Archive | Web Hacking

Advertisements


22 May 2015 | 2,073 views

Web Security Dojo 2.0 – Self-Contained Web Hacking Training

Web Security Dojo is a free open-source self-contained web hacking training environment for Web Application Security penetration testing. Tools + Targets = Dojo What? Various web application security testing tools and vulnerable web applications were added to a clean install of xubuntu 12.04. Build scripts are available in git at Sourceforge. Targets include: OWASP’s WebGoat […]

Continue Reading


16 May 2015 | 1,342 views

Plecost – WordPress Fingerprinting Tool

Plecost is a WordPress fingerprinting tool, it can search and retrieve information about the plug-in versions installed in a WordPress installation. It can be used to analyse a single URL or perform an analysis based on the results indexed by Google. Additionally it also displays the CVE code associated with each plug-in vulnerability, if any […]

Continue Reading


12 May 2015 | 1,385 views

InstaRecon – Automated Subdomain Discovery Tool

InstaRecon is an automated basic digital reconnaissance tool which is great for getting an initial footprint of your targets and discovering additional subdomains. In basic terms, it’s an automated subdomain discovery tool for the information gathering phase of penetration tests. There are other tools which cover some parts of the InstaRecon functionality such as: – […]

Continue Reading


09 May 2015 | 2,110 views

Wapiti – Web Application Vulnerability Scanner v2.3.0

Wapiti is a web application vulnerability scanner, it allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the web pages of the deployed web application, looking for scripts and forms where it can inject data. Once […]

Continue Reading


30 April 2015 | 1,068 views

WordPress Critical Zero-Day Vulnerability Fixed In A Hurry

So this is an interesting announcement due to the discussion points it brings up about responsible disclosure, it seems like in this case a researcher published his findings about a WordPress critical zero-day vulnerability without informing WordPress before hand. And they got it fixed REAL quickly, where as in a previous (pretty similar) case – […]

Continue Reading


14 April 2015 | 1,315 views

SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD

The Samurai Web Testing Framework (AKA SamuraiWTF) is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, the authors have based the tool selection on the […]

Continue Reading


07 April 2015 | 3,170 views

Watcher – Passive Web Application Vulnerability Scanner

Ever find yourself looking for that show-stopper exploit in a Web-app, and forgetting to check out all the low-hanging fruit? That’s initially why the authors created Watcher – a passive web application vulnerability scanner. For one thing, you don’t want to manually inspect a Web-app for many of these issues (cookie settings, SSL configuration, information […]

Continue Reading


04 April 2015 | 1,846 views

Commix – Command Injection Attack Tool

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this command injection attack tool, it is very easy to find […]

Continue Reading


31 March 2015 | 1,919 views

Pentoo – Gentoo Based Penetration Testing Linux LiveCD

Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches Backported Wifi stack from latest stable kernel release Module loading support ala slax Changes saving on […]

Continue Reading


21 March 2015 | 1,561 views

XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool

We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]

Continue Reading


Advertisements