Xssizer – The Best Tool To Find And Prove XSS Flaws

According to WikiPediaCross-site scripting is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.xssizer helps penetration tester, bug hunters and other security professionals to easily detect such vulnerabilities and produces a ready-to-use PoC exploit for demostration.Installationgit clone https://github.com/noLogicXD/xssizer.gitcp xssizer -r /var/www/html/xssizerservice apache2 startThen open localhost/xssizer/pro.php in your browser.User interfacexssizer has a user friendly and straight forward interface Testimoniesxssizer’s private beta version recieved tremendous amount of appreciation from the beta testers. Here are some of the best compilments Mahmoud Osama “I have to say that Brute Logic’s KNOXSS is the best XSS tool I have ever seen! I have just got rewarded with bounty on YesWeHack for DOM XSS."Hussain Adnan "You buy KNOXSS for ~$100 and by it [you] win $5000!" Emad Shanab "I would like to thank KNOXSS for bypassing Akamai WAF and getting the magic alert box in famous credit card company."Words from AuthorThank you for using xssizer. Please follow me on twitter @SecurityJoker. Download Xssizer

Link: http://feedproxy.google.com/~r/PentestTools/~3/LmLCMU0hGVQ/xssizer-best-tool-to-find-and-prove-xss.html

Manual Vulnerability Detection

Typically during penetration tests, scanners are used to detect vulnerabilities. Sometimes security professionals may want to go undetected to test the response of the blue team (aka defensive security) and the security controls of an organization. However, vulnerability scanners are quickly detected due to the amount of network traffic generated by these tools. There are also times that standard, automated scans may miss vulnerabilities. To solve for these issues, manual vulnerability testing is required. Vulnerability scanners should always be used during pentests to ensure that you detect the easy-to-find vulnerabilities quickly and more efficiently, but manual testing should also be done alongside regular scans. Manual vulnerability detection takes more effort and knowledge, but it is a much-needed skill for the advanced pentester. This article will show you how!
The post Manual Vulnerability Detection appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/features/root/manual-vulnerability-detection/

VulnWhisperer – Create Actionable Data From Your Vulnerability Scans

Create actionable data from your vulnerability scans VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one, using that data later to sync with Jira and feed Logstash. Jira does a closed cycle full Sync with the data provided by the Scanners, while Logstash indexes and tags all of the information inside the report (see logstash files at /resources/elk6/pipeline/). Data is then shipped to ElasticSearch to be indexed and ends up in a visual and searchable format in Kibana with already defined dashboards.Currently SupportsVulnerability FrameworksNessus (v6/v7/v8)Qualys Web ApplicationsQualys Vulnerability ManagementOpenVAS (v7/v8/v9)Tenable.ioDetectifyNexposeInsight VMNMAPBurp SuiteOWASP ZAPMore to comeReporting FrameworksELKJiraSplunkGetting StartedFollow the install requirementsFill out the section you want to process in frameworks_example.ini file[JIRA] If using Jira, fill Jira config in the config file mentioned above.[ELK] Modify the IP settings in the Logstash files to accommodate your environment and import them to your logstash conf directory (default is /etc/logstash/conf.d/)[ELK] Import the Kibana visualizationsRun VulnwhispererNeed assistance or just want to chat? Join our slack channelRequirementsPython 2.7Vulnerability ScannerReporting System: Jira / ElasticStack 6.6Install Requirements-VulnWhisperer(may require sudo)Install OS packages requirement dependencies (Debian-based distros, CentOS don’t need it)sudo apt-get install zlib1g-dev libxml2-dev libxslt1-dev (Optional) Use a python virtualenv to not mess with host python librariesvirtualenv venv (will create the python 2.7 virtualenv)source venv/bin/activate (start the virtualenv, now pip will run there and should install libraries without sudo)deactivate (for quitting the virtualenv once you are done)Install python libraries requirementspip install -r /path/to/VulnWhisperer/requirements.txtcd /path/to/VulnWhispererpython setup.py install(Optional) If using a proxy, add proxy URL as environment variable to PATHexport HTTP_PROXY=http://example.com:8080export HTTPS_PROXY=http://example.com:8080Now you’re ready to pull down scans. (see run section)ConfigurationThere are a few configuration steps to setting up VulnWhisperer:Configure Ini fileSetup Logstash FileImport ElasticSearch TemplatesImport Kibana Dashboardsframeworks_example.ini fileRunTo run, fill out the configuration file with your vulnerability scanner settings. Then you can execute from the command line.(optional flag: -F -> provides “Fancy" log colouring, good for comprehension when manually executing VulnWhisperer)vuln_whisperer -c configs/frameworks_example.ini -s nessus orvuln_whisperer -c configs/frameworks_example.ini -s qualysIf no section is specified (e.g. -s nessus), vulnwhisperer will check on the config file for the modules that have the property enabled=true and run them sequentially.Next you’ll need to import the visualizations into Kibana and setup your logstash config. You can either follow the sample setup instructions [here](https://github.com/HASecuritySolutions/VulnWhisperer/wiki/Sample-Guide-ELK-Deployment) or go for the `docker-compose` solution we offer. Docker-composeELK is a whole world by itself, and for newcomers to the platform, it requires basic Linux skills and usually a bit of troubleshooting until it is deployed and working as expected. As we are not able to provide support for each users ELK problems, we put together a docker-compose which includes:VulnWhispererLogstash 6.6ElasticSearch 6.6Kibana 6.6The docker-compose just requires specifying the paths where the VulnWhisperer data will be saved, and where the config files reside. If ran directly after git clone, with just adding the Scanner config to the VulnWhisperer config file (/resources/elk6/vulnwhisperer.ini), it will work out of the box.It also takes care to load the Kibana Dashboards and Visualizations automatically through the API, which needs to be done manually otherwise at Kibana’s startup.For more info about the docker-compose, check on the docker-compose wiki or the FAQ.Getting StartedOur current Roadmap is as follows:Create a Vulnerability StandardMap every scanner results to the standardCreate Scanner module guidelines for easy integration of new scanners (consistency will allow #14)Refactor the code to reuse functions and enable full compatibility among modulesChange Nessus CSV to JSON (Consistency and Fix #82)Adapt single Logstash to standard and Kibana DashboardsImplement Detectify ScannerImplement Splunk Reporting/DashboardsOn top of this, we try to focus on fixing bugs as soon as possible, which might delay the development. We also very welcome PR’s, and once we have the new standard implemented, it will be very easy to add compatibility with new scanners.The Vulnerability Standard will initially be a new simple one level JSON with all the information that matches from the different scanners having standardized variable names, while maintaining the rest of the variables as they are. In the future, once everything is implemented, we will evaluate moving to an existing standard like ECS or AWS Vulnerability Schema; we prioritize functionality over perfection.Video Walkthrough — Featured on ElasticWebinarAuthorsAustin Taylor (@HuntOperator)Justin Henderson (@smapper)ContributorsQuim Montal (@qmontal)@pemontto@cybergoofDownload VulnWhisperer

Link: http://www.kitploit.com/2019/07/vulnwhisperer-create-actionable-data.html

SUDO_KILLER – A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo

If you like the project and for my personal motivation so as to develop other tools please a +1 star *SUDO_KILLERSUDO_KILLER is a tool which help to abuse SUDO in different ways and with the main objective of performing a privilege escalation on linux environment.The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the used of dangerous binary, all of these could be abuse to elevate privilege to ROOT.SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege.SUDO_KILLER does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended.Default usageExample: ./sudo_killer.sh -c -r report.txt -e /tmp/Arguments-k : Keywords -e : export location (export /etc/sudoers) -c : include CVE checks with respect to sudo version -s : supply user password for sudo checks (not recommended ++except for CTF) -r : report name (save the output) -h : helpCVEs checkTo update the CVE database : run the following script ./cve_update.shIMPORTANT !!!If you need to input a password to run sudo -l then the script will not work if you don’t provide a password with the argument -s.**NOTE : sudo_killer does not exploit automatically by itself, it was designed like this on purpose but check for misconguration and vulnerabilities and then propose you the following (if you are lucky the route to root is near!) :a list of commands to exploita list of exploitssome description on how and why the attack could be performedWhy is it possible to run “sudo -l" without a password?By default, if the NOPASSWD tag is applied to any of the entries for a user on a host, he or she will be able to run "sudo -l" without a password. This behavior may be overridden via the verifypw and listpw options.However, these rules only affect the current user, so if user impersonation is possible (using su) sudo -l should be launched from this user as well.Sometimes the file /etc/sudoers can be read even if sudo -l is not accessible without password.Testing the tool :)Will soon provide a docker to test the different scenarios 🙂 … Stay connected!Download SUDO_KILLER

Link: http://feedproxy.google.com/~r/PentestTools/~3/grcbPtCQkyg/sudokiller-tool-to-identify-and-exploit.html