JoomScan 0.0.5 – OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.WHY OWASP JOOMSCAN ?If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.INSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.comEnumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;"Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan 0.0.5 [KLOT]Update components databaseBug fixed (updating module)Allow start from any pathUpdate backup finder databaseUpdate report moduleUpdate validate target method HTTPS improvementsFix issue #11 – Incorrect URL output for HTTPS siteFix issue #12 – Components scan output issuesFix issue #13 – Check a server is live or not!Fix issue #9 – Disable redirectable requests for components finder moduleA few enhancementsOWASP JoomScan 0.0.1 introduction (Youtube)Download Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/3APBxF3X-7U/joomscan-005-owasp-joomla-vulnerability.html

JoomScan – OWASP Joomla Vulnerability Scanner Project

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them.WHY OWASP JOOMSCAN ?If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever! This Project is being faster than ever and updated with the latest Joomla vulnerabilities.INSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.comEnumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;"Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan 0.0.1 introduction (Youtube)Download Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/wpsXNJKZcbU/joomscan-owasp-joomla-vulnerability.html

BlackWidow – A Python Based Web Application Scanner To Gather OSINT And Fuzz For OWASP Vulnerabilities On A Target Website

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities.DEMO VIDEO:FEATURES:Automatically collect all URL’s from a target websiteAutomatically collect all dynamic URL’s and parameters from a target websiteAutomatically collect all subdomains from a target websiteAutomatically collect all phone numbers from a target websiteAutomatically collect all email addresses from a target websiteAutomatically collect all form URL’s from a target websiteAutomatically scan/fuzz for common OWASP TOP vulnerabilitiesAutomatically saves all data into sorted text filesLINUX INSTALL:cp blackwidow /usr/bin/blackwidow cp injectx.py /usr/bin/injectx.pypip install -r requirements.txtUSAGE:blackwidow -u https://target.com – crawl target.com with 3 levels of depth.blackwidow -d target.com -l 5 – crawl the domain: target.com with 5 levels of depth.blackwidow -d target.com -l 5 -c ‘test=test’ – crawl the domain: target.com with 5 levels of depth using the cookie ‘test=test’blackwidow -d target.com -l 5 -s y – crawl the domain: target.com with 5 levels of depth and fuzz all unique parameters for OWASP vulnerabilities.injectx.py https://test.com/uers.php?user=1&admin=true – Fuzz all GET parameters for common OWASP vulnerabilities.DOCKER:git clone https://github.com/1N3/BlackWidow.gitcd BlackWidowdocker build -t BlackWidow .docker run -it BlackWidow # Defaults to –helpDownload BlackWidow

Link: http://feedproxy.google.com/~r/PentestTools/~3/0n-C7XOMkqQ/blackwidow-python-based-web-application.html

DVHMA – Damn Vulnerable Hybrid Mobile App (For Android) That Intentionally Contains Vulnerabilities

Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely.Motivation and ScopeThis app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge.InstallationPrerequisitesWe assume that theAndroid SDK (https://developer.android.com/sdk/index.html) andApache Cordova (https://cordova.apache.org/), version 6.3.0 or later are installed.Moreover, we assume a basic familiarity with the build system of Apache Cordova.Building DVHMASetting Environment Variablesexport ANDROID_HOME=export PATH=$ANDROID_HOME/tools:$PATHexport PATH=$ANDROID_HOME/platform-tools:$PATHCompiling DVHMAcd DVHMA-Featherweightcordova plugin add ../plugins/DVHMA-Storagecordova plugin add ../plugins/DVHMA-WebIntent cordova platform add androidcordova compile androidRunning DVHMA in an Emulatorcordova run android Team MembersThe development of this application started as part of the project ZertApps. ZertApps was a collaborative research project funded by the German Ministry for Research and Education. It is now developed and maintained by the Software Assurance & Security Research Team at The University of Sheffield, UK.The core developers of DVHMA are:Achim D. BruckerMichael HerzbergPublicationsAchim D. Brucker and Michael Herzberg. On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache Cordova Nation. In International Symposium on Engineering Secure Software and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages 72-88, Springer-Verlag, 2016. https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016 doi: 10.1007/978-3-319-30806-7_5Download DVHMA

Link: http://feedproxy.google.com/~r/PentestTools/~3/blm_ZImRphM/dvhma-damn-vulnerable-hybrid-mobile-app.html