Browsing tag
Habu is an open source penetration testing toolkit that can perform various penetration testing tasks related to networks. These include ARP poisoning, ARP sniffing, SNMP cracking, fake FTP server creation, DHCP starvation, DHCP discover, Certificates (SSL/TLS) cloning, Denial of service attacks, TCP port scanning, TCP Flag analysis, social engineering, virtual hosts identification, and web technologies […]
Morpheus is an open source framework that can launch multiple attacks on the network using applications, such as ettercap, msgsnarf, tcpkill, and urlsnarf. The tool’s main objective is to manipulate the tcp/udp data using these backend applications. Some major tasks that can be performed using the Morepheus framework include https credentials stealing, web browsers traffic […]
XSStrike is an open source tool that detects Cross Site Scripting vulnerabilities and exploits them. The tool is equipped with a powerful fuzzing engine that increases the accuracy of the tool. The promising features of the tool include the following. XSStrike is equipped with a powerfull fuzzy engine for accurate results. The tool possesses context […]
Leviathan is an open source toolkit that can be used for auditing networks and web applications. The types of audits that can be performed with Leviathan include discovery of services running on machines, identifying SQL injections in web applications, analyzing the possibility of bruteforce attacks on discovered machines, and testing the security of pre-discovered machines […]
Zeus scanner is an open source tool used for reconnaissance and vulnerability assessments of web applications. The tool is equipped with a powerful parsing engine to extract cached web pages from multiple search engines. During parsing, the robots.txt and sitemap.xml files information of target host is saved in a file on the local system. The […]
Vega is a GUID based open source tool used for testing the security of web applications. The tool can be used to test for disclosure of sensitive information, such as SQL injection, blind SQL injection, reflected cross Site scripting, stored cross site scripting, shell injections, and file inclusion vulnerabilities. A complete list of scanning modules […]
TIDoS framework is a python based toolkit that performs a comprehensive audit of the web applications. The toolkit is packed with a number of modules with specific objectives, such as reconnaissance, open source intelligence, scanning + enumeration, and vulnerabilities analysis. TIDoS framework can perform both types of reconnaissance i-e active and passive reconnaissance. In passive […]
Raccoon is an offensive security tool known for reconnaissance and information gathering. The tool can extract useful information about the target host, such as DNS details, DNS mapping, WHOIS record, Port Scanning, TLS data (TLS version, supported ciphers, certificates), URL fuzzing, subdomains enumeration, and Web Application Firewall (WAF) information. Moreover, the tool is capable of […]
Tplmap is a python tool that can find code injection and Server Side Templates Injection (SSTI) vulnerabilities by using sandbox escape techniques. The tool is capable of utilising a SSTI in a number of template engines to gain access to the target file system or operating system. Some of the supported template engines include PHP […]
W3af is a GUI based framework that helps in auditing and identifying vulnerabilities in web applications. The tool is loaded with a number of useful plugins that can scan a website for more than 200 types of vulnerabilities. The currently available plugins include audit, auth, bruteforce, crawl, evasion, grep, infrastructure and mangle. Each plugin has […]