Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused […]
hacking tool
DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool
A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on […]
Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool
[ad] Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist. Usage
1 |
$ python knock.py [ url ] [ wordlist ] |
You can view a demo of the tool enumerating Facebook sub-domains on Youtube here: Facebook and Knock v.1.2 Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or minor). Requirements Python version […]
WebRaider – Automated Web Application Exploitation Tool
[ad] WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. […]
keimpx – Open Source SMB Credential Scanner
[ad] keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be: Combination of user / plain-text password. Combination of user / NTLM hash. Combination of user / NTLM logon session […]