Wednesday, January 30, 2013

SQLSentinel v0.3 - OpenSource tool for sql injection security testing


SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities

SQLSentinel github:
https://github.com/karonte691/sqlsentinel

SQLSentinel Web Site

Download SQLSentinel_v_0.3.zip (2.1 MB)
Download other version

Source-
http://sourceforge.net/projects/sqlsentinel/

at No comments:

Tuesday, January 29, 2013

inspathx - Path Disclosure Finder

A tool that uses local source tree to make requests to the url and search for path inclusion error messages. It's a common problem in PHP web applications that we've been hating to see. We hope this tool triggers no path disclosure flaws any more. See our article about path disclosure.

 http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt

 Report bugs/suggestions to inspathx at yehg dot net.

 WHY
Web application developers sometimes fail to add safe checks against authentications, file inclusion ..etc are prone to reveal possible sensitive information when those applications' URLs are directly requested. Sometimes, it's a clue to Local File Inclusion vulnerability. For open-source applications, source code can be downloaded and checked to find such information.

 This script will do this job.

 First you have to download source archived file of your desired OSS.
Second, extract it.
Third, feed its path to inspath
The inspath takes

 -d, --dir /source/app set source code directory/source path definition file of application Required
-u, --url http://site.com/ set url if -g option is not specified
-t, --threads 10 set thread number(default: 10)
-l, --language php set language [php,asp,aspx,jsp,jspx,cfm,all] (default all - means scan all)
-x, --extension php set file extensions (php4,php5,...) default regex: php4,php5,php6,php,asp,aspx,jsp
,jspx,cfm

 -m, --method TYPE http method get/post (default: get)
-h, --headers HEADERS add http header
-q, --data DATA http get/post data
-n, --null-cookie add null session cookie (no need to specify cookie name)
-f, --follow follow http redirection
-p, --param-array identify parameters in target url,make 'em array (value: 1 for , 2 for ,
3 for , n .... *n) <note: --data value untouched>
-r, --regexp REGEXP specify your own regexp to search in returned responses
-g, --gen FILE read source directory (-d) & generate file list so next time you can feed this file path in -d option instead of source directory.
--rm remove source directory used to generate path file list.
-c, --comment STRING comment for path definition file to be used with -g and -d options. date is automatically appended.
--x-p show only paths in console and write them to file with path_vuln.txt surfix. This does not contain target url portion.
--xp alias to --x-p
-s, --search STRING search path definition files in paths/ & paths_vuln/ directories.
See the sample logs in sample_logs folder - scan logs of latest mambo and wordpress applications

 Similar terms: Full Path Disclosure, Internal Path Leakage

 SUPPORTED LANGUAGES
PHP
ASP(X)
JSP(X)
ColdFusion
HOW
ruby inspathx.rb -u http://localhost/wordpress

 ruby inspathx.rb -u http://localhost/wordpress -p 1

 ruby inspathx.rb -d /sources/wordpress -u http://localhost/wordpress

 ruby inspathx.rb -d /sources/wordpress -g paths/wordpress-3.0.4

 ruby inspathx.rb -d paths/wordpress-3.0.4 -u http://localhost/wordpress

 ruby inspathx.rb -d c:/sources/wordpress -u http://localhost/wordpress -t 20 -l php

 ruby inspathx.rb -d /sources/jspnuke -u http://localhost/jspnuke -t 20 -l jsp -x jsp,jspx -n

 See EXAMPLES for more information.

 DOWNLOAD/UPDATE
We love svn. Check it out at
svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx-read-only

 SAMPLE LOGS
Mambo 4.6.5 http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_mambo_.log
WordPress 3.0.1 http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_wp_.log

 REFERENCES
http://www.owasp.org/index.php/Full_Path_Disclosure
http://projects.webappsec.org/Information-Leakage
http://cwe.mitre.org/data/definitions/209.html

 Use portable bash versions if you wish:
http://www.pentesterscripting.com/discovery/web_requester
http://www.pentesterscripting.com/exploitation/bash_web_parameter_fuzzer

 Source-
http://code.google.com/p/inspathx/
at No comments:

