Latest Post
Showing posts with label Pentest. Show all posts
Showing posts with label Pentest. Show all posts
06:48

Python-nmap 0.2.7 - A python library which helps in using nmap port scanner

Written By Unknown on Wednesday, 27 February 2013 | 06:48

python-nmap is a python library which helps in using nmap port scanner. It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automatize scanning task and reports. It also supports nmap script outputs.

It can even be used asynchronously. Results are returned one host at a time to a callback function defined by the user.

Download latest

Warning : this version is intended to work with Python 3.x. For Python 2.x, please use python-nmap-0.1.4.tar.gz
Download development version
svn checkout http://python-nmap.googlecode.com/svn/trunk/ python-nmap-read-only

Installation

From the shell, uncompress python-nmap-0.2.6.tar.gz and then run make :
tar xvzf python-nmap-0.2.6.tar.gz
cd python-nmap-0.2.6
python setup.py install
Now you may invoke nmap from python
$ python
Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15) 
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import nmap

Usage

From python :
>>> import nmap
>>> nm = nmap.PortScanner()
>>> nm.scan('127.0.0.1', '22-443')
>>> nm.command_line()
'nmap -oX - -p 22-443 -sV 127.0.0.1'
>>> nm.scaninfo()
{'tcp': {'services': '22-443', 'method': 'connect'}}
>>> nm.all_hosts()
['127.0.0.1']
>>> nm['127.0.0.1'].hostname()
'localhost'
>>> nm['127.0.0.1'].state()
'up'
>>> nm['127.0.0.1'].all_protocols()
['tcp']
>>> nm['127.0.0.1']['tcp'].keys()
[80, 25, 443, 22, 111]
>>> nm['127.0.0.1'].has_tcp(22)
True
>>> nm['127.0.0.1'].has_tcp(23)
False
>>> nm['127.0.0.1']['tcp'][22]
{'state': 'open', 'reason': 'syn-ack', 'name': 'ssh'}
>>> nm['127.0.0.1'].tcp(22)
{'state': 'open', 'reason': 'syn-ack', 'name': 'ssh'}
>>> nm['127.0.0.1']['tcp'][22]['state']
'open'

>>> for host in nm.all_hosts():
>>>     print('----------------------------------------------------')
>>>     print('Host : %s (%s)' % (host, nm[host].hostname()))
>>>     print('State : %s' % nm[host].state())
>>>     for proto in nm[host].all_protocols():
>>>         print('----------')
>>>         print('Protocol : %s' % proto)
>>> 
>>>         lport = nm[host][proto].keys()
>>>         lport.sort()
>>>         for port in lport:
>>>             print ('port : %s\tstate : %s' % (port, nm[host][proto][port]['state']))
----------------------------------------------------
Host : 127.0.0.1 (localhost)
State : up
----------
Protocol : tcp
port : 22 state : open
port : 25 state : open
port : 80 state : open
port : 111 state : open
port : 443 state : open

>>> print(nm.csv())
host;protocol;port;name;state;product;extrainfo;reason;version;conf
127.0.0.1;tcp;22;ssh;open;OpenSSH;protocol 2.0;syn-ack;5.9p1 Debian 5ubuntu1;10
127.0.0.1;tcp;25;smtp;open;Exim smtpd;;syn-ack;4.76;10
127.0.0.1;tcp;53;domain;open;dnsmasq;;syn-ack;2.59;10
127.0.0.1;tcp;80;http;open;Apache httpd;(Ubuntu);syn-ack;2.2.22;10
127.0.0.1;tcp;111;rpcbind;open;;;syn-ack;;10
127.0.0.1;tcp;139;netbios-ssn;open;Samba smbd;workgroup: WORKGROUP;syn-ack;3.X;10
127.0.0.1;tcp;443;;open;;;syn-ack;;


>>> nm.scan(hosts='192.168.1.0/24', arguments='-n -sP -PE -PA21,23,80,3389')
>>> hosts_list = [(x, nm[x]['status']['state']) for x in nm.all_hosts()]
>>> for host, status in hosts_list:
>>>     print('{0}:{1}'.format(host, status))
192.168.1.0:down
192.168.1.1:up
192.168.1.10:down
192.168.1.100:down
192.168.1.101:down
192.168.1.102:down
192.168.1.103:down
192.168.1.104:down
192.168.1.105:down
[...]



