Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations, and misconfigurations.
It is built on Python 2.7 and can run on any platform which has a Python environment.
Features of Spaghetti Web Application Security Scanner
- Web Frameworks (CakePHP, CherryPy,…)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux, Unix,..)
- Language (PHP, Ruby,…)
- Cookie Security
- Admin Interface
- Common Backdoors
- Common Backup Directory
- Common Backup File
- Common Directory
- Common File
- Log File
- Private IP
- Credit Cards
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
Using Spaghetti Web Application Security Scanner
root@darknet:~/Spaghetti# python spaghetti.py
_____ _ _ _ _
| __|___ ___ ___| |_ ___| |_| |_|_|
|__ | . | .'| . | | -_| _| _| |
|_____| _|__,|_ |_|_|___|_| |_| |_|
|_| |___| v0.1.3
~/# Spaghetti - Web Application Security Scanner
~/# Codename - MR.R0B0T
~/# Momo Outaadi (@M4ll0k)
-u --url Target URL (eg: http://example.com)
-s --scan Scan Options (default=0):
0: Full Scan
1: Bruteforce (dirs,files,..)
2: Disclosure (ip,emails,..)
3: Attacks (sql,lfi,..)
4: Others (webdav,..)
5: Vulns (shellshock,..)
6: Fingerprint only
--crawler Deep crawling (slow)
--agent Use the specified user-agent
--random-agent Use a random user-agent
--redirect Redirect target URL, default=True
--timeout Set timeout, default=None
--cookie Set cookie, default=None
--proxy Set proxy, (host:port)
--verbose Verbose output
--version Show version
--help Show this help and exit
spaghetti.py --url http://example.com
spaghetti.py --url http://example.com --scan [0-6]
spaghetti.py --url http://example.com --scan 1 --crawler
python spaghetti.py --url site.com --scan 0 --random-agent --verbose
Installation of Spaghetti Web Scanner
$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r requirements.txt
$ python spaghetti.py
There are also other options to check out like:
You can download Spaghetti Web Application Security Scanner here:
Or read more here.
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it’s not often covered in the Western media with it being a Latin American site (something like Reddit).
The leak happened in August and it seems like the hackers were able to brute force around 95% of the account passwords fairly quickly with Taringa using an outdated and flawing hashing algorithm – md5.
Latin American social site Taringa, often called ‘Latin America’s Reddit’, has suffered a massive breach of user data. Login details for nearly all of the site’s users were compromised.
The social site had instituted a system in 2015 to pay users for content production using Bitcoin. The site partnered with Xapo to create digital wallets for content producers, and then began funding them with Bitcoin for participation.
Wallet balances of the individual users will likely be low, but the massive hack of data may well allow access to those wallets. With prices having increased dramatically since 2015, the original payments that remained intact are likely of some substantial value.
It’s a pretty interesting site to target too as it has cryptocurrency infrastructure which allows users to tip each with Bitcoins (something like Reddit Gold).
You can read the official statement from Taringa here:
Or translated to English here:
Taringa was using an aging encryption system for passwords called MD5. The hackers were able to crack 95% of the 27 mln passwords within just a few days. Taringa has assured customers that wallet addresses were not compromised, though the surety of the promise remains in question.
Users should move Bitcoin balances into other wallets for protection, especially if they had used the same password for their wallet as for their Taringa account, a common practice.
Taringa did take the right measures and reset all user passwords and promised to update the encryption method used to store passwords to something more robust (which I hope they did actually carry out).
