Scanner

Scanners to test security

FantaGhost, FGscanner

# FantaGhost URL Scanner 1.0
Advanced web directory scanner with proxy and TOR support

#### About
This is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack. FantaGhost URL scanner support proxy and TOR.

All options explained here are also available from `fgdev.pl --help`)

Usage: ./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] [--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]

--debug : Print debug information
--dirs : Specify the directory list file
--pages : Specify the wordlist file
--host : Specify hostname to scan (without http:// or https://)
--proxy : Specify a proxy list
--sec : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
--dump : Save found pages on disk
--tor : Use TOR as proxy for each request
--tordns : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network.
--help : What you're reading now

OWASP Bricks

Bricks is a deliberately vulnerable web application built on PHP and MySQL.
The project focuses on variations of commonly seen application security vulnerabilities and exploits.
Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
The mission is to 'break the bricks' and thus learn the various aspects of web application security.

License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?

Project Leader(s):
Abhi M Balakrishnan

Get UWAMP. There are three options:
Exe/Install: Around 20 MB and has an installer. It can be installed just like installing any other software.
Portable RAR: Around 30 MB, portable. No installation needed, just extract and run. 7-Zip is a good software for handling RAR files.
Portable ZIP: Around 55 MB, portable. No installation needed, just extract and run.

Download Bricks and extract it.
Copy the bricks folder into the UwAmp\www directory.
Run uWAMP.exe and Start running the server.
Create a new database for Bricks:
Click on the PHPMyAdmin button on the UWAMP interface, or go to http:///mysql/ on browser.
Any name can be used for database. For example: bricks. Fill up the name and click on Create button.
Click on the www Site button on the UWAMP interface, or go to http:///bricks/ on browser.
Bricks will redirect automatically to http:///bricks/config/.
Fill in the configuration details:
Database username: root
Database password: root in uWAMP. Keep it blank in the xase of XAMPP
Database name: bricks
Database host: localhost
Show executed commands: checked by default
Click on Submit button and a file, LocalSettings.php, will get downloaded. Place this file in the UwAmp\www directory.

Vicnum (Hacking Game)

This is the vicnum project ("vicnum")

This project was registered on SourceForge.net on Jan 27, 2009, and is described by the project team as follows:

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag' . Play the game at http://vicnum.ciphertechs.com

Vicnum (1.5) is an OWASP project consisting of multiple vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross site scripting, sql injections, and session management issues. The goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it's OK to have a little fun. There are currrently three applications (or challenges) in this version of Vicnum. Guessnum, a game to guess a number the computer has picked. Jotto, a game to guess a word the computer has picked. And the Union Challenge which is new to version 1.5 Besides untarring the tar into the right folder and some Apache webserver tweaking, three MySQL tables will need to be created.

Grabber

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.

Contact
-------
author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: r@rgaucher.info

Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.

How do I use Grabber ?

You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
Installation
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
Configuration
You can configure the run with a configuration file like this:

http://127.0.0.1/bank
1

Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url http://127.0.0.1/bank

The two configuration are equivalents.
What you need to know ?

WATOBO

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We (watobo team) are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.

„Ok, how does it work?“
WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.
Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.
Active checks instead will produce a high number of requests (depending on the check module) because they do the automatic part of vulnerability identification, e.g. during a scan.

„So why should I use WATOBO instead of other web application auditing tools?“
The most important advantages are:
WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
WATOB can act as an transparent proxy
WATOBO has anti-CSRF features
WATOBO can perform vulnerability checks out of the box.
WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
WATOBO is written in (FX)Ruby and enables you to define your own checks
WATOBO is free software ( licensed under the GNU General Public License Version 2)
It’s by siberas Wink

Supported operating systems

Smartphone Pentest Framework

The product of a DARPA Cyber Fast Track grant, the Smartphone Pentest Framework is an open source security tool, designed to aid in assessing the security posture of smartphones in an environment. SPF Version 0.1 contains remote attacks, client side attacks, social engineering attacks, and post exploitation, targeting smartphone devices. SPF Version 0.1 includes a text based management console, a web based GUI, and a management Android app. Additionally, a post exploitation “agent” for the Android platform is included. SPF is an on going project with plans in the works for support for additional devices, more modules in each attack vector category, integration with existing tools such as Metasploit and SET, etc.