>>> nma = nmap.PortScannerAsync()
>>> def callback_result(host, scan_result):
>>>     print '------------------'
>>>     print host, scan_result
>>> 
>>> nma.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result)
>>> while nma.still_scanning():
>>>     print("Waiting >>>")
>>>     nma.wait(2)   # you can do whatever you want but I choose to wait after the end of the scan
>>> 
192.168.1.1 {'nmap': {'scanstats': {'uphosts': '1', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '0', 'totalhosts': '1', 'elapsed': '0.43'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.1'}, 'scan': {'192.168.1.1': {'status': {'state': 'up', 'reason': 'arp-response'}, 'hostname': 'neufbox'}}}
------------------
192.168.1.2 {'nmap': {'scanstats': {'uphosts': '0', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '1', 'totalhosts': '1', 'elapsed': '0.29'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.2'}, 'scan': {'192.168.1.2': {'status': {'state': 'down', 'reason': 'no-response'}, 'hostname': ''}}}
------------------
192.168.1.3 {'nmap': {'scanstats': {'uphosts': '0', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '1', 'totalhosts': '1', 'elapsed': '0.29'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.3'}, 'scan': {'192.168.1.3': {'status': {'state': 'down', 'reason': 'no-response'}, 'hostname': ''}}}
See also example.py in archive file.
Download latest version updated on 27/02/2013


Source-
Labels: , ,
19:55

Nessus 5.0.3 released

Written By Unknown on Tuesday, 19 February 2013 | 19:55



Nessus team announce the immediate availability of Nessus 5.0.3. This release is a bugfix only release and addresses the following issues:

- Added the ability to limit of the number of sessions per user
- Use less memory by default on desktop systems (incl. Mac OS X) by setting qdb_mem_usage = low
- Reduced memory fragmentation on recent glibc (Linux) systems (ie: Red Hat 6)
- New mecanism to load the reports for the users sessions, using less memory
- Prevent a crash when generating a too large XMLRPC buffer
- Fixed a crash occurring sometimes on Windows related to DNS lookups
- Fixed thread race conditions
-  nessusd.dump would sometimes contain the following errors, especially when used with SC:
[Wed Jan 23 20:00:04 2013][9987.15599433] SQL error - no such table: main.RESULTS
- Windows files permissions are more secure by default
- Worked around a bug in older Linux kernels where pathconf() would fail when the scanner data is hosted in a very large NFS server
- Fixed an issue where plugin updates would fail if cipher_file_on_disk is set to 'no' in the config
- New function server_log() allowing the web server to write to nessusd.messages
- Bigger SSL CA key size by default (2048 bits)
- The SSL CA generates keys with a pathlen constraint of 1
- Now ships with OpenSSL 1.0.0k

You can download Nessus 5.0.3 at 


Nessus Vulnerability Scanner
Regarding plug-ins
Labels: , , , ,
01:38

UPDATE WEB-SORROW V1.5.0 - perl based tool for misconfiguration, version detection, enumeration, and server information scanning

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks. 

Is there a feature you want in Web-Sorrow? Is there something that sucks that i can unsuck? Tell me. I Listen! @flyinpoptartcat

Basic overview of capabilities:
Web Services: a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints

Authentication areas: logins, admin logins, email webapps

Bruteforce: Subdomains, Files and Directories

Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host

AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities)

Current functionality:
HOST OPTIONS:
-host [host] -- Defines host to scan, a list separated by semicolons, 1.1.1.30-100 type ranges, and 1.1.1.* type ranges. You can also use the 1.1.1.30-100 type ranges for domains like www1-10.site.com

-port [port num] -- Defines port number to use (Default is 80)

-proxy [ip:port] -- Use an HTTP, HTTPS, or gopher proxy server
SCANS:
-S -- Standard set of scans including: agresive directory indexing,

Banner grabbing, Language detection, robots.txt,

HTTP 200 response testing, Apache user enum, SSL cert,

Mobile page testing, sensitive items scanning,

thumbs.db scanning, content negotiation, and non port 80

server scanning

-auth -- Scan for login pages, admin consoles, and email webapps

-Cp [dp | jm | wp | all] scan for cms plugins.

dp = drupal, jm = joomla, wp = wordpress 

-Fd -- Scan for common interesting files and dirs (Bruteforce)

-Sfd -- Very small files and dirs enum (for the sake of time)

-Sd -- BruteForce Subdomains (host given must be a domain. Not an IP)