Source: Coin Telegraph
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
SSL Vulnerabilities Detected by A2SV
- [CVE-2007-1858] Anonymous Cipher
- [CVE-2012-4929] CRIME(SPDY)
- [CVE-2014-0160] CCS Injection
- [CVE-2014-0224] HeartBleed
- [CVE-2014-3566] SSLv3 POODLE
- [CVE-2015-0204] FREAK Attack
- [CVE-2015-4000] LOGJAM Attack
- [CVE-2016-0800] SSLv2 DROWN
Planned for future:
- [PLAN] SSL ACCF
- [PLAN] SSL Information Analysis
Installation & Requirements for A2SV
A. Download(clone) & Unpack A2SV
git clone https://github.com/hahwul/a2sv.git
B. Install Python Package / OpenSSL
pip install argparse
pip install netaddr
apt-get install openssl
C. Run A2SV
python a2sv.py -h
How to use A2SV Auto Scanning SSL Vulnerability Tool
usage: a2sv [-h] [-t TARGET] [-tf TARGETFILE] [-p PORT] [-m MODULE]
[-d DISPLAY] [-u] [-v]
-h, --help show this help message and exit
-t TARGET, --target TARGET
Target URL and IP Address
> e.g -t 127.0.0.1
-tf TARGETFILE, --targetfile TARGETFILE
Target file(list) URL and IP Address
> e.g -tf ./target.list
-p PORT, --port PORT Custom Port / Default: 443
> e.g -p 8080
-m MODULE, --module MODULE
Check SSL Vuln with one module
[anonymous]: Anonymous Cipher
[ccs]: CCS Injection
[poodle]: SSLv3 POODLE
[freak]: OpenSSL FREAK
[logjam]: OpenSSL LOGJAM
[drown]: SSLv2 DROWN
-d DISPLAY, --display DISPLAY
[Y,y] Show output
[N,n] Hide output
-o OUT, --out OUT Result write to file
> e.g -o /home/yourdir/result.txt
-u, --update Update A2SV (GIT)
-v, --version Show Version
You can download A2SV SSL Vulnerability Scanner here:
Or read more here.
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Features of VHostScan Virtual Host Scanner
- Quickly highlight unique content in catch-all scenarios
- Locate the outliers in catch-all scenarios where results have dynamic content on the page (such as the time)
- Identify aliases by tweaking the unique depth of matches
- Wordlist supports standard words and a variable to input a base hostname (for e.g. dev.%s from the wordlist would be run as dev.BASE_HOST)
- Work over HTTP and HTTPS
- Ability to set the real port of the webserver to use in headers when pivoting through ssh/nc
- Add simple response headers to bypass some WAF products
- Identify new targets by using reverse lookups and append to wordlist
Usage – Using VHostScan
-h, --help Display help message and exit
-t TARGET_HOSTS Set the target host.
-b BASE_HOST Set host to be used during substitution in wordlist (default to TARGET).
-w WORDLISTS Set the wordlist(s) to use. You may specify multiple wordlists in comma delimited format (e.g. -w "./wordlists/simple.txt, ./wordlists/hackthebox.txt" (default ./wordlists/virtual-host-scanning.txt).
-p PORT Set the port to use (default 80).
-r REAL_PORT The real port of the web server to use in headers when not 80 (see RFC2616 14.23), useful when pivoting through ssh/nc etc (default to PORT).
--ignore-http-codes IGNORE_HTTP_CODES Comma-separated list of HTTP codes to ignore with virtual host scans (default 404).
--ignore-content-length IGNORE_CONTENT_LENGTH Ignore content lengths of specified amount.
--unique-depth UNIQUE_DEPTH Show likely matches of page content that is found x times (default 1).
--ssl If set then connections will be made over HTTPS instead of HTTP.
--fuzzy-logic If set then all unique content replies are compared and a similarity ratio is given for each pair. This helps to isolate vhosts in situations where a default page isn't static (such as having the time on it).
--no-lookups Disbale reverse lookups (identifies new targets and append to wordlist, on by default).
--rate-limit Amount of time in seconds to delay between each scan (default 0).
--random-agent If set, each scan will use a random user-agent from a predefined list.
--user-agent Specify a user agent to use for scans.
--waf If set then simple WAF bypass headers will be sent.
-oN OUTPUT_NORMAL Normal output printed to a file when the -oN option is specified with a filename argument.
-oJ OUTPUT_JSON JSON output printed to a file when the -oJ option is specified with a filename argument.
- By passing a blank '-' you tell VHostScan to expect input from stdin (pipe).
Another similar tool would be hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool.
You can download VHostScan here:
Or read more here.
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn’t been patched. Now it seems the CEO Rick Smith is basically placing the blame on a single employee that failed to pass a message on to the right people, […]
LOIC Download below – Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#. It’s an interesting tool in that it’s often used in what are usually classified as political cyber-terrorist attacks against large capitalistic organisations. The hivemind version gives average non-technical users […]