NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started – Installation & UsageDownload NodeXP by cloning the Git repository:git clone https://github.com/esmog/nodexpTo get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py –url=”http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindpython2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order to conduct my master’s thesis. It could also be helpful during the process of a penetration test on Node.js services. Any other malicious or illegal usage of the tool is strongly not recommended and is clearly not a part of the purpose of this research.PrerequisitesPython 2.7Metasploit FrameworkmsfvenomKali Linux (or any other Linux distro with Metasploit Framework installed)NodeXP TestbedsDownload and run the Node.js files for both GET and POST cases from hereVisit Nodegoat or install Nodegoat to your local machine!Built WithPython 2.7VersioningNodeXP – Version 1.0.0AuthorsDimitris Antonaropoulos – esmogDownload NodeXP

Link: http://feedproxy.google.com/~r/PentestTools/~3/OIgb6RZFu0o/nodexp-detection-and-exploitation-tool.html

JoomScan 0.0.7 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.comEnumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;"Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.7Download Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/rbhkhn10GkU/joomscan-007-owasp-joomla-vulnerability.html

VBScan 0.1.8 – Black Box vBulletin Vulnerability Scanner

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . Why OWASP VBScan ? If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.Project Leader : Mohammad Reza Espargham Github : https://github.com/rezasp/vbscan/ SourceForge : https://sourceforge.net/projects/vbscan/ OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project usage : ./vbscan.pl ./vbscan.pl http://target.com/vbulletinOWASP VBScan 0.1.7 introduction What’s New in Version 0.1.8 [Self Challenge]Updated vulnerabilities database “Email Before Registration Plugin" SQL exploit added"Tapatalk vbulletin plugin" exploit added "Routestring RCE" exploit added Vbulletin possible password logger detector addedAllow start from any pathOpenRedirection founder module addedVbulletin version comparing module addedA few enhancements Download VBScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/6Oz8dDXNjHM/vbscan-018-black-box-vbulletin.html

Firework – Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it.This tool may be used as part of a penetration test or red team exercise to create a .wcx payload (and associated feed) that if clicked on could be used to:Phish for credentials – NetNTLM hashes will be sent if a user enters their credentials (or on older versions of Windows automatically).Add items to the Start-Menu – After set-up shortcuts are added to the Start-Menu which launch the served RDP file(s). These entries could potentially be used as part of a wider social engineering campaign.Download resources – Resources such as the .rdp files and icon files are downloaded and updated by Windows on a daily basis (if authentication of the feed is disabled or is satisfied).Read the SpiderLabs blog for a more detailed summary and walk through.InstallationTested with Python 2.7.x. (Python3 not currently supported, although the main Firework class could be used in Python 3)$ pip install -r requirements.txtThe tool serves content over HTTPS and requires a certificate and private key to use in-built web server with NetNTLM capture. Default files: cert.crt and key.pemUsage.-:::::’::::::::::.. .,::::::.:: . .::: … :::::::.. ::: . ;;;”” ;;;;;;;“;;;; ;;;;””’;;, ;; ;;;’.;;;;;;;. ;;;;“;;;; ;;; .;;,.[[[,,== [[[ [[[,/[[[‘ [[cccc ‘[[, [[, [[‘,[[ \[[,[[[,/[[[‘ [[[[[/’ `$$$”“ $$$ $$$$$$c $$"""" Y$c$$$c$P $$$, $$$$$$$$$c _$$$$, 888 888 888b "88bo,888oo,__ "88"888 "888,_ _,88P888b "88bo,"888"88o, "MM, MMM MMMM "W" """"YUMMM "M "M" "YMMMMMP" MMMM "W" MMM "MMP"usage: firework.py [-h] -c COMPANY -u URL -a APP -e EXT -i ICON [-l LISTEN] [-r RDP] [-d DOMAIN] [-n USERNAME] [-p PASSWORDHASH] [-t CERT] [-k KEY]WCX workplace tooloptional arguments: -h, –help show this help message and exit -c COMPANY, –company COMPANY Company name -u URL, –url URL Feed URL -a APP, –app APP App Name -e EXT, –ext EXT App Extension -i ICON, –icon ICON App Icon -l LISTEN, –listen LISTEN TLS Web Server Port -r RDP, –rdp RDP RDP Server -d DOMAIN, –domain DOMAIN RDP Domain -n USERNAME, –username USERNAME RDP Username -p PASSWORD, –password PASSWORD RDP Password -t CERT, –cert CERT SSL cert -k KEY, –key KEY SSL keyExamplesBasic example:Organisation Name: EvilCorpURL to feed XML (or URL to Firework’s in-built server): https://example.org/ – This is where Windows downloads the feed from.Application Name: FireworkFile Extension: .fwkIcon File: firework.icopython ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico In built web server will start on port 443 if cert.crt and key.pem are present in current directory. This will force an NTLM challenge with responder. If these files are not present the tool will write all files to local directory for your own hosting.If you wish to start the in-built web server on alternate port use the -l flag as below:python ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico -l 8443You can also add some customisations to the .rdp file that gets served.Remote Desktop Server: dc.corp.localDomain: corp.localUsername: adminPassword Crypt: Encrypted password that gets included in RDP fileNote: Passwords stored in .rdp files are likely ignored in a default config.python ./firework.py -c EvilCorp -u https://example.org/ -a Firework -e .fwk -i ./firework.ico -r dc.corp.local -d corp.local -n admin -p PayloadHaving run the tool ‘payload.wcx’ will be written to current directory. This file is what when clicked on starts the provisioning process.AuthorsDavid Middlehurst – Twitter- @dtmsecurityDownload Firework

Link: http://feedproxy.google.com/~r/PentestTools/~3/7mpZNIt1YeI/firework-leveraging-microsoft.html

JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html

Faraday v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values.CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with user@domain.com, not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/973DH-EtFDU/faraday-v30-collaborative-penetration.html

Faraday Beta v3.0 – Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment.Faraday just got much fasterArchitecture changes and a new database (PostgreSQL) gives us a new and revamped structure that allows us to support new objects and a bigger data volume. This dramatically improves most of the backend services that directly impact your day-to-day use…Big changes require timeThe total amount of work, in terms of commits, for the migration consisted of 29% of the total work done for the the project to this day. We changed and reviewed around 75440 lines of code, including the addition a lot of unit tests.Commits per week on faraday code repository from July 2017 to June 2018 What’s new on the BackendNew Server: Implemented with Flask.New Database engine: PostgreSQL.New REST API: With complete support for CRUD for every object from Faraday. It makes it simpler to do queries for the DB and it opens up new ways for personalized integrations. Run python manage.py show_urls to see all our new API endpoints.Example usage for getting hosts from the new api:curl ‘http://localhost:5985/_api/v2/ws/europe/hosts’  -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’Better scalability and performance improvements. There’s a drastic reduction in time needed for searches in our API and with the new architecture it’s significantly easier to scale-up horizontally.What’s new on the frontFor this version we listened to feedback from our users to make Faraday friendlier with a major focus on making specific data more readily available and a faster interface.The new dashboardThe new dashboard has been organized with a new layout to show relevant information first, helping users to find vulnerable spots in their workspace.Updated Status ReportChanged and simplified the status report design:Redesign of the hosts listNow you can add and remove columns, plus see and filter by hostnames and services:Small improvements that make your dayImports Scan Outputs directly from the Web UI.Now you can import results from your scans directly on our Web UI:Check here a video about report upload from WebGUI:Import Scan Outputs via API.Here’s an example of the new API:curl ‘http://127.0.0.1:5985/_api/v2/ws/test/upload_report’ -H ‘Content-Type: multipart/form-data’ -H ‘Cookie: AuthSession=[COOKIE]; session=[COOKIE];’ –data-binary $’[FILE BINARY DATA]’ –compressedDramatic performance upgrades.Simplification of the model we used. Say “adios" to the interface object.Access to the server using “/” instead of /_ui/ .Ability to edit the names of workspaces.New PluginsHP WebInspectIP360SslyzeWfuzzXsssniperBrutexssRecon-NGSublist3rDirsearchFull List of ChangesAllow faraday-server to have multiple instancesAdd hostname to hostInterface removed from model and from persistence server lib (fplugin)Performance improvements on the backendAdd quick change workspace name (from all views)Allow user to change workspaceNew faraday styles in all Webui viewsAdd search by id for vulnerabilitiesAdd new plugin SslyzeAdd new plugin WfuzzAdd xsssniper pluginFix W3af, Zap pluginsAdd Brutexss pluginAllow to upload report file from external tools from the webFix sshcheck import file from GTKAdd reconng pluginAdd sublist3r pluginAdd HP Webinspect pluginAdd dirsearch pluginAdd ip360 pluginCouchDB was replaced by PostgreSQL :)Host object changed, now the name property is called ipInterface object was removedNote object was removed and replaced with CommentCommunication object was removed and replaced with CommentShow credentials count in summarized report on the dashboardRemove vuln template CWE fields, join it with referencesAllow to search hosts by hostname, os and service nameAllow the user to specify the desired fields of the host list tableAdd optional hostnames, services, MAC and description fields to the host listWorkspace names can be changed from the Web UIChanged the scope field of a workspace from a free text input to a list of targetsExploitation and severity fields only allow certain values. CWE CVEs were fixed to be valid. A script to convert custom CSVs was added.Web UI path changed from /ui/ to / (ui has now a redirection to / for keeping backwards compatibility)dirb plugin should creates a vulnerability type information instead of a note.Add confirmed column to exported CSV from WebuiFixes in Arachni pluginAdd new parameters –keep-old and –keep-new for faraday CLIAdd new screenshot fplugin which takes a screenshot of the ip:ports of a given protocolAdd fix for net sparker regular and cloud fix on severityAdmin users can list and access all workspaces, even if they don’t have permissionsRemoved Chat feature (data is kept inside notes)Plugin reports now can be imported in the server, from the Web UIAdd CVSS score to reference field in Nessus plugin.Fix unicode characters bug in Netsparker plugin.Fix Qualys plugin.Fix bugs with MACOS and GTK.Add response field added to model in grouped report template.Add tooltip in WebUi with information about errors in executive report.Ldap now login is with user@domain.com, not user only anymore.Fix Jira bugs in WebUihttps://www.faradaysec.comhttps://forum.faradaysec.com/https://www.faradaysec.com/ideashttps://github.com/infobyte/faradayhttps://twitter.com/faradaysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/WQlCi8tK3ng/faraday-beta-v30-collaborative.html

Fuxi Scanner – Network Security Vulnerability Scanner

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.Vulnerability detection & managementAuthentication TesterIT asset discovery & managementPort scannerSubdomain scannerAcunetix Scanner (Integrate Acunetix API)InstallationDocumentationUsageVulnerability ScannerThe scanner module integrate an open-sourced remote vulnerability testing and PoC development framework – PocsuiteLike Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.You can acquiring PoC scripts from Seebug communityThe target can be IP, network segment or URL.You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding StyleAsset ManagementIT Asset Registration:Automatic Service Discovery:You can scan the vulnerability by searching and filtering out specific servicesAuthentication TesterThis’s a login cracker that supports many protocols to attack (HTTP Basic Auth, SSH, MySQL, Redis).The target can be IP, network segment or URL.Subdomain ScannerIt helps penetration testers and bug hunters collect and gather subdomains for the domain they are targetingYou can improved wordlist in settings for finding more subdomainsAcunetix ScannerThis module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner APIYou can scan multiple websites at the same timePort ScannerPort scanner allows you to discover which TCP ports are open on your target host.Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target systemSettingsLinksHomepage: https://fuxi-scanner.comDownload: .tar or .zipAuthor E-mail: jeffzh3ng@gmail.comAuthor telegram: jeffzhangDownload Fuxi-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/zUX26xie4uc/fuxi-scanner-network-security.html

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above “Step1" – "Step4" fully automatically.User’s only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of the web servers without taking time and effort.Processing flowStep 1. Gather HTTP responses.GyoiThon gathers several HTTP responses of target website while crawling.The following are example of HTTP responses gathered by GyoiThon.Example.1HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 03:01:57 GMTConnection: closeContent-Type: text/html; charset=UTF-8Etag: "409ed-183-53c5f732641c0"Content-Length: 15271…snip…Example.2HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 06:56:17 GMTConnection: closeContent-Type: text/html; charset=UTF-8Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587;path=/;Content-Length: 37496…snip…Example.3HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 04:19:19 GMTConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 11819…snip…