OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u
Tag: Vulnerability Scanner
Syhunt Community Hybrid Scanner v6.2
Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detailed vulnerability information – Syhunt is also composed by a deep crawler able to fully map a website structure and an automated injector able to adapt, mutate, analyze and test the web application response to thousands of different web attacks.ChangeLog:Added source code scan for Node.js based web applications. Syhunt 6.2 is able to scan the source code of the Node.js web applications for security vulnerabilities with coverage for the Express and Koa frameworks. Version 6.2 adds code checks targeting Node.js web apps, covering: Cross-Site Scripting (XSS), Code Injection, HTTP Header Injection, Log Forging and more.Added the ability to scan the source code of Java EE and JSP web applications for security vulnerabilities. Syhunt tested and reviewed the 6.1 code scanner results with the help of over 1600 vulnerable Java web apps originated from the WAVSEP project, the NIST SAMATE project and Syhunt Lab’s own test cases, reaching highly accurate detection rates of security flaws. Added the ability to scan (though in beta form) the source code of Lua-based web applications compatible with Apache’s mod_lua, CGILua and Lua Pages for vulnerabilities such as XSS, Code Injection, HTTP Header Injection and more.Other improvements:Improved XSS detection in multiple languages (classic ASP, ASP.NET & PSP).Improved input filtering analysis.Improved speed (scan optimization).Improved support for short write tag in multiple languages.Automatic Python WSGI script detection.Download Syhunt Community hybrid scanner version 6.2
Link: http://feedproxy.google.com/~r/PentestTools/~3/naMgg9bwzAY/syhunt-community-hybrid-scanner-v62.html
Lynis 2.6.8 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.6.8 (2018-08-23)### Changed- BOOT-5104 – improved parsing of boot parameters to init process- PHP-2372 – test all PHP files for expose_php and improved logging- Alpine Linux detection for Docker audit- Docker check now tests also for CMD, ENTRYPOINT, and USER configuration- Improved display in Docker output for showing which keys are used for signingDownload Lynis 2.6.8
Link: http://feedproxy.google.com/~r/PentestTools/~3/crZYwFyGbEM/lynis-268-security-auditing-tool-for.html
Lynis 2.6.7 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.6.7### Changed- BOOT-5104 – Added busybox as a service manager- KRNL-5677 – Limit PAE and no-execute test to AMD64 hardware only- LOGG-2190 – Ignore /dev/zero and /dev/[aio] as deleted files- SSH-7408 – Changed classification of SSH root login with keys- Docker scan uses new format for maintainer value- New URL structure on CISOfy website implemented for Lynis controlsDownload Lynis 2.6.7
Link: http://feedproxy.google.com/~r/PentestTools/~3/cjXe5Qqu-Uw/lynis-267-security-auditing-tool-for.html
JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project
OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u
Raccoon – A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning
Offensive Security Tool for Reconnaissance and Information Gathering.FeaturesDNS detailsDNS visual mapping using DNS dumpsterWHOIS informationTLS Data – supported ciphers, TLS versions, certificate details and SANsPort ScanServices and scripts scanURL fuzzing and dir/file detectionSubdomain enumeration – uses Google dorking, DNS dumpster queries, SAN discovery and bruteforceWeb application data retrieval: CMS detectionWeb server info and X-Powered-Byrobots.txt and sitemap extractionCookie inspectionExtracts all fuzzable URLsDiscovers HTML formsRetrieves all Email addressesDetects known WAFsSupports anonymous routing through Tor/ProxiesUses asyncio for improved performanceSaves output to files – separates targets by folders and modules by filesRoadmap and TODOsSupport multiple hosts (read from file)Rate limit evasionOWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.)SearchSploit lookup on resultsIP ranges supportCIDR notation supportMore output formatsAboutRaccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.As most of Raccoon’s scans are independent and do not rely on each other’s results, it utilizes Python’s asyncio to run most scans asynchronously.Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.For more options – see “Usage".InstallationFor the latest stable version:pip install raccoon-scannerOr clone the GitHub repository for the latest features and changes:git clone https://github.com/evyatarmeged/Raccoon.gitcd Raccoonpython raccoon_src/main.pyPrerequisitesRaccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon.OpenSSL is also used for TLS/SSL scans and should be installed as well.UsageUsage: raccoon [OPTIONS]Options: –version Show the version and exit. -t, –target TEXT Target to scan [required] -d, –dns-records TEXT Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT –tor-routing Route HTTP traffic through Tor (uses port 9050). Slows total runtime significantly –proxy-list TEXT Path to proxy list file that would be used for routing HTTP traffic. A proxy from the list will be chosen at random for each request. Slows total runtime –proxy TEXT Proxy address to route HTTP traffic through. Slows total runtime -w, –wordlist TEXT Path to wordlist that would be used for URL fuzzing -T, –threads INTEGER Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25 –ignored-response-codes TEXT Comma separated list of HTTP status code to ignore for fuzzing. Defaults to: 302,400,401,402,403,404,503,504 –subdomain-list TEXT Path to subdomain list file that would be used for enumeration -S, –scripts Run Nmap scan with -sC flag -s, –services Run Nmap scan with -sV flag -f, –full-scan Run Nmap scan with both -sV and -sC -p, –port TEXT Use this port range for Nmap scan instead of the default –tls-port INTEGER Use this port for TLS queries. Default: 443 –skip-health-check Do not test for target host availability -fr, –follow-redirects Follow redirects when fuzzing. Default: True –no-url-fuzzing Do not fuzz URLs –no-sub-enum Do not bruteforce subdomains -q, –quiet Do not output to stdout -o, –outdir TEXT Directory destination for scan output –help Show this message and exit.ScreenshotsHTB challenge example scan: Results folder tree after a scan:Download Raccoon
Link: http://feedproxy.google.com/~r/PentestTools/~3/qSSk6PggN6c/raccoon-high-performance-offensive.html
Lynis 2.6.6 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.6.6### Improvements* New format of changelog (https://keepachangelog.com/en/1.0.0/)* KRNL-5830 – improved log text about running kernel version### Fixed* Under some condition no hostid2 value was reported* Solved ‘extra operand’ issue with tr commandDownload Lynis 2.6.6
Link: http://feedproxy.google.com/~r/PentestTools/~3/Uhut5ppDgZI/lynis-266-security-auditing-tool-for.html
Lynis 2.6.5 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteLynis 2.6.5 (2018-06-26)Tests:——* [MAIL-8804] – Exim configuration test* [NETW-2704] – Use FQDN to test status of a nameserver instead of own IP address* [SSH-7402] – Improved test to allow configurations with a Match blockLynis 2.6.4 (2018-05-02)Changes:——–* Several contributions merged, including grammar improvements* Initial support for Ubuntu 18.04 LTS* Small enhancements for usageTests:——* [AUTH-9308] – Made ‘sulogin’ more generic for systemd rescue shell* [DNS-1600] – Initial work on DNSSEC validation testing* [NETW-2704] – Added support for local resolver 127.0.0.53* [PHP-2379] – Suhosin test disbled* [SSH-7408] – Removed ‘DELAYED’ from OpenSSH Compression setting* [TIME-3160] – Improvements to detect step-tickers file and entriesDownload Lynis 2.6.5
Link: http://feedproxy.google.com/~r/PentestTools/~3/3zL0e-Fj9xA/lynis-265-security-auditing-tool-for.html
Fuxi Scanner – Network Security Vulnerability Scanner
Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.Vulnerability detection & managementAuthentication TesterIT asset discovery & managementPort scannerSubdomain scannerAcunetix Scanner (Integrate Acunetix API)InstallationDocumentationUsageVulnerability ScannerThe scanner module integrate an open-sourced remote vulnerability testing and PoC development framework – PocsuiteLike Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.You can acquiring PoC scripts from Seebug communityThe target can be IP, network segment or URL.You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding StyleAsset ManagementIT Asset Registration:Automatic Service Discovery:You can scan the vulnerability by searching and filtering out specific servicesAuthentication TesterThis’s a login cracker that supports many protocols to attack (HTTP Basic Auth, SSH, MySQL, Redis).The target can be IP, network segment or URL.Subdomain ScannerIt helps penetration testers and bug hunters collect and gather subdomains for the domain they are targetingYou can improved wordlist in settings for finding more subdomainsAcunetix ScannerThis module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner APIYou can scan multiple websites at the same timePort ScannerPort scanner allows you to discover which TCP ports are open on your target host.Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target systemSettingsLinksHomepage: https://fuxi-scanner.comDownload: .tar or .zipAuthor E-mail: jeffzh3ng@gmail.comAuthor telegram: jeffzhangDownload Fuxi-Scanner
Link: http://feedproxy.google.com/~r/PentestTools/~3/zUX26xie4uc/fuxi-scanner-network-security.html
VOOKI – Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.Vooki – Web Application Scanner can help you to find the following attacksSql InjectionCommand InjectionHeader InjectionCross site scripting – reflected,Cross site scripting – storedCross site scripting – dom basedMissing security headersMalicious JS script executionUsing components with known vulnerabilitiesJquery VulnerabilitesAngularjs VulnerabilitesBootstrap VulnerabilitiesSensitive Information disclosure in response headersSensitive Information disclosure in error messagesMissing Server Side ValidationJavascript Dyanamic Code ExecutionSensitive Data ExposureHow to use Vooki Web Application ScannerStart Application.Connect the browser proxy to Vooki port.Visit al the pages of your web application.Right click on node appearing on Vooki tool and click on the scan.After scan gets completed click on generate report from the menu bar.Rest API ScannerVooki – Rest API Scanner can help you to find the following attacksSql InjectionCommand InjectionHeader InjectionCross site scripting ( possibilities )Missing security headersSensitive Information disclosure in response headersSensitive Information disclosure in error messagesMissing Server Side input ValidationUnwanted use of HTTP methodsImproper HTTP ResponseHow to use Vooki Rest ScannerStart Application.Create new Project.Add the new request in created project.Provide proper headers, url and data.Save and run the scan from the menu bar.After scan gets completed click on generate report from the menu bar.Download VOOKI
Link: http://feedproxy.google.com/~r/PentestTools/~3/qpxLUdYSElE/vooki-web-application-vulnerability.html