GNS3 0.8.4 RC1 released

GNS3 0.8.4 RC1 is now released. This is the last step before a final release and last chance to catch bugs.
Here is a quick list of the changes:
  • GUI improvements.
  • Drag & drop of multiple devices when pressing SHIFT.
  • Temporary projects are created by default.
  • Winpcap compatibility mode set in all-in-one, allowing it to be installed on Windows 8
  • Dynamips 0.2.8-RC5-community is now default on Windows.
  • Qemu 1.3 can be installed from the all-in-one (experimental). Qemu 0.11.0 is still the default.
  • Qemu 0.11.0 integrated to the DMG for Mac OS X (used by default).
  • Qemu 0.14.1 integrated to the DMG for Mac OS X.
  • Qemu monitor (to pause/resume) and user backend options (experimental).
  • Support for multiple flavors of Qemu: sparc, arm, i386, x86_64
  • SuperPutty command line support.
  • SuperPutty in all-in-one on Windows (optional).
  • VirtualBox interface numbering starts at 0 (e.g. e0 = VirtualBox interface 1 = eth0 on Linux).
  • Dash is now accepted for hostnames.
  • Fixed issues with ports reported as already in use.
  • Gray out VLAN box when selecting dot1q port type in Ethernet Switch.
  • Default delay for console adjusted from 0.5 to 1 second.
  • Default base console is now 2101 instead of 2001
  • Changed Dynamips default base UDP from 10000 to 10001
  • Mouse wheel scrolls the scene by default + options to deactivate the wheel or use it for zooming
  • Support for 36 network cards in VirtualBox (using ICH9 chipset)
  • Patching for Dynagen (see topic5659.html for details)
  • Wrappers improvements all over the place.
  • New baseconfig.txt
  • New option to save traffic capture in project directories.
  • Experimental auto IDLE PC calculation feature (requires Dynamips 0.2.8-RC5, included in Windows all-in-one and OSX DMG).
  • ASA pre-configuration.
Download it here: GNS3 0.8.4 RC1
Or by visiting http://www.gns3.net/gns3-0-8-4-rc1/
What is GNS3 ? 
GNS3 is a graphical network simulator that allows simulation of complex networks.
To provide complete and accurate simulations, GNS3 is strongly linked with:
  • Dynamips, a Cisco IOS emulator.
  • Dynagen, a text-based front end for Dynamips.
  • Qemu, a generic and open source machine emulator and virtualizer.
  • VirtualBox, a free and powerful virtualization software.
GNS3 is an excellent complementary tool to real labs for network engineers, administrators and people wanting to study for certifications such as Cisco CCNA, CCNP, CCIP and CCIE as well as Juniper JNCIA, JNCIS and JNCIE.
It can also be used to experiment features of Cisco IOS, Juniper JunOS or to check configurations that need to be deployed later on real routers.
Thanks to VirtualBox integration, now even system engineers and administrators can take advantage of GNS3 to make labs and study for Redhat (RHCE, RHCT), Microsoft (MSCE, MSCA), Novell (CLP) and many other vendor certifications.
This project is an open source, free program that may be used on multiple operating systems, including Windows, Linux, and MacOS X.
Features overview
Important notice: users have to provide their own IOS/IPS/PIX/ASA/JunOS to use in their labs with GNS3.

 Screenshot-


at No comments:

Monday, January 28, 2013

httest 2.2.13 - script based tool for testing and benchmarking web applications

httest is a script based tool for testing and benchmarking web applications, web servers, proxy servers and web browsers. httest can emulate clients and servers in the same test script, very useful for testing proxys.

 The httest provides a large variety of HTTP-related functionality, useful for implementing all kinds of HTTP-based tests. Licenced under the Apache License Version 2.0.

 Features
  • HTTP server client simulation
  • SSL support
  • IPv6 support
  • Request/response validation
  • Cut and paste from request/response
  • Execute shell commands and use output in HTTP stream
  • Lua scripting engine
  • Javascript engine
  • Full ICAP support
  • Websocket support
  • XPath support
  • NTLM authentication tool
  • SOCKS support
  • Simple SMTP support
  • Simple POP3 support
  • Distributed load test support
New httest 2.2.13 released on 25. January 2013 available. Recommended stable version.
With LuawebsocketdebuggingjavascriptXPathSSL tracing and load testing support.

Download httest-2.2.13-win.zip (3.4 MB)  updated on 26-Jan-2013

Components

Use Cases

Source-
at No comments:

UPDATE NOWASP (Mutillidae) v2.4.2 - Web Pen-Test Practice Application


NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube channel athttps://www.youtube.com/user/webpwnized. Project/video updates tweeted tohttps://twitter.com/webpwnized.

Features
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the "default" deployment.
  • Installs easily by dropping project files into the "htdocs" folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Includes bubble-hints to help point out vulnerable locations
  • System can be restored to default with single-click of "Setup" button
  • Switches between secure and insecure mode
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
  • Instructional Videos: http://www.youtube.com/user/webpwnized
  • Updates tweeted to @webpwnized

Source-



at No comments:

ESSPEE - (ESSPEE-R3 x86) Penetration Testing & Forensics

ESSPEE is a derivetive of Back | Track 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations. This version consolidates the Unity desktop interface; a brand new way to find and manage your applications.

