Tag Archives: Web Hacking

Wikto Scanner Download – Web Server Security Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/09/wikto-scanner-download-web-server-security-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Wikto Scanner Download – Web Server Security Tool

Wikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

It’s Nikto for Windows basically with some extra features written in C# and requires the .NET framework.

What is Wikto

Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site.

Read the rest of Wikto Scanner Download – Web Server Security Tool now! Only available at Darknet.

What You Need To Know About Server Side Request Forgery (SSRF)

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/jiE0TjlsGI4/

SSRF or Server Side Request Forgery is an attack vector that has been around for a long time, but do you actually know what it is? Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used […]

The post What You Need To Know About…

Read the full post at darknet.org.uk

Jack – Drag & Drop Clickjacking Tool For PoCs

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/uMXdj1EvNhM/

Jack is a Drag and Drop web-based Clickjacking Tool for the assistance of development in PoCs made with static HTML and JavaScript. Jack is web based and requires either a web server to serve its HTML and JS content or can be run locally. Typically something like Apache will suffice but anything that is able […]

The post Jack – Drag…

Read the full post at darknet.org.uk

All You Need To Know About Cross-Site Request Forgery (CSRF)

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/nBF_Xjl7rQw/

Cross-Site Request Forgery is a term you’ve properly heard in the context of web security or web hacking, but do you really know what it means? The OWASP definition is as follows: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re […]

The post All You Need…

Read the full post at darknet.org.uk

Another Week Another Mass Domain Hijacking

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/vUbvLnf_9qw/

Following shortly after the .io domain cock-up that left thousands vulnerable to domain hijacking, this week more than 750 domains were jacked via registrar Gandi. Seems like some pretty sloppy administration going on, but that’s how business goes sadly security is still a very much reactive trade. People don’t enable strict controls and audit…

Read the full post at darknet.org.uk

dork-cli – Command-line Google Dork Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/wXT31MX7h2w/

dork-cli is a Python-based command-line Google Dork Tool to perform searches againsts Google’s custom search engine. A command-line option is always good as it allows you to script it in as part of your automated pen-testing suite. It will return a list of all the unique page results it finds, optionally filtered by a set […]

The post…

Read the full post at darknet.org.uk

snitch – Information Gathering Tool Via Dorks

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/i9qgH9CxYJ0/

Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can…

Read the full post at darknet.org.uk

OneLogin Hack – Encrypted Data Compromised

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/Wna-TVQtB3U/

The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service. Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for […]

The post OneLogin Hack…

Read the full post at darknet.org.uk

Sn1per – Penetration Testing Automation Scanner

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/7u7rGmLhYJc/

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning…

Read the full post at darknet.org.uk

Microsoft Azure Web Application Firewall (WAF) Launched

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/kiLBBI2POZk/

Not too long after Amazon launched their cloud protection WAF the Microsoft Azure Web Application Firewall (WAF) has been made generally available in all public Azure DCs. It’s a good move with the majority of websites and services moving into one of the big 3 cloud providers (AWS, Google or Azure) and the vast majority […]

The post…

Read the full post at darknet.org.uk

Kadimus – LFI Scanner & Exploitation Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/v1PQedBKE8E/

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation [crayon-58d574f29c045430221660/] Then you can run the configure file: [crayon-58d574f29c058368581278/] Then: [crayon-58d574f29c05d343329679/] Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE…

Read the full post at darknet.org.uk

LastPass Leaking Passwords Via Chrome Extension

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/WF2NBIoXu7o/

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

The post LastPass Leaking…

Read the full post at darknet.org.uk

OWASP VBScan – vBulletin Vulnerability Scanner

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/TTIz-sCvWbk/

OWASP VBScan short for vBulletin Vulnerability Scanner is an open-source project in Perl programming language to detect VBulletin CMS vulnerabilities and analyse them. Features VBScan currently has the following: Compatible with Windows, Linux & OSX Up to date exploit database Full path disclosure Firewall detect & bypass Version check…

Read the full post at darknet.org.uk

DAVScan – WebDAV Security Scanner

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/fTN56zpUvJo/

DAVScan is a quick and lightweight WebDAV security scanner designed to discover hidden files and folders on DAV enabled web servers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the…

Read the full post at darknet.org.uk

Minion – Mozilla Security Testing Framework

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/FKSntPwAHrQ/

Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan with a wide variety of security tools, using a simple HTML-based interface. It consists of three umbrella projects: Minion Frontend, a Python, angular.js, and Bootstrap-based website that…

Read the full post at darknet.org.uk

OWASP OWTF – Offensive Web Testing Framework

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/fpLFkvYTh_0/

OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring […]

The…

Read the full post at darknet.org.uk

PunkSPIDER – A Web Vulnerability Search Engine

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/Kt-0a9aFiOE/

PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. In simple terms, that means the authors have created a security scanner and the required…

Read the full post at darknet.org.uk

UFONet – Open Redirect DDoS Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/Hyv3xrsVqxg/

UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes. The tool abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing…

Read the full post at darknet.org.uk

Everything You Need To Know About Web Shells

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/OCaJGEiMAXo/

So let’s talk about Web Shells, something many of us are already familiar with, but to level the field – what is a web shell? A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal […]

The post Everything You Need To Know…

Read the full post at darknet.org.uk

DMitry – Deepmagic Information Gathering Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/r5ut4-0Ozyo/

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic functionality of DMitry allows for information to be gathered about a target…

Read the full post at darknet.org.uk