‘Analytical Log Interface’ was built to sit on top of OSSEC (built on OSSEC 2.6) and requires 0 modifications to OSSEC or the database schema that ships with OSSEC. AnaLogi requires a Webserver sporting PHP and MySQL. Written for inhouse analysis work, released under GPL to give something back – it’s intended to help you [...]
Tag Archive | "PHP"
Carbylamine is a PHP Encoder project, which can bypass all leading anti-virus detection against PHP Shells (C99, R57 etc) easily. It can be a very efficient tool for pen-testers when carrying out a black box test which involves inserting malicious code via PHP. Usage
carbylamine.php [file to encode] [output file]
You can download Carbylamine here: carbylamine.php Or read more here.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote [...]
Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks. Client-based attacks, especially targeting web clients, are becoming more and more popular. [...]
Skavenger? Yes, because scavenger is already used?!? What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for… Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody [...]
Wanna work on a web reconnaissance tool? Want to have your name in readme file? Got bored and want to help somebody? Well then darknet readers this is your chance, because I need people to help me on a project I started a while ago called Website Anatomy, to find out what it is about [...]
CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license. The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it [...]
This was the idea with which I have won the regional web apps contest… well actually I did a CMS but the security part of it was the most appreciated. Maybe because it was weird, you’ll see… Classical Login scripts What exactly do classical login scripts do… they get the password from the database by [...]
A useful tool for anyone working with PHP applications. DESCRIPTION ———— FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable. USAGE —— php fis.php [local file] [remote file] [remote FIS ID [...]
Shaolin introduced him self, and said he had asked every one to do like wise. News to me mate :-P or did that slip my mind? Can’t see how it could but one never knows… So, any way, who the hell am I? I have known Shaolin for years, he might have some idea how [...]