PhoneInfoga – Advanced Information Gathering & OSINT Tool For Phone Numbers

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.FeaturesCheck if phone number exists and is possibleGather standard information such as country, line type, and carrierOSINT footprinting using external APIs, Google Hacking, phone books & search enginesCheck for reputation reports, social media, disposable numbers and moreScan several numbers at onceUse custom formatting for more effective OSINT reconnaissanceAutomatic footprinting on several custom formatsDownload PhoneInfoga

Link: http://www.kitploit.com/2019/06/phoneinfoga-advanced-information.html

RapidScan – The Multi-Tool Web Vulnerability Scanner

Evolution:It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.Enter RapidScan.Featuresone-step installation.executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes under one entity.saves a lot of time, indeed a lot time!.checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development)critical, high, medium, low and informational classification of vulnerabilities.vulnerability definitions guides you what the vulnerability actually is and the threat it can pose. (under development)remediations tells you how to plug/fix the found vulnerability. (under development)executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)FYI:program is still under development, works and currently supports 80 vulnerability tests.parallel processing is not yet implemented, may be coded as more tests gets introduced.Vulnerability ChecksDNS/HTTP Load Balancers & Web Application Firewalls.Checks for Joomla, WordPress and DrupalSSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).Commonly Opened Ports.DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).Sub-Domains Brute Forcing.Open Directory/File Brute Forcing.Shallow XSS, SQLi and BSQLi Banners.Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).& more coming up…RequirementsPython 2.7Kali OS (Preferred, as it is shipped with almost all the tools) For other OS flavours, working on a docker support. Hang on.UsageDownload the script and give executable permissionswget -O rapidscan.py https://raw.githubusercontent.com/skavngr/rapidscan/master/rapidscan.py && chmod +x rapidscan.pyHelpOutputContributionhttps://gist.github.com/MarcDiethelm/7303312Download Rapidscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/hfz-4xWFw40/rapidscan-multi-tool-web-vulnerability.html