-Ws -- Scan for Web Services on host such as: cms version info, 

blogging services, favicon fingerprints, and hosting provider

-Db -- BruteForce Directories with the big dirbuster Database

-Df [option] Scan for default files. platfroms/options: Apache,

Frontpage, IIS, Oracle9i, Weblogic, Websphere,

MicrosoftCGI, all (enables all)

-ninja -- A light weight and undetectable scan that uses bits and

peices from other scans (it is not recomended to use with any

other scans if you want to be stealthy. See readme.txt)

-fuzzsd -- Fuzz every found file for Source Disclosure

-e -- Everything. run all scans

-intense -- like -e but no bruteforce

-I -- Passively scan interesting strings in responses such as:

emails, wordpress dirs, cgi dirs, SSI, facebook fbids,

and much more (results may Contain partial html)

-dp -- Do passive tests on requests: banner grabbing, Dir indexing,

Non 200 http status, strings in error pages,

Passive Web services

-flag [txt] -- report when this text shows up on the responses
SCAN SETTINGS:
-ua [ua] -- Useragent to use. put it in quotes. (default is firefox linux)

-Rua -- Generate a new random UserAgent per request

-R -- Only request HTTP headers via ranges requests.

This is much faster but some features and capabilitises

May not work with this option. But it's perfect when

You only want to know if something exists or not.

Like in -auth or -Fd

-gzip -- Compresses http responces from host for speed. Some Banner

Grabbing will not work

-d [dir] -- Only scan within this directory

-https -- Use https (ssl) instead of http

-nr -- Don't do responce analisis IE. False positive testing,

Iteresting headers (other than banner grabbing) if

you want your scan to be less verbose use -nr

-Shadow -- Request pages from Google cache instead of from the Host.

(mostly for just -I otherwise it's unreliable)

-die -- Stop scanning host if it appears to be offline

-reject -- Treat this http status code as a 404 error

web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect) 
Examples:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

stealthy: perl Wsorrow.pl -host scanme.nmap.org -ninja -proxy 190.145.74.10:3128

scan for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e

dump http headers: perl headerDump.pl

Check if host is alive: perl hdt.pl -host 192.168.1.1

sample output
using option -Ws
[*] _______WEB SERVICES_______ [*]

[+] Found service or widget: google analytics

[+] Found service or widget: disqus.com commenting system

[+] Found service or widget: quantserve.com

[+] Found service or widget: twitter widget
using option -S
[+] Server Info in Header: "Via: varnish ph7"

[+] HTTP Date: Mon, 22 Oct 2012 01:36:11 GMT

[+] HTTP Title: [cen0red]

[+] robots.txt found! This could be interesting!

[?] would you like me to display it? (y/n) ? Y

[+] robots.txt Contents:

User-agent: *

Disallow:

Sitemap: http://[cen0red]/sitemap.xml

[+] Directory indexing found in "/icons/"

[+] xmlrpc: /xmlrpc.php

HTTP CODE: 403 -> [+] Apache information: /server-status/

[+] Domain policies: /crossdomain.xml

[+] OPEN HTTP server on port: 81

Download -
Web-Sorrow_v1.5.0FINAL.zip 7.1 MB
"This is the last version i will actively release! if you want to improve my code please send it to me and i will release a new version." - @flyinpoptartcat

Download other versions from here

Source-
http://code.google.com/p/web-sorrow/

Previous posts regarding Web-Sorrow -
http://santoshdudhade.blogspot.in/2012/06/update-web-sorrow-v-139-remote-web.html


http://santoshdudhade.blogspot.in/2012/05/web-sorrow-remote-web-scanner-for.html
http://santoshdudhade.blogspot.in/2012/06/web-sorrow-v-138-remote-security.html
http://santoshdudhade.blogspot.in/2012/06/web-sorrow-v140-remote-security-scanner.html
http://santoshdudhade.blogspot.in/2012/07/web-sorrow-v142-remote-security-scanner.html
http://santoshdudhade.blogspot.in/2012/10/web-sorrow-v147b-versatile-security.html

Screenshot -

Labels: , , , ,
20:58

PySQLi - Python SQL injection framework

Written By Unknown on Friday, 15 February 2013 | 20:58


PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.

Why another SQLi framework ?
Simple answer: because there are other ways than HTTP requests to exploit SQLi vulnerabilities ! Most of the available tools only rely on HTTP GET/POST methods, and sometimes provide other methods.

PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.

Download PySQLi

Source-
https://github.com/sysdream/pysqli

Screenshot -

Labels: , , , ,
06:19

Easy-Creds 3.7 Install Script 0.1 - BackBox Scripts

Written By Unknown on Thursday, 7 February 2013 | 06:19

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

Easy-Creds 3.7 Install Script 0.1

This script (inst-0.1.sh) will :
  1. Add easy-creds to main BackBox menu
  2. Add nice start icon for Easy-Creds
  3. Remove install script from /opt/easy-creds directory
  4. Make symbolic link to run easy-creds from terminal with sudo easy
To do :
  1. Add remove function for other files after installation download.
  2. Check all directories, then remove.
  3. Add all download files to github repository.

How to use script ?

To get full install, easy-creds need to be installed in /opt directory.







Open terminal and type :
chmod +x inst-0.1.sh
sudo ./inst-0.1.sh

About tool and author ?

source-
https://github.com/ZEROF/BackBox-Scripts


Labels: , ,
01:23

ESSPEE - (ESSPEE-R3 x86) Penetration Testing & Forensics

Written By Unknown on Monday, 28 January 2013 | 01:23

ESSPEE is a derivetive of Back | Track 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations. This version consolidates the Unity desktop interface; a brand new way to find and manage your applications.

Features
  • A Perfect Forensics Mode - Read-Only Mount
  • A Perfect Stealth Mode - Networking Disabled
  • Latest kernel with aufs support (Kernel 3.7.4)
  • Metasploit Framework v4.6.0-dev [core:4.6 api:1.0]
  • OSSEC - Open Source Host-based Intrusion Detection System
  • Gnome-fallback Desktop Environment.
  • Gnome-Pie - All your favourite applications at single click
  • Suricata - Open Source Next Generation IDS/ IPS.
  • Snorby - Suricata IDS/IPS Monitoring Web Interface.
  • Meld - A visual diff and merge tool for compare files and directories.
  • MySQL Workbench - A visual MySQL database designing tool.
  • ESSPEE Personal Firewall - Realtime Pop-up Notification. (Thanks to Leopard Flower)
  • Net Activity Viewer - A graphical network connections viewer.
  • LOIQ - Open source network stress testing application.
  • Guymager - Forensics imaging tool (GUI)
  • Ostinato - Open-source network packet crafter/traffic generator.
  • FSlint - Find and clean various unwanted extraneous files.
  • Ruby 1.9.3p327 (2012-11-10 revision 37606)
  • Fern Wi-Fi Cracker
  • Virtualbox - Create your own virtual lab
  • Nemiver - A standalone graphical C and C++ debugger
  • Open Audit - Network inventory, audit and management tool
  • Mobile Phone Forensics tools
  • Anonymity - Tor network and many more .......
ESSPEE_R3_Live_DVD released on 26/01/2013

Download - https://docs.google.com/uc?export=download&confirm=no_antivirus&id=0B9Qo6IGWg3_qVzUzTmk1eG95QzQ MD5 - 61aa7c877568d8c109fb407b0540f0f4 Size - 3.35 GB Type - ISO (DVD) OS - Linux (Based on Ubuntu 12.04 - Precise Pangolin) Category - Network Security, Penetration testing, Forensics, Data Recovery.


Source-
http://sourceforge.net/projects/esspee/
Labels: , , , , , , , ,
22:24

NOWASP (Mutillidae) 2.4.0-beta - Web Pen-Test Practice Application

Written By Unknown on Monday, 21 January 2013 | 22:24


NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. NOWASP (Mutillidae) can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube channel athttps://www.youtube.com/user/webpwnized. Project/video updates tweeted tohttps://twitter.com/webpwnized.

Features
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the "default" deployment.
  • Installs easily by dropping project files into the "htdocs" folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Includes bubble-hints to help point out vulnerable locations
  • System can be restored to default with single-click of "Setup" button
  • Switches between secure and insecure mode
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
  • Instructional Videos: http://www.youtube.com/user/webpwnized
  • Updates tweeted to @webpwnized
LATEST-mutillidae-2.4.0-beta.zip
Released on 2013-01-22



Source-

Labels: , , ,
05:28

Gamja : Web vulnerability scanner

Written By Unknown on Wednesday, 19 December 2012 | 05:28

Gamja will find XSS(Cross site scripting) & SQL Injection weak point also URL parameter validation error. Who knows that which parameter is weak parameter? Gamja will be helpful for finding vulnerability[ XSS , Validation Error , SQL Injection].

