Web

Anything related to websites

SQLol

SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.

XMLmao

XMLmao is a configurable XML/XPath injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.

XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.

Trillix

Convert SWF to FLA within seconds! Flash Decompiler Trillix is the only application capable of converting SWF to FLA with high speed, high quality and hundreds of additional features. It is the ultimate tool to recover your lost FLA files - being the market leader since 2003! Decompile SWF files and obtain source code FLA in seconds. It supports batch conversion, so you can leave a bunch of different tasks to it and do any other things while our application is working.

Proxify

Proxify is an online tool that can be used to proxy your visits to different web sites.

Scully

Scully is a client interface to MSSQL and MySQL database servers. No more need for MSSQL/MySQL client libraries to be installed and no more need to setup an ODBC connection either. Simply add IP/Hostname, username, password, port and database name and SQL away.

Scully also performs password brute forcing for MySQL and MSSQL, by clicking "Brute Force" a little window pops out and you simply provide a server,username, port and specify MySQL/MSSQL, then you also provide a txt file list of passwords and click "Start". Scully will quickly attempt to brute force the correct password, one also has the option to set "debug" to view the progress of the brute force.

Proxy Strike

ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

Subdomainer

Subdomainer is an information gathering tool designed for obtaining subdomain names from public sources, like Google, Msn search, Yahoo, PgP servers, etc.

After obtaining potential subdomain names, it will check if the subdomain really exists.

Sql Server Backdoor Client

It was a long time ago, but after the presentation of Cesar Cerrudo and Esteban Martinez, we spent some time playing with the materials provided. One of the most interesting was the SQL Server Backdoor. It provides basic backdoor functionality through opening a conection against a specified server and port and waiting for any order to execute in the trojanized database.

However, there is no client provided for this, so we spent some more time coding a little client that awaits for incoming connections from the backdoor and allows to interact with the database showing the results. It is available here, and you can find the backdoor into the additional materials from the black hat presentation here: https://www.blackhat.com/presentations/bh-europe-07/Cerrudo/bh-eu-07-Cer...

ProxyFinder

A program to download and parse a list of open proxys, from 2 websites (samair and multiproxys), and then check if the proxies are working. Can test for GET and CONNECT method. You could restrict the search for a specific number of working proxies.

Veracode

Current forces are putting pressure on organizations to secure their applications fast. The Veracode product suite facilitates that for you and we make implementation a breeze with our private cloud delivery platform. There's no hardware to buy; no software to install; no disruption to current systems; no intensive developer training; and you can be up and running in minutes.

Syndicate content