WhatWeb v0.5.0 – Next Generation Web Scanner

Developed by Andrew Horton urbanadventurer and Brendan Coles bcolesLatest Release: v0.5.0. June 9th, 2019License: GPLv2This product is subject to the terms detailed in the license agreement. For more information about WhatWeb visit:Homepage: https://www.morningstarsecurity.com/research/whatwebWiki: https://github.com/urbanadventurer/WhatWeb/wiki/If you have any questions, comments or concerns regarding WhatWeb, please consult the documentation prior to contacting one of the developers. Your feedback is always welcome.About WhatWebWhatWeb identifies websites. Its goal is to answer the question, “What is that Website?". WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ”, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for "/wp-content/" within relative links.FeaturesOver 1800 pluginsControl the trade off between speed/stealth and reliabilityPerformance tuning. Control how many websites to scan concurrently.Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, ElasticSearch, SQL.Proxy support including TORCustom HTTP headersBasic HTTP authenticationControl over webpage redirectionIP address rangesFuzzy matchingResult certainty awarenessCustom plugins defined on the command lineIDN (International Domain Name) supportExample UsageUsing WhatWeb on a couple of websites (standard WhatWeb output is in colour):$ ./whatweb slashdot.org reddit.comhttp://reddit.com [302] HTTPServer[AkamaiGHost], RedirectLocation[http://www.reddit.com/], Via-Proxy[1.1 bc1], IP[173.223.232.64], Akamai-Global-Host, Country[UNITED STATES][US]http://slashdot.org [200] Script, HTTPServer[Unix][Apache/1.3.42 (Unix) mod_perl/1.31], Google-Analytics[GA][32013], Via-Proxy[1.1 bc5], UncommonHeaders[x-fry,x-varnish,x-xrds-location,slash_log_data], Apache[1.3.42][mod_perl/1.31], HTML5, IP[216.34.181.45], OpenGraphProtocol[100000696822412], X-Powered-By[Slash 2.005001], Title[Slashdot: News for nerds, stuff that matters], Email[canadaboy@nOspam.gmail.com,jbort@nww.com], Country[UNITED STATES][US]http://www.reddit.com/ [200] Frame, PasswordField[passwd,passwd2], Script, HTTPServer[‘; DROP TABLE servertypes; –], IP[203.97.86.202], JQuery, Cookies[reddit_first], Title[reddit: the voice of the internet — news before it happens], Country[NEW ZEALAND][NZ]Usage.$$$ $. .$$$ $. $$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$. $ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.$ `$ $$$ $ `$ $$$ $ `$ $$$ $$’ $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$’$. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :’ $. $ $$$ $. $$$$ $. $$$$$.$::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$$;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$$$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$’WhatWeb – Next generation web scanner version 0.5.0.Developed by Andrew Horton (urbanadventurer) and Brendan Coles (bcoles)Homepage: https://www.morningstarsecurity.com/research/whatwebUsage: whatweb [options] TARGET SELECTION: <TARGETs> Enter URLs, hostn ames, IP adddresses, filenames or IP ranges in CIDR, x.x.x-x, or x.x.x.x-x.x.x.x format. –input-file=FILE, -i Read targets from a file. You can pipe hostnames or URLs directly with -i /dev/stdin.TARGET MODIFICATION: –url-prefix Add a prefix to target URLs. –url-suffix Add a suffix to target URLs. –url-pattern Insert the targets into a URL. Requires –input-file, eg. www.example.com/%insert%/robots.txt AGGRESSION: The aggression level controls the trade-off between speed/stealth and reliability. –aggression, -a=LEVEL Set the aggression level. Default: 1. Aggression levels are: 1. Stealthy Makes one HTTP request per target. Also follows redirects. 3. Aggressive If a level 1 plugin is matched, additional requests will be made. 4. Heavy Makes a lot of HTTP requests per target. Aggressive tests from all plugins are used for all URLs.HTTP OPTIONS: –user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.5.0. –header, -H Add an HTTP header. eg "Foo:Bar". Specifying a default header will replace it. Specifying an empty value, eg. "User-Agent:" will remove the header. –follow-redirect=WHEN Control when to follow redirects. WHEN may be `never’, `http-only’, `meta-only’, `same-site’, or `always’. Default: always. –max-redirects=NUM Maximum number of contiguous redirects. Default: 10.AUTHENTICATION: –user, -u=<user:password> HTTP basic authentication. –cookie, -c=COOKIES Provide cookies, e.g. ‘name=value; name2=value2′. –cookiejar=FILE Read cookies from a file.PROXY: –proxy <hostname[:po rt]> Set proxy hostname and port. Default: 8080. –proxy-user <username:password> Set proxy user and password.PLUGINS: –list-plugins, -l List all plugins. –info-plugins, -I=[SEARCH] List all plugins with detailed information. Optionally search with keywords in a comma delimited list. –search-plugins=STRING Search plugins for a keyword. –plugins, -p=LIST Select plugins. LIST is a comma delimited set of selected plugins. Default is all. Each element can be a directory, file or plugin name and can optionally have a modifier, eg. + or – Examples: +/tmp/moo.rb,+/tmp/foo.rb title,md5,+./plugins-disabled/ ./plugins-disabled,-md5 -p + is a shortcut for -p +plugins-disabled. –grep, -g=STRING|REGEXP Search for STRING or a Regular Expression. Shows only the results that match. Examples: –grep "hello" –grep "/he[l]*o/" –custom-plugin=DEFINITION\tDefine a custom plugin named Custom-Plugin, –custom-plugin=DEFINITION Define a custom plugin named Custom-Plugin, Examples: ":text=>’powered by abc’" ":version=>/powered[ ]?by ab[0-9]/" ":ghdb=>’intitle:abc \"powered by abc\"’" ":md5=>’8666257030b94d3bdb46e05945f60b42’" –dorks=PLUGIN List Google dorks for the selected plugin.OUTPUT: –verbose, -v Verbose output includes plugin descriptions. Use twice for debugging. –colour,–color=WHEN control whe ther colour is used. WHEN may be `never’, `always’, or `auto’. –quiet, -q Do not display brief logging to STDOUT. –no-errors Suppress error messages.LOGGING: –log-brief=FILE Log brief, one-line output. –log-verbose=FILE Log verbose output. –log-errors=FILE Log errors. –log-xml=FILE Log XML format. –log-json=FILE Log JSON format. –log-sql=FILE Log SQL INSERT statements. –log-sql-create=FILE Create SQL database tables. –log-json-verbose=FILE Log JSON Verbose format. –log-magictree=FILE Log MagicTree XML format. –log-object=FILE Log Ruby object inspection format. –log-mongo-database Name of the MongoDB database. –log-mongo-collection Name of the MongoDB collection. Default: whatweb. –log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0. –log-m ongo-username MongoDB username. Default: nil. –log-mongo-password MongoDB password. Default: nil. –log-elastic-index Name of the index to store results. Default: whatweb –log-elastic-host Host:port of the elastic http interface. Default: 127.0.0.1:9200 PERFORMANCE & STABILITY: –max-threads, -t Number of simultaneous threads. Default: 25. –open-timeout Time in seconds. Default: 15. –read-timeout Time in seconds. Default: 30. –wait=SECONDS Wait SECONDS between connections. This is useful when using a single thread.HELP & MISCELLANEOUS: –short-help Short usage help. –help, -h Complete usage help. –debug Raise errors in plugins. –version Display version information. (WhatWeb 0.5.0).EXAMPLE USAGE:* Scan example.com. ./whatweb exam ple.com* Scan reddit.com slashdot.org with verbose plugin descriptions. ./whatweb -v reddit.com slashdot.org* An aggressive scan of wired.com detects the exact version of WordPress. ./whatweb -a 3 www.wired.com* Scan the local network quickly and suppress errors. whatweb –no-errors 192.168.0.0/24* Scan the local network for https websites. whatweb –no-errors –url-prefix https:// 192.168.0.0/24* Scan for crossdomain policies in the Alexa Top 1000. ./whatweb -i plugin-development/alexa-top-100.txt \ –url-suffix /crossdomain.xml -p crossdomain_xmlLogging & OutputThe following types of logging are supported:–log-brief=FILE Brief, one-line, greppable format–log-verbose=FILE Verbose–log-xml=FILE XML format. XSL stylesheet is provided–log-json=FILE JSON format–log-json-verbose=FILE JSON verbose format–log-magictree=FILE MagicTree XML format–log-object=FILE Ruby object inspection format–log-mongo-database Name of the MongoDB database–log-mongo-collection Name of the MongoDB collection. Default: whatweb–log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0–log-mongo-username MongoDB username. Default: nil–log-mongo-password MongoDB password. Default: nil–log-elastic-index Name of the index to store results. Default: whatweb–log-elastic-host Host:port of the elastic http interface. Default: 127.0.0.1:9200–log-errors=FILE Log errors. This is usually printed to the screen in red.You can output to multiple logs simultaneously by specifying multiple command line logging options. Advanced users who want SQL output should read the source code to see unsupported features.PluginsMatches are made with:Text strings (case sensitive)Regular expressionsGoogle Hack Database queries (limited set of keywords)MD5 hashesURL recognitionHTML tag patternsCustom ruby code for passive and aggressive operationsTo list the plugins supported:$ ./whatweb -lWhatWeb Plugin ListPlugin Name – Description——————————————————————————–1024-CMS – 1024 is one of a few CMS’s leading the way with the implementation…360-Web-Manager – 360-Web-Manager3COM-NBX – 3COM NBX phone system. The NBX NetSet utility is a web interface i…3dcart – 3dcart – The 3dcart Shopping Cart Software is a complete ecommerce s…4D – 4D web application deployment server4images – 4images is a powerful web-based image gallery management system. Fe…… (truncated)Search PluginsTo view more detail about a plugin or search plugins for a keyword:$ ./whatweb -I phpBBWhatWeb Detailed Plugin ListSearching for phpBB================================================================================Plugin: phpBB——————————————————————————–Description: phpBB is a free forum Website: http://phpbb.org/Author: Andrew HortonVersion: 0.3Features: [Yes] Pattern Matching (7) [Yes] Version detection from pattern matching [Yes] Function for passive matches [Yes] Function for aggressive matches [Yes] Google Dorks (1)Google Dorks:[1] "Powered by phpBB"================================================================================Plugin SelectionAll plugins are loaded by default.Plugins can be selected by directories, files or plugin names as a comma delimited list with the -p or –plugin command line option.Each list item may have a modifier: + adds to the full set, – removes from the full set and no modifier overrides the defaults.Examples–plugins +plugins-disabled,-foobar–plugins +/tmp/moo.rb–plugins foobar (only select foobar)-p title,md5,+./plugins-disabled/-p ./plugins-disabled,-md5The –dorks command line option returns google dorks for the selected plugin. For example, –dorks wordpress returns "is proudly powered by WordPress"The –grep, -g command line option searches the target page for the selected string and returns a match in a plugin called Grep if it is found.AggressionWhatWeb features several levels of aggression. By default the aggression level is set to 1 (stealthy) which sends a single HTTP GET request and also follows redirects.–aggression, -a 1. Stealthy Makes one HTTP request per target. Also follows redirects. 2. Unused 3. Aggressive Can make a handful of HTTP requests per target. This triggers aggressive plugins for targets only when those plugins are identified with a level 1 request first. 4. Heavy Makes a lot of HTTP requests per target. Aggressive tests from all plugins are used for all URLs.Level 3 aggressive plugins will guess more URLs and perform actions that are potentially unsuitable without permission. WhatWeb currently does not support any intrusion/exploit level tests in plugins.An example of the different results between level 1 and level 3:A level 1, stealthy scan identifes that smartor.is-root.com/forum/ uses phpBB version 2:$ ./whatweb smartor.is-root.com/forum/http://smartor.is-root.com/forum/ [200] PasswordField[password], HTTPServer[Apache/2.2.15], PoweredBy[phpBB], Apache[2.2.15], IP[88.198.177.36], phpBB[2], PHP[5.2.13], X-Powered-By[PHP/5.2.13], Cookies[phpbb2mysql_data,phpbb2mysql_sid], Title[Smartors Mods Forums – Reloaded], Country[GERMANY][DE]A level 3, aggressive scan triggers additional tests in the phpBB plugin which identifies that the website uses phpBB version 2.0.20 or higher:$ ./whatweb -p plugins/phpbb.rb -a 3 smartor.is-root.com/forum/http://smartor.is-root.com/forum/ [200] phpBB[2,>2.0.20]Note the use of the -p argument to select only the phpBB plugin. It is advisable, but not mandatory, to select a specific plugin when attempting to fingerprint software versions in aggressive mode. This approach is far more stealthy as it will limit the number of requests.WhatWeb has no caching so if you use aggressive plugins on redirecting URLs you may fetch the same files multiple times.Performance & StabilityWhatWeb features several options to increase performance and stability.–max-threads, -t Number of simultaneous threads. Default: 25.–open-timeout Time in seconds. Default: 15–read-timeout Time in seconds. Default: 30–wait=SECONDS Wait SECONDS between connections This is useful when using a single thread.The –wait and –max-threads commands can be used to assist in IDS evasion.Changing the user-agent using the -U or –user-agent command line option will avoid the Snort IDS rule for WhatWeb.If you are scanning ranges of IP addresses, it is much more efficient to use a port scanner like massscan to discover which have port 80 open before scanning with WhatWeb.Character set detection, with the Charset plugin dramatically decreases performance by requiring more CPU. This is required by JSON and MongoDB logging.Optional DependenciesTo enable MongoDB logging install the mongo gem. gem install mongoTo enable character set detection and MongoDB logging install the rchardet gem. gem install rchardet cp plugins-disabled/charset.rb my-plugins/Writing PluginsPlugins are easy to write. Start by going through the plugin tutorials in the my-plugins/ folder.Plugin Tutorials.After progressing through the tutorials read through the Development section of the wiki.Sources for Plugin WritingHow to Develop WhatWeb Plugins (not up to date)Updates & Additional InformationThe WhatWeb development build features regular updates.Check the development branches for unreleased updates.Browse the wiki for more documentation and advanced usage techniques.Wiki: https://github.com/urbanadventurer/WhatWeb/wiki/Release HistoryVersion 0.5.0 Released June 9th, 2019Version 0.4.9 Released November 23rd, 2017Version 0.4.8-dev (Continuous release from 2012 to 2017)Version 0.4.7 Released April 5th, 2011Version 0.4.6 Released March 25th, 2011Version 0.4.5 Released August 17th, 2010Version 0.4.4 Released June 29th, 2010Version 0.4.3 Released May 24th, 2010Version 0.4.2 Released April 30th, 2010Version 0.4.1 Released April 28th, 2010Version 0.4 Released March 14th, 2010Version 0.3 Released at Kiwicon III (kiwicon.org), November 2nd, 2009CreditsDevelopersAndrew Horton (@urbanadventurer)Brendan Coles (@bcoles)ContributorsThank you to the following people who have contributed to WhatWeb.Emilio CasbasLouis NyffeneggerPatrik Wallström (@pawal)Caleb Anderson (@dirtyfilthy)Tonmoy SaikiaAung Khant (@yehgdotnet)Erik Inge Bolsønk@dsigned.grSteve Milner (@ashcrow)Michal AmbrozGremwellSagar Prakash Junnarkar (@sagarjunnarkar)GertBergerQuintin PoirierEric Sesterhenndengjw (@jawa)Pedro Worcel (@droop)Matthieu Keller (@maggick)Peter (2pvdl)Napz (@RootCon)@nilx042Fabian Affolter (@fabaff)Andrew Silvernail (@buff3r)Andre Ricardo (@andrericardo)nikoskPatrick Thomas (@coffeetocode)Guillaume Delcaour (@guikcd)Sean (@wiifm69)Matthieu Keller (@maggick)Raul (@raurodse)Andrew Petro (@apetro)Artem Taranyuk (@610)Matti Paksula (@matti)Tim Smith (@tas50)Sarthak Munshi (@saru95)@rdubourguais@SlivTaMere@Code0x58@iGeek098@andreas-becker@csalazar@golewski@Allactaga@lins05@eliasdorneles@sigitdewanto@elcodigok@SlivTaMere@anozoozianBhavin Senjaliya (@bhavin1223)Janosch Maier (@Phylu)@rmaksimovNaglis Jonaitis (@naglis)Igor Rzegocki (@ajgon)Please let me know if I need to add any more names.Download WhatWeb

Link: http://feedproxy.google.com/~r/PentestTools/~3/47Pvc2gPpgM/whatweb-v050-next-generation-web-scanner.html

Recsech – Tool For Doing Footprinting And Reconnaissance On The Target Web

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .Features in tools Name Release Release Date Auto request with Proxy yes 01/05/19 Find Email yes 01/05/19 HoneySpot Detected yes 01/05/19 Subdomain takeover yes 01/05/19 Check Technologies yes 01/05/19 Whois no N/A Crlf injection no N/A Header Security yes 01/05/19 Update Check yes 01/05/19 Port Scanner yes 02/05/19 Sort Domain By IP yes 02/05/19 WordPress audit no N/A Reconnaissance On Github yes 02/05/19 Language Selection yes 02/05/19 WAF yes 03/05/19 Requirements for using this toolWe need several requirements to use this tool to run smoothly.LinuxPHP 7.xPHP curlWindowsXAMP >= 7.3.5InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/radenvodka/Recsech.git RecsechRecsech Environment Windows (Command Prompt Windows)Download RecsechHow to install to Windows CLI :Extract all files in C: \WindowsEdit Files Recsech.bat , then set your PHP patch (if you have installed xampp on your C drive you don’t need to do this step)@echo offset PATH=%PATH%;C:\xampp\phptitle Recsech – Recon and Researchphp “C:\Windows\Recsech.php" %1Open cmd and do the Recsech command.UsageEnough to execute the command :php Recsech.php example.comor if it doesn’t work, use the command :php Recsech.php debugand don’t forget to ask at issue pageDownload Recsech

Link: http://feedproxy.google.com/~r/PentestTools/~3/fA2yZMgyywc/recsech-tool-for-doing-footprinting-and.html

Vulners Scanner for Android – Passive Vulnerability Scanning Based On Software Version Fingerprint

Vulners Scanner is developed by Vulners Team, the founders and maintainers of one of the world largest security databases.It implements technology of passive vulnerability scanning based on software version fingerprint.Is it legal?Absolutely.The application does not perform any malicious requests, fuzzing or any other interactions that differ from the common browser behavior.Is it accurate?Vulners Scanner is using passive method of vulnerability detection, that’s why there is a risk of false positives.Its report cannot be used as evidence of the vulnerability present or as a compliance check.For the best result found vulnerabilities should be validated with user interaction using advanced software like PortSwigger Burp Suite with Vulners plugin.Download Vulners Scanner for Android

Link: http://feedproxy.google.com/~r/PentestTools/~3/jjXLZCER0Bk/vulners-scanner-for-android-passive.html

Amass – In-depth DNS Enumeration And Network Mapping

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.Information Gathering Techniques Used:DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDB, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ThreatCrowd, VirusTotal, YahooCertificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, EntrustAPIs: BinaryEdge, BufferOver, CIRCL, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan, Twitter, Umbrella, URLScanWeb Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, WaybackHow to InstallPrebuiltA precompiled version is available for each release.If your operating environment supports Snap, you can click here to install, or perform the following from the command-line:sudo snap install amassOn Kali, follow these steps to install Snap and Amass + use AppArmor (for autoload):sudo apt install snapdsudo systemctl start snapdsudo systemctl enable snapdsudo systemctl start apparmorsudo systemctl enable apparmorAdd the Snap bin directory to your PATH:export PATH=$PATH:/snap/binPeriodically, execute the following command to update all your snap packages:sudo snap refreshFor Homebrew on Mac, the following two commands will install Amass into your macOS environment:brew tap caffix/amassbrew install amassUsing DockerBuild the Docker image:sudo docker build -t amass https://github.com/OWASP/Amass.gitRun the Docker image:sudo docker run amass –passive -d example.comThe wordlists maintained in the Amass git repository are available in /wordlists/ within the docker container. For example, to use all.txt:sudo docker run amass -w /wordlists/all.txt -d example.comFrom SourceIf you prefer to build your own binary from the latest release of the source code, make sure you have a correctly configured Go >= 1.10 environment. More information about how to achieve this can be found on the golang website. Then, take the following steps:Download OWASP Amass:go get -u github.com/OWASP/Amass/…If you wish to rebuild the binaries from the source code:cd $GOPATH/src/github.com/OWASP/Amassgo install ./…At this point, the binaries should be in $GOPATH/bin.Several wordlists can be found in the following directory:ls $GOPATH/src/github.com/OWASP/Amass/wordlists/DocumentationGo to the User’s Guide for additional information.Project LeadOWASP: CaffixGitHub: @caffixDownload Amass

Link: http://www.kitploit.com/2019/05/amass-in-depth-dns-enumeration-and.html

H2Buster – A Threaded, Recursive, Web Directory Brute-Force Scanner Over HTTP/2

A threaded, recursive, web directory brute-force scanner over HTTP/2 using hyper, inspired by Gobuster.FeaturesFast and portable – install hyper and run.Multiconnection scanning.Multithreaded connections.Scalable: scans can be as docile or aggressive as you configure them to be.h2 and h2c support.Configurable directory recursion depth.InstallYou only need to install one dependency. If you don’t have hyper, run:pip3 install -r requirements.txtUsageusage: h2buster.py [-h] -w wordlist -u target [-r directory_depth] [-c connections] [-t threads]h2buster: an HTTP/2 web directory brute-force scanner.arguments: -h, –help show this help message and exit -w wordlist Directory wordlist -u target Target URL/IP address. Default port is 443 and HTTPS enabled. To specify otherwise, use ‘:port’ or ‘http://’ (port will default to 80 then). -r directory_depth Maximum recursive directory depth. Minimum is 1, default is 2, unlimited is 0. -c connections Number of HTTP/2 connections. Default is 3. -t threads Number of threads per connection. Default is 15.Download H2Buster

Link: http://feedproxy.google.com/~r/PentestTools/~3/-lNZG_fmj9M/h2buster-threaded-recursive-web.html

VulnX – CMS And Vulnerabilites Detector And An Intelligent Auto Shell Injector

Vulnx is a cms and vulnerabilites detection, an intelligent auto shell injector, fast cms detection of target and fast scanner and informations gathering like subdomains, ipaddresses, country, org, timezone, region, ans and more …Instead of injecting shell and checking it works like all the other tools do, vulnx analyses the response with and recieve if shell success uploaded or no. vulnx is searching for urls with dorks.FeaturesDetect cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)Target informations gatheringsTarget Subdomains gatheringMulti-threading on demandChecks for vulnerabilitesAuto shell injectorExploit dork searcherExploitsJoomlaCom Jce Com Jwallpapers Com Jdownloads Com Weblinks Com Fabrik Com Jdownloads IndexCom Foxcontact Com Blog Com Users Com Ads Manager Com SexycontactformCom Media Mod_simplefileuploadCom Facileforms WordPressSimple Ads Manager InBoundio Marketing WPshop eCommerce Synoptic Showbiz Pro Job Manager Formcraft PowerZoom Download Manager CherryFramework Catpro Blaze SlideShow Wysija-Newsletters DrupalAdd Admin Drupal BruteForcer Drupal Geddon2 PrestaShopattributewizardpro columnadverts soopamobile pk_flexmenu pk_vertflexmenu nvn_export_orders megamenu tdpsthemeoptionpanel psmodthemeoptionpanelmasseditproduct blocktestimonialsoopabannersVtermslideshow simpleslideshow productpageadverts homepageadvertisehomepageadvertise2jro_homepageadvertiseadvancedslider cartabandonmentpro cartabandonmentproOldvideostab wg24themeadministrationfieldvmegamenu wdoptionpanel OpencartOpencart BruteForceAvailable command line optionsREAD VULNX WIKIusage: vulnx [options] -u –url url target to scan -D –dorks search webs with dorks -o –output specify output directory -t –timeout http requests timeout -c –cms-info search cms info[themes,plugins,user,version..] -e –exploit searching vulnerability & run exploits -w –web-info web informations gathering -d –domain-info subdomains informations gathering -l, –dork-list list names of dorks exploits –threads number of threadsDockerVulnX can be launched in docker.$ git clone https://github.com/anouarbensaad/VulnX.git$ cd VulnX$ docker build -t vulnx ./docker/$ docker run -it –name vulnx vulnx:latest -u http://exemple.commake a local volume to view the results into a logfile$ docker run -it –name vulnx -v “$PWD/logs:/VulnX/logs" vulnx:latest -u http://exemple.comInstall VulnX$ git clone https://github.com/anouarbensaad/VulnX.git$ cd VulnX$ chmod + x install.sh$ ./install.shNow run vulnxexample command with options : settimeout=3 , cms-gathering = all , -d subdomains-gathering , run –exploitsvulnx -u http://example.com –timeout 3 -c all -d -w –exploitexample command for searching dorks : -D or –dorks , -l –list-dorksvulnx –list-dorks return table of exploits name. vulnx -D blaze return urls found with blaze dorkVulnX Wiki • How To Use • Compatibility Download VulnX

Link: http://feedproxy.google.com/~r/PentestTools/~3/ARM75rpuTUo/vulnx-cms-and-vulnerabilites-detector.html

Versionscan – A PHP Version Scanner For Reporting Possible Vulnerabilities

Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues.PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of right now, this only reports back for the straight up version reported.InstallationUsing Composer{ “require": { "psecio/versionscan": "dev-master" }}The only current dependency is the Symfony console.UsageTo run the scan against your current PHP version, use:bin/versionscanThe script will check the PHP_VERSION for the current instance and generate the pass/fail results. The output looks similar to:Executing against version: 5.4.24+——–+—————+——+——————————————————————————————————+| Status | CVE ID | Risk | Summary |+——–+—————+——+——————————————————————————————————+| FAIL | CVE-2014-3597 | 6.8 | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 … || FAIL | CVE-2014-3587 | 4.3 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in… |Results will be reported back colorized as well to easily show the pass/fail of the check.ParametersThere are several parameters that can be given to the tool to configure its scans and results:PHP VersionIf you’d like to define a PHP version to check other than the one the script finds itself, you can use the php-version parameter:bin/versionscan scan –php-version=4.3.2Report Only FailuresYou can also tell the versionscan to only report back the failures and not the passing tests:bin/versionscan scan –fail-onlySorting resultsYou can also sort the results either by the CVE ID or by severity (risk rating), with the sort parameter and either the "cve" or "risk" value:bin/versionscan scan –sort=riskOutput formatsBy default versionscan will output information directly to the console in a human-readable result. You can also specify other output formats that may be easier to parse programatically (like JSON). Use the –format option to change the output:vendor/bin/versionscan scan –php-version=5.5 –format=jsonSupported output formats are console, json, xml and html.The HTML output format requires an –output option of the directory to write the file:vendor/bin/versionscan scan –php-version=5.5 –format=html –output=/var/www/outputThe result will be written to a file named something like versionscan-output-20150808.htmlDownload Versionscan

Link: http://www.kitploit.com/2019/05/versionscan-php-version-scanner-for.html

XSSCon – Simple XSS Scanner Tool

Powerfull Simple XSS Scanner made with python 3.7InstallingRequirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/menkrep1337/XSSConcd XSSConpython3 xsscon.py –help UsageBasic usage:python3 xsscon.py -u http://testphp.vulnweb.comAdvanced usage see help: python3 xsscon.py –helpRoadmapv0.3B: Added custom options ( Such –proxy, –user-agent etc… ) First launched v0.3B Patch:Added support for form method GETDownload XSSCon

Link: http://feedproxy.google.com/~r/PentestTools/~3/7yTza_ZfCho/xsscon-simple-xss-scanner-tool.html