JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html

Faraday v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values.CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with user@domain.com, not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/973DH-EtFDU/faraday-v30-collaborative-penetration.html

Faraday Beta v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018 What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’  -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values. CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with user@domain.com, not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/WQlCi8tK3ng/faraday-beta-v30-collaborative.html

Fuxi Scanner – Network Security Vulnerability Scanner

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.Vulnerability detection & managementAuthentication TesterIT asset discovery & managementPort scannerSubdomain scannerAcunetix Scanner (Integrate Acunetix API)InstallationDocumentationUsageVulnerability ScannerThe scanner module integrate an open-sourced remote vulnerability testing and PoC development framework – PocsuiteLike Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.You can acquiring PoC scripts from Seebug communityThe target can be IP, network segment or URL.You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding StyleAsset ManagementIT Asset Registration:Automatic Service Discovery:You can scan the vulnerability by searching and filtering out specific servicesAuthentication TesterThis’s a login cracker that supports many protocols to attack (HTTP Basic Auth, SSH, MySQL, Redis).The target can be IP, network segment or URL.Subdomain ScannerIt helps penetration testers and bug hunters collect and gather subdomains for the domain they are targetingYou can improved wordlist in settings for finding more subdomainsAcunetix ScannerThis module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner APIYou can scan multiple websites at the same timePort ScannerPort scanner allows you to discover which TCP ports are open on your target host.Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target systemSettingsLinksHomepage: https://fuxi-scanner.comDownload: .tar or .zipAuthor E-mail: jeffzh3ng@gmail.comAuthor telegram: jeffzhangDownload Fuxi-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/zUX26xie4uc/fuxi-scanner-network-security.html

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above “Step1" – "Step4" fully automatically.User’s only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of the web servers without taking time and effort.Processing flowStep 1. Gather HTTP responses.GyoiThon gathers several HTTP responses of target website while crawling.The following are example of HTTP responses gathered by GyoiThon.Example.1HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 03:01:57 GMTConnection: closeContent-Type: text/html; charset=UTF-8Etag: "409ed-183-53c5f732641c0"Content-Length: 15271…snip…Example.2HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 06:56:17 GMTConnection: closeContent-Type: text/html; charset=UTF-8Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587;path=/;Content-Length: 37496…snip…Example.3HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 04:19:19 GMTConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 11819…snip…