Oyedata

Oyedata is a new tool to perform black-box OData security testing and help secure OData deployments. Gursev Singh Kalra wrote Oyedata from a penetration testing perspective and its the major features are summarized below:

Intuitive GUI based tool written in C#.
Ability to create attack templates from local and remote Service Documents and Service Metadata Documents.
Support for XML and JSON data formats.
Ability to export attack templates in JSON and XML formats that can be fed to custom Fuzzing code.
Ability to engage the OData services for manual testing.
Data generator for EDMSimpleType test data generation.
Ability to generate “Read URIs” for Entities, Entity Properties and Entity Property Values.
Ability to generate attack templates for Creation of new Entries, updating existing Entries, Service Operation invocation, Entry deletion etc…
Ability to identify Keys, Nullable and Non-Nullable Properties and indicate the same in the attack templates.
Web proxy, HTTP and HTTPS support and Error logging.

The files are:
Oyedata User Guide Oyedata for OData Assessments.pdf - Oyedata user guide.
setup.exe and OyedataSetup.msi - Oyedata setup files.

System Requirements:
Microsoft .Net 4.0

AWS Scout

Scout is a security tool that lets Amazon Web Servers (AWS) administrators asses their environments security posture. Using the AWS API, Scout gathers configuration data for manual inspection or highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout supplies a clear view of the attack surface automatically.

Running:
Scout is packaged as an executable jar. To run it, type

$ java -jar scout-0.9.5-standalone.jar

This will print a short message describing the commands Scout supports.

Usage:
java -jar scout-0.9.5-standalone.jar ACTION [OPTIONS]

The action argument will be explained in detail for each action below. The -c arguments specifies the credentials the tool will use to make requests to the AWS API.

Actions:
list-instances
Output a list of every instance in your EC2 account, grouped by security group, along with selected attributes of the instance.

list-groups
Output a list of every security group, broken down permission by permission.

audit-groups
Output a list of notable or dangerous security group permissions. Permissions are rated as critical, warning, or info depending on the service exposed and how much of the internet the service is exposed to (a /8 is more "critical" than a /24). For more information regarding this rating algorithm, consult the wiki.

compare-groups
Output the difference between what is configured in EC2 and the supplied ruleset file. Permissions marked "+" are configured in EC2 but missing from the ruleset, while permissions marked "-" are missing from EC2 but defined in the ruleset.

compare-groups requires that you specify a ruleset file for it to compare against. Here's an example ruleset:

(ruleset
(group :websrv
(permission :tcp [80] "0.0.0.0/0")
(permission :tcp [443] "0.0.0.0/0")
(permission :tcp [22] "134.82.0.0/16"))
(group :appsrv
(permission :tcp [8080 8083] :websrv)

GScrape

GScrape is a small perl script that uses Google's Ajax API (Google::Search) to find vulnerable websites.

GScrape is a simple tool, it will look for a file specified by the user containing a list of search terms, query google with those search terms and retrieve an array of websites, which are then tested for Local File Inclusion and SQL injection vulnerabilities, if any are found they are logged to the output file specified by the user.

Example:
perl gscrape.pl -f dork.lst -o gscrape.log

Note:
GScrape will not return any results unless your input file actually contains a list of search terms.

Vanguard

Vanguard is an extensible utility with module support built for testing different types of web exploitation on a given domain.
Features

Main application features:
Fully Configurable
WebCrawlers crawl all open HTTP and HTTPS ports output from nmap
LibWhisker2 For HTTP IDS Evasion (Same options as nikto)
Tests via GET,POST, and COOKIE

Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection

Usage:
perl scan.pl -h [hostname] -e [evasion option]

Application Dependencies:

Notice: You must run this application as root.
You must have nmap from http://nmap.org installed to run this application correctly.
Protip: You can undo the root requirement by removing the check for root and modifying the nmap configuration.

Perl Dependencies:
LibWhisker2 requires Net::SSLeay. You may need to get this from cpan, compile it in, or install it from your distribution's package manager.
YAML
Clone
Notice: You can install these libraries with cpan.

Syndicate content