A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on [...]
Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, [...]
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This [...]
This tool has been hitting the news, including some mentions in the SANS ISC Diary. It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent [...]
sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of [...]
FWAuto (Firewall Rulebase Automation) is a Perl script and should work on any system with Perl installed. Provide the running config of a PIX firewall to fwauto. It will analyze and give you a list of weak rules in your rule base and store the result in multiple output files. Maybe there have been times [...]
There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing – Bsqlbf V2, which is a Blind SQL Injection Brute Forcer. The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind [...]
Another tale to do with advertising, it just goes to show it’s really not a good idea to run JavaScript from a 3rd party source on your site, especially if you don’t want your visitors redirected to a p*rn site! This is just what happened to Perl.com a few days ago. Visitors to Perl.com, the [...]
If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon. Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them. [...]
There has been an explosion of fuzzing tools lately, quite a few we have mentioned here on Darknet. Someone else noticed this, and wondered where is the Perl framework to complete the family? With that in mind he spent the last few months working on something that should fill the gap – Fuzzled. Fuzzled is [...]
© Darknet – The Darkside 2000-2012. Don't Learn to HACK - Hack to LEARN.
Posted in: 
Recent Comments