mac OS X, FreeBSD and OpenBSD and can be operated via graphical user interface (GUI) or command line interface (CLI). While older versions of the scanner had a fully working installer for Windows, the latest version has not been tested on this platform.

The project initially used Sourceforge as its base of operations, but have since migrated to Github. 

Linux, Mac, and BSD users may download the source from w3af's Github repository as follows:

git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui

After downloading the source and running the commands above, a list of unmet dependencies will be listed along with the commands to be executed in order to install them. Once these have been installed, w3af can be executed via the following command 

w3af_gui

If you prefer to run w3af via console or command line, execute w3af_console and install the required dependencies.

More information on w3af can be found at the following site dedicated to the project: http://w3af.org

Thursday, February 21, 2013

Yersinia


Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.



Currently, there are some network protocols implemented, but others are coming (tell us which one is your preferred). Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):
  • Spanning Tree Protocol (STP)
  • Cisco Discovery Protocol (CDP)
  • Dynamic Trunking Protocol (DTP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • IEEE 802.1Q
  • IEEE 802.1X
  • Inter-Switch Link Protocol (ISL)
  • VLAN Trunking Protocol (VTP)
Download Yersinia here