 Features
  • A Perfect Forensics Mode - Read-Only Mount
  • A Perfect Stealth Mode - Networking Disabled
  • Latest kernel with aufs support (Kernel 3.7.4)
  • Metasploit Framework v4.6.0-dev [core:4.6 api:1.0]
  • OSSEC - Open Source Host-based Intrusion Detection System
  • Gnome-fallback Desktop Environment.
  • Gnome-Pie - All your favourite applications at single click
  • Suricata - Open Source Next Generation IDS/ IPS.
  • Snorby - Suricata IDS/IPS Monitoring Web Interface.
  • Meld - A visual diff and merge tool for compare files and directories.
  • MySQL Workbench - A visual MySQL database designing tool.
  • ESSPEE Personal Firewall - Realtime Pop-up Notification. (Thanks to Leopard Flower)
  • Net Activity Viewer - A graphical network connections viewer.
  • LOIQ - Open source network stress testing application.
  • Guymager - Forensics imaging tool (GUI)
  • Ostinato - Open-source network packet crafter/traffic generator.
  • FSlint - Find and clean various unwanted extraneous files.
  • Ruby 1.9.3p327 (2012-11-10 revision 37606)
  • Fern Wi-Fi Cracker
  • Virtualbox - Create your own virtual lab
  • Nemiver - A standalone graphical C and C++ debugger
  • Open Audit - Network inventory, audit and management tool
  • Mobile Phone Forensics tools
  • Anonymity - Tor network and many more .......
ESSPEE_R3_Live_DVD released on 26/01/2013

Download - https://docs.google.com/uc?export=download&confirm=no_antivirus&id=0B9Qo6IGWg3_qVzUzTmk1eG95QzQ MD5 - 61aa7c877568d8c109fb407b0540f0f4 Size - 3.35 GB Type - ISO (DVD) OS - Linux (Based on Ubuntu 12.04 - Precise Pangolin) Category - Network Security, Penetration testing, Forensics, Data Recovery.


Source-
http://sourceforge.net/projects/esspee/
at No comments:

Friday, January 25, 2013

SystemRescueCD 3.3.0

SystemRescueCD: Bootable CD with a complete Linux system and tools for repairing and restoring data after a system crash. It creates and edits partitions and contains system utilities such as parted, partimage and fstools, as well as basic tools such as editors and network programs. Supports both 'classic' and network file systems such as NFS and Samba.

 Download systemrescuecd-x86-3.3.0.iso (385.7 MB)
Download other versions from here

System and Networking Guides

In addition to the SystemRescueCd documentation here are other related guides:

Project documentation

This project comes with good documentation. Here are the most important chapters:
For the impatient:
  • Quick start guide: please read this if this is the first time you are using this system recovery cd.
Chapters about basic usage:
Chapters about advanced usage:

System tools included

  • GNU Parted: creates, resizes, moves, copies partitions, and filesystems (and more).
  • GParted: GUI implementation using the GNU Parted library.
  • Partimage: popular opensource disk image software which works at the disk block level
  • ddrescue: Attempts to make a copy of a partition or floppy/Hard Disk/CD/DVD that has hardware errors, optionally filling corresponding bad spots in input with user defined pattern in the copy.
  • FSArchiver: flexible archiver that can be used as both system and data recovery software
  • File systems tools (for Linux and Windows filesystems): format, resize, and debug an existing partition of a hard disk
  • Ntfs3g: enables read/write access to MS Windows NTFS partitions.
  • sfdisksaves / restores partition table (and more).
  • Test-disk: tool to check and undelete partition, supports reiserfs, ntfs, fat32, ext2/3 and many others
  • Memtest+: to test the memory of your computer (first thing to test when you have a crash or unexpected problems)
  • Rsync: very-efficient and reliable program that can be used for remote backups.
  • Network tools (Samba, NFS, ping, nslookup, ...): to backup your data across the network
Browse the short system tools page for more details about the most important software included.
Browse the detailed package list for a full list of the packages.

Advanced uses

SystemRescueCd is available for blind people. Now, the linux speakup screen reader is working well, and the speakup keymap is installed. This feature was tested by Gregory Nowak. Please note that you need SystemRescueCd-1.1.0 or later. Notes specific to using speakup in SystemRescueCD are available on the speakup info page.
It is possible to make customized versions of the CD. For example, you can add your own scripts, to make an automatic restoration of the system. It's also possible to burn a customized DVD, with SystemRescueCd and 4.2 GB for your data (backup for example). Read the manual for more details. There is a new manual chapter that explains How you can burn a DVD+RW from SystemRescueCd
You can use SystemRescueCd to backup data from an unbootable Windows computer, if you want to backup the data stored on a Windows computer that cannot boot any more.
It is very easy to install SystemRescueCd on a USB stick. That's very useful in case you can't boot from the CD drive. You just have to copy several files to the stick and run syslinux. The install process can be done from Linux or Windows. Follow instructions from the Manual for more details.
Source-
at No comments:

Recon-ng - Web Reconnaisance framework written in Python

Recon-ng is a full-featured Web Reconnaisance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.
Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the "module" class. The "module" class is a customized "cmd" interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more information.
at No comments:

Thursday, January 24, 2013

Update NOWASP (Mutillidae) v2.4.1 - Web Pen-Test Practice Application


NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube channel athttps://www.youtube.com/user/webpwnized. Project/video updates tweeted tohttps://twitter.com/webpwnized.

Features

  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the "default" deployment.
  • Installs easily by dropping project files into the "htdocs" folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Includes bubble-hints to help point out vulnerable locations
  • System can be restored to default with single-click of "Setup" button
  • Switches between secure and insecure mode
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
  • Instructional Videos: http://www.youtube.com/user/webpwnized
  • Updates tweeted to @webpwnized
Update version available for download -

source-

at No comments: