BadMod v2.0 – Detect Website CMS, Website Scanner & Auto Exploiter

Auto exploiter & get all server sites & bing dorker.Version 2.0Fixed colors bugFixed permissions bugAdded new option to scan single targetAdded new option to scan joomla & wordpress pluginsInstallationInstall toolgit clone https://github.com/MrSqar-Ye/BadMod.gitInstall phpsudo apt-get install phpInstall php curlsudo apt-get install php-curl Screen shotsInstallationInstall toolchmod +x INSTALL ./INSTALLOption 1 – Get all server sitesFast tool to get all server sites .Option 2 – generate random IP’sVideoDownload BadMod

Link: http://feedproxy.google.com/~r/PentestTools/~3/KFTkMGnNn28/badmod-v20-detect-website-cms-website.html

SleuthQL – Burp History Parsing Tool To Discover Potential SQL Injection Points

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers (*) into each parameter where the SQL-esque variables were identified.Supported Request TypesSleuthQL requires an export of Burp’s Proxy History. To gain this export, simply navigate to your proxy history tab, highlight every item and click “Save Items". Ensure that each request is saved using base64 encoding. When SleuthQL scans the proxy history file, outside of the regular URL parameters, it will be able to identify vulnerable parameters from the following request content-types:application/jsonapplication/x-www-form-urlencodedmultipart/form-dataThere are cases where this tool will break down. Namely, if there is nested content-types (such as a base64 encoded parameter within JSON data), it will not be able to identify those parameters. It also does not cover Cookies, as too often something such as CloudFlare will flag a parameter we’re not interested in.Why not Burp Pro?Burp Pro’s scanner is great, but isn’t as full featured as SQLMap. Thus, if we can prioritize requests to feed into SQLMap in a batch-like manner and look for results this way, we can increase the detection rate of SQL injection.UsageUsage: .:/+ssyyyyyyso+/:. -/s s/. .+| SleuthQL |y+. -s| SQL Injection Discovery Tool |s- .shh| |ohs. +hhhho+shhhhhhhhhhhs/hhhhhhhhhhhhhhhh.-hh/ `shhhhhhy:./yo/:—:/:`hhhhhhhhhhhhhhhs“ohho shhhhhhhhh-`-//::+os: +hhhhhhhhh+shhhh.o-/hhho +hhhhhhhhh:+y/.:shy/ /hhhhhhhhh/`ohhh-/h-/hhhh/ .hhhhhhhhhsss`.yhhs` .shhhhhhhh+-o-hhh-/hh`ohhhhh`+hhhhhhhhhhhhyoshh+. `shhhhhs/-oh:ohs.ohh+`hhhhhh/shhhhhhhhhhhhhhhhhhh/ -//::+yhy:oy::yhhy`+hhhhhhoyhhhhhhhhhhhhhhhhhhh:-:. `+y+-/:/yhhhy.-hhhhhhhsshhhhhhhhhhhhhhhhhhh+ :/o+:.“ -hhhhhs`.hhhhhhhho+hhhhhhhs/hhhhhhhhhhy::/:/yhhhy: .+yy/ :hhhhhhhhh/.hhhhhhh:.hhhhhhhhhhhhhhhhhhhhhhs/- -shhhhhhhhhh` +hhhhhh+ /hhhhhhhhhhhhhhhhhhhhho/:`+hhhhhhhhhhh/ shhhhy+ -shhhhhhhhhhhhhhhhhhh.// yhhhhhhhhhho `ohh+://+/.`-/++ooooooooooyhhhhy.`hhhhhhhhhho /hhhhhhhhhso++//+++oooo+:`sh+`-yhhhhhhhhh/ .s s. -s Rhino Security Labs s- .+y Dwight Hohnstein y+. ./s s/. .:/+osyyyyyyso+/-. sleuthql.py -d example.com -f burpproxy.xmlSleuthQL is a script for automating the discovery of requests matchingSQL-like parameter names and values. When discovered, it will displayany matching parameters and paths that may be vulnerable to SQL injection.It will also create a directory with SQLMap ready request files.Options: -h, –help show this help message and exit -d DOMAINS, –domains=DOMAINS Comma separated list of domains to analyze. i.e.: google.com,mozilla.com,rhinosecuritylabs.com -f PROXY_XML, –xml=PROXY_XML Burp proxy history xml export to parse. Must be base64 encoded. -v, –verbose Show verbose errors that occur during parsing of the input XML.Output FilesFor each potentially vulnerable request, the SQLMap parameterized request will be saved under $(pwd)/$domain/ as text files.Video DemoDownload SleuthQL

Link: http://feedproxy.google.com/~r/PentestTools/~3/GQ5nGSUgmaI/sleuthql-burp-history-parsing-tool-to.html

RouterSploit v3.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload RouterSploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/oAq3V5riPro/routersploit-v30-exploitation-framework.html

BurpBounty – A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. This Extension Requires Burp Suite Pro.- Usage:1. Config sectionProfile Manager: you can manage the profiles, enable, disable o remove any of them.Select Profile: you can choose any profile, for modify it and save.Profiles reload: you can reload the profiles directory, for example, when you add new external profile to directory.Profile Directory: you choose the profiles directory path.2. PayloadsYou can add many payloads as you want. Each payload of this secction will be sent at each entry point (Insertion points provided by the burp api) You can choos multiple Enocders. For example, if you want encode the string alert(1), many times (in descendent order): Plain text: alert(1) HTML-encode all characters: alert(1) URL-encode all characters: %26%23%78%36%31%3b%26%23%78%36%63%3b%26%23%78%36%35%3b%26%23%78%37%32%3b%26%23%78%37%34%3b%26%23%78%32%38%3b%26%23%78%33%31%3b%26%23%78%32%39%3b Base64-encode: JTI2JTIzJTc4JTM2JTMxJTNiJTI2JTIzJTc4JTM2JTYzJTNiJTI2JTIzJTc4JTM2JTM1JTNiJTI2JTIzJTc4JTM3JTMyJTNiJTI2JTIzJTc4JTM3JTM0JTNiJTI2JTIzJTc4JTMyJTM4JTNiJTI2JTIzJTc4JTMzJTMxJTNiJTI2JTIzJTc4JTMyJTM5JTNi If you choose “URL-Encode these characters" option, you can put all characters that you want encode with URL. 3. Grep – MatchFor each payload response, each string, regex or payload (depending of you choose) will be searched with the specific Grep Options. Grep Type: Simple String: search for a simple string or stringsRegex: search for regular expressionPayload: search for payloads sendedPayload without encode: if you encode the payload, and you want find for original payload, you should choose thisGrep Options: Negative match: if you want find if string, regex or payload is not present in responseCase sensitive: Only match if case sensitiveNot in cookie: if you want find if any cookie attribute is not presentContent type: you can specify one or multiple (separated by comma) content type to search the string, regex or payload. For example: text/plain, text/html, …Response Code: you can specify one or multiple (separated by coma) HTTP response code to find string, regex or payload. For example. 300, 302, 400, …4. Write an IssueIn this section you can specify the issue that will be show if the condition match with the options specified.Issue NameSeverityConfidenceAnd others details like description, background, etc.- ExamplesSo, the vulnerabilities identified so far, from which you can make personalized improvements are:1- Active ScanXSS reflected and StoredSQL Injection error basedXXECommand injectionOpen RedirectLocal File InclusionRemote File InclusionPath TraversalLDAP InjectionORM InjectionXML InjectionSSI InjectionXPath Injectionetc2- Passive ScanSecurity HeadersCookies attributesSoftware versionsError stringsIn general any string or regular expression.For example videos please visit our youtube channel:YouTubeDownload BurpBounty

Link: http://feedproxy.google.com/~r/PentestTools/~3/xh6yhoQKxTg/burpbounty-extension-of-burp-suite-that.html

Prowler – Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon – HackSmith v1.0.CapabilitiesScan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devicesDetermine the type of devices using fingerprintingDetermine if there are any open ports on the deviceAssociate the ports with common servicesTest devices against a dictionary of factory default and common credentialsNotify users of security vulnerabilities through an dashboard. Dashboard tourPlanned CapabilitiesGreater variety of vulnerability assessment capabilities (webapp etc.)Select wordlist based on fingerprintHardwareRaspberry Pi Cluster HAT (with 4 * Pi Zero W)Raspberry Pi 3Networking deviceSoftware StackRaspbian Stretch (Controller Pi)Raspbian Stretch Lite (Worker Pi Zero)Note: For ease of setup, use the images provided by Cluster Hat! InstructionsPython 3 (not tested on Python 2)Python packages see requirements.txtAnsible for managing the cluster as a whole (/playbooks)Key Python Packages:dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.eel is used for the web dashboard (seperate repository, here)rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page.Ansible PlaybooksFor the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setupshutdown.yml and reboot.yml self-explanatoryclone_repos.yml clone prowler and dispy repositories (required!) on the worker nodessetup_node.yml installs all required packages on the worker nodes. Does not clone the repositories!Deploying ProwlerClone the git repository: git clone https://github.com/tlkh/prowler.gitInstall dependencies by running sudo pip3 install -r requirements.txt on the controller PiRun ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes.Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.ymlRun clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up.Run python3 cluster.py on the controller Pi to start ProwlerTo edit the range of IP addresses being scanned, edit the following lines in cluster.py:test_range = [] for i in range(0, 1): for j in range(100, 200): test_range.append(“172.22." + str(i) + "." + str(j))Old DemosCluster Scan Demonstration Jupyter NotebookSingle Scan Demonstration Jupyter NotebookTry out the web dashboard hereUseful SnippetsTo run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command"To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes=’pi0_ip’, ip_addr=’pi3_ip’)Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temprpimonitor (how to install):Download Prowler

Link: http://feedproxy.google.com/~r/PentestTools/~3/qOTSZ3YjvmY/prowler-distributed-network.html

HTTPoxyScan – HTTPoxy Exploit Scanner

PoC/Exploit scanner to scan common CGI files on a target URL for the HTTPoxy vulnerability. Httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. For more details, go to https://httpoxy.org.REQUIREMENTS:Requires ncat to establish reverse sessionUSAGE:./httpoxyscan.py https://target.com cgi_list.txt 10.1.2.243 3000This will scan https://target.com with a list of common CGI files while injecting a Proxy header back to a given IP:PORT. A reverse listener will catch the incoming connection to confirm the remote site is vulnerable.Download HTTPoxyScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/JBezCczY3rk/httpoxyscan-httpoxy-exploit-scanner.html

Salt-Scanner – Linux Vulnerability Scanner Based On Salt Open And Vulners Audit API

A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration.FeaturesSlack notification and report uploadJIRA integrationOpsGenie integrationRequirementsSalt Open 2016.11.x (salt-master, salt-minion)¹Python 2.7salt (you may need to install gcc, gcc-c++, python dev)slackclientjiraopsgenie-sdkNote: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace “expr_form" with "tgt_type" in salt-scanner.py.Usage$ ./salt-scanner.py -h ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}] [-oN OS_NAME] [-oV OS_VERSION]optional arguments: -h, –help show this help message and exit -t TARGET_HOSTS, –target-hosts TARGET_HOSTS -tF {glob,list,grain}, –target-form {glob,list,grain} -oN OS_NAME, –os-name OS_NAME -oV OS_VERSION, –os-version OS_VERSION$ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*" ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================+ No default OS is configured. Detecting OS…+ Detected Operating Systems: – OS Name: centos, OS Version: 7+ Getting the Installed Packages…+ Started Scanning ‘10.10.10.55’… – Total Packages: 357 – 6 Vulnerable Packages Found – Severity: Low+ Started Scanning ‘10.10.10.56’… – Total Packages: 392 – 6 Vulnerable Packages Found – Severity: Critical+ Finished scanning 2 host (target hosts: ‘*’).2 Hosts are vulnerable!+ Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt+ Full report uploaded to Slack+ JIRA Issue created: VM-16+ OpsGenie alert createdYou can also use Salt Grains such as ec2_tags in target_hosts:$ sudo ./salt-scanner.py –target-hosts "ec2_tags:Role:webapp" –target-form grainSlack AlertDownload Salt-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Ox5vp0e8ctQ/salt-scanner-linux-vulnerability.html

Sn1per v4.4 – Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.DEMO VIDEO: FEATURES:Automatically collects basic recon (ie. whois, ping, DNS, etc.)Automatically launches Google hacking queries against a target domainAutomatically enumerates open ports via NMap port scanningAutomatically brute forces sub-domains, gathers DNS info and checks for zone transfersAutomatically checks for sub-domain hijackingAutomatically runs targeted NMap scripts against open portsAutomatically runs targeted Metasploit scan and exploit modulesAutomatically scans all web applications for common vulnerabilitiesAutomatically brute forces ALL open servicesAutomatically test for anonymous FTP accessAutomatically runs WPScan, Arachni and Nikto for all web servicesAutomatically enumerates NFS sharesAutomatically test for anonymous LDAP accessAutomatically enumerate SSL/TLS ciphers, protocols and vulnerabilitiesAutomatically enumerate SNMP community strings, services and usersAutomatically list SMB users and shares, check for NULL sessions and exploit MS08-067Automatically exploit vulnerable JBoss, Java RMI and Tomcat serversAutomatically tests for open X11 serversAuto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat CredsPerforms high level enumeration of multiple hosts and subnetsAutomatically integrates with Metasploit Pro, MSFConsole and Zenmap for reportingAutomatically gathers screenshots of all web sitesCreate individual workspaces to store all scan outputKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per

Link: http://feedproxy.google.com/~r/PentestTools/~3/3AtzG4dKSuE/sn1per-v44-automated-pentest-recon.html

Archerysec – Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.Documentationhttps://archerysec.github.io/archerysec/API DocumentationDemoOverview of the tool:Perform Web and Network vulnerability Scanning using opensource tools.Correlates and Collaborate all raw scans data, show them in a consolidated manner.Perform authenticated web scanning.Perform web application scanning using selenium.Vulnerability Management.Enable REST API’s for developers to perform scanning and Vulnerability Management.Useful for DevOps teams for Vulnerability Management.NoteCurrently project is in development phase and still lot of work going on.RequirementPython 2.7OpenVas 8OWASP ZAP 2.7.0Selenium Python Firefox Web driverBurp ScannerFollow the instruction in order to enable Burp REST API. You can manage and trigger scans using Archery once REST API enabled.Burp REST APIInstallation$ git clone https://github.com/archerysec/archerysec.git$ cd archerysec$ pip install -r requirements.txt$ python manage.py collectstatic$ python manage.py makemigrations networkscanners$ python manage.py makemigrations webscanners$ python manage.py makemigrations projects$ python manage.py makemigrations APIScan$ python manage.py makemigrations osintscan$ python manage.py makemigrations jiraticketing$ python manage.py migrate$ python manage.py createsuperuser$ python manage.py runserverNote: Make sure these steps (except createsuperuser) should be perform after every git pull.Docker InstallationArcherySec Docker is available from ArcherySec Docker$ docker pull archerysec/archerysec$ docker run -it -p 8000:8000 archerysec/archerysec:latest# For persistencedocker run -it -p 8000:8000 -v :/root/.archerysec archerysec/archerysec:latestSetup SettingZAP running daemon modeWindows :zap.bat -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=trueOthers :zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=trueZap SettingGo to Setting PageEdit ZAP setting or navigate URL : http://host:port/setting_edit/Fill below required information. Zap API Key : Leave blank if you using ZAP as daemon api.disablekey=true Zap API Host : Your zap API host ip or system IP Ex. 127.0.0.1 or 192.168.0.2 Zap API Port : ZAP running port Ex. 8080 OpenVAS SettingGo to setting PageEdit OpenVAS setting or navigate URL : http://host:port/networkscanners/openvas_settingFill all required information and click on save.Road MapAPI Automated vulnerability scanning.Perform Reconnaissance before scanning.Concurrent Scans.Vulnerability POC pictures.Cloud Security scanning.DashboardsEasy to installing.Lead DeveloperAnand Tiwari – https://github.com/anandtiwaricsDownload Archerysec

Link: http://feedproxy.google.com/~r/PentestTools/~3/uZDF6poTawE/archerysec-open-source-vulnerability.html

Acunetix v12 – More Comprehensive, More Accurate and now 2X Faster

In-depth analysis of JavaScript-rich sites and Single Page ApplicationsAcunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.“Acunetix was always in the forefront when it came to accuracy and speed, however now with the re-engineered scanning engine and sensors that support the latest JavaScript and Java technologies, we are seeing websites scanned up to 2x faster without any compromise on accuracy.” announced Nicholas Sciberras, CTO. Support for latest JavaScript Acunetix DeepScan and the Acunetix Login Sequence Recorder have been updated to support  ECMAScript version 6 (ES6) and ECMAScript version 7 (ES7). This allows Acunetix to better analyse JavaScript-rich sites which make use of the latest JavaScript features. The modularity of the new Acunetix architecture also makes it much easier now for the technology to stay ahead of the industry curve.AcuSensor for JavaAcunetix version 12 includes a new AcuSensor for Java web applications. This improves the coverage of the web site and the detection of web vulnerabilities, decreases false positives and provides more information on the vulnerabilities identified. While already supporting PHP and ASP .NET, the introduction of Java support in AcuSensor means that Acunetix coverage for interactive gray box scanning of web applications is now possibly the widest in the industry.Speed and efficiency with Multi-EngineCombining the fastest scanning engine with the ability to scan multiple sites at a time, in a multi-engine environment, allows users to scan thousands of sites in the least time possible. The Acunetix Multi-engine setup is suitable for Enterprise customers who need to scan more than 10 websites or web applications at the same time. This can be achieved by installing one Main Installation and multiple Scanning Engines, all managed from a central console.Pause / Resume FeatureAcunetix Version 12 allows the user to pause a Scan and Resume the scan at a later stage. Acunetix will proceed with the scan from where it had left off. There is no need to save any scan state files or similiar – the information about the paused scan is automatically retained in Acunetix.A trial version can be downloaded hereAbout AcunetixUser-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry leading crawler fully supports HTML5 and JavaScript and AJAX-heavy websites, allowing auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on premise solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Acunetix, the companyFounded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader, and a pioneer in automated web application security technology. Acunetix products and technologies are depended on globally by individual pen-testers and consultants all the way to large organizations. It is the tool of choice for many customers in the Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, such as the Pentagon, Nike, Disney, Adobe and many more. For more information, visit www.acunetix.com.

Link: http://feedproxy.google.com/~r/PentestTools/~3/1J3ZpBqn9fY/acunetix-v12-more-comprehensive-more.html