inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot. PHP Web application developers sometimes fail to add safety checks against authentications, file inclusion etc and [...]
sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, [...]
Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused [...]
A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on [...]
Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. Features Full support for GET/Post/Cookie Injection Full support for HTTP Basic, Digest, NTLM and Certificate authentications Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, [...]
Our last mention of w3af was back in 2008 when the fifth BETA was released, the team have recently released a new version 1.0 – Release Candidate 3. w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy [...]
iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically. This is a neat tool for those who have to do some clean up operation after a mass-exploitation or defacement on a shared web-host. This tool is programmed by iSecur1ty using [...]
PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. [...]
Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false [...]
This is not the first time Apache.org has been hacked, it was comprised back in September 2009 using SSH keys. This time another targeted attack against the site was successful and allowed the attackers to capture the passwords of users logging into the bug-tracking service. It also exposed the entire password list, which sadly although [...]
© Darknet – The Darkside 2000-2012. Don't Learn to HACK - Hack to LEARN.
Posted in: 
Recent Comments