Scanner

Scanners to test security

Kolkata

Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application.

Dependencies
LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site.
YAML::XS - Install with cpan in bash (cpan -i YAML::XS)

Usage
kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]

kolkata requires a directory called sigs in its directory
The sigs directory must contain properly formatted yml files with checksums.

viproy-voipkit

Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

webvulscan

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

The vulnerabilities tested by WebVulScan are:

Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Standard SQL Injection
Broken Authentication using SQL Injection
Autocomplete Enabled on Password Fields
Potentially Insecure Direct Object References
Directory Listing Enabled
HTTP Banner Disclosure
SSL Certificate not Trusted
Unvalidated Redirects

Features:

Crawler: Crawls a website to identify and display all URLs belonging to the website.
Scanner: Crawls a website and scans all URLs found for vulnerabilities.
Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
Register: Allows a user to register with the web application.
Login: Allows a user to login to the web application.
Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
PDF Generation: Dynamically generates a detailed PDF report.
Report Delivery: The PDF report is emailed to the user as an attachment.

ScanSSH

ScanSSH supports scanning a list of addresses and networks for open proxies, SSH protocol servers, Web and SMTP servers. Where possible ScanSSH, displays the version number of the running services. ScanSSH protocol scanner supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the deployment of SSH protocol servers in a company or the Internet as whole.

Watcher

Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.

Recon-ng

Recon-ng is a full-featured Web Reconnaisance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

Ruby-Nessus

Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner. Ruby-Nessus aims to deliver an easy yet powerful interface for interacting and manipulating Nessus scan results and configurations. Ruby-Nessus currently supports both version 1.0 and 2.0 of the .nessus file format.

Sslscan

SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats.

Pbnj

PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. PBNJ uses Nmap to perform scans.

Syndicate content