Download gamja-p4ssion.zip (314.0 kB)

Supported platform
Windows ,Linux,Mac 

Screenshot -













Source-
http://sourceforge.net/projects/gamja/
Labels: , , , , ,
02:31

eEye Retina Community - Powered by the same engine as the world famous Retina Network Scanner

Written By Unknown on Thursday, 13 December 2012 | 02:31

Powered by the same engine as the Retina Network Security Scanner, Retina Community is a completely free security scanner for up to 128 IPs. Use it to scan servers, desktops - any networked device - for security flaws, and learn how to fix them. 

New: Now, you can scan virtual applications, deployed via VMware ThinApp, for flaws as well. This is a new industry development, completely unique to eEye.


Retina Network Community, a free vulnerability scanner for up to 256 IPs gives you powerful vulnerability assessment across your entire environment.

With Retina Network Community you can:
  • Reduce risk and improve security with complete vulnerability scanning across operating systems, applications, devices, and virtual environments.
  • Comprehensive vulnerability database that includes zero-days and is continually updated by eEye’s renowned research team.
  • Improve risk management and prioritization with broad exploit identification from Core Impact, Metasploit, and Exploit-db.com.

Download community version -

Source-

Screenshot -

Labels: , , ,
05:26

Complemento - Collection of tools for penetration testing.

Written By Unknown on Monday, 10 December 2012 | 05:26

Complemento is a collection of tools for penetration testing.

LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". 

Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. 

Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.

Complemento officially included in BackTrack Linux 5

[ Current Version 0.7.7 - 2011 ] 


LetDown

Usage:

LetDown 3wh+payload flooder v0.7.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
  letdown -d dst_ip -p dst_port -D dst_mac  [options]
Options:
  -d destination ip address, target
  -D destination mac address or router mac address
  -p destination port
  -s source ip address
  -S source mac address
  -x first source port (default 1025)
  -y last source port (default 65534)
  -l enables infinite loop mode
  -i network interface
  -t sleep time in microseconds (default 10000)
  -a max time in second for waiting responses (default 40)
Extra options:
  -v verbosity level (0=quiet, 1=normal, 2=verbose)
  -f automagically set firewall rules for blocking
     rst packet generated by the kernel
     examples: -f iptables, -f blackhole (for freebsd)
  -L special interaction levels with the target
     s  syn flooding, no 3-way-handshake
     a  send acknowledgment packets (polite mode)
     f  send finalize packets (include polite mode)
     r  send reset packets (check firewall rules...)
  -W window size for ack packets (ex: 0-window attack)
  -O enable ack fragmentation and set fragment offset delta
  -C fragment counter if fragmentation is enabled (default 1)
  -P payload file (see payloads directory...)
  -M multistage payload file (see payloads directory...)
ReverseRaider

Usage:

ReverseRaider domain scanner v0.7.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
  reverseraider -d domain | -r range [options]
Options:
  -r range of ipv4 or ipv6 addresses, for reverse scanning
     examples: 208.67.1.1-254 or 2001:0DB8::1428:57ab-6344
  -f file containing lists of ip addresses, for reverse scanning
  -d domain, for wordlist scanning (example google.com)
  -w wordlist file (see wordlists directory...)
Extra options:
  -t requests timeout in seconds
  -P enable numeric permutation on wordlist (default off)
  -D nameserver to use (default: resolv.conf)
  -T use TCP queries instead of UDP queries
  -R don't set the recursion bit on queries

HttSquash

Usage:

HTTSquash scanner v0.7.7 - Acri Emanuele (crossbower@gmail.com)
Usage:
  httsquash -r range [options]
Options:
  -r range of ip addresses or target dns name
     examples: 208.67.1.1-254, 2001::1428:57ab-6344, google.com
  -p port (default 80)
Extra options:
  -t time in seconds (default 3)
  -m max scan processes (default 10)
  -b print body of response (html data)
  -S use HTTPS instead of HTTP
  -T custom request type (default GET)
  -U custom request URL (default /)
  -H set an header for the request (can be used multiple times)
     examples: Keep-Alive:300, User-Agent:httsquash
Script options:
  -j cookie jar separator ("%%")

Httsquash GUI






















Source -
http://complemento.sourceforge.net/
Labels: , , ,
 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger