Showing posts with label Exploit. Show all posts
Showing posts with label Exploit. Show all posts

Sunday, April 14, 2013

[ExploitSearch.net] Exploit / Vulnerability Search Engine



Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. 

Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases/websites and parses the contained data. Once the data is collected and parsed, it is inserted into the www.exploitsearch.net database and becomes available for searching. 


Posted by at No comments:
Labels: , , , , ,

Thursday, November 29, 2012

[Xenotix] XSS Exploit Framework 2013 v2 Released


Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features: 

  • Built in XSS Payloads
  • XSS Key logger
  • XSS Executable Drive-by downloader
  • Automatic XSS Testing
  • XSS Encoder
  • XSS Reverse Shell (new)
Download Xenotix XSS Exploit Framework 2013 v2
Posted by at No comments:
Labels: , , , , ,

Sunday, November 4, 2012

[ExploitShield Browser Edition] Forget about browser vulnerabilities

ExploitShield+Browser+Edition
 
ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.
Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.
 
ScreenShot00087
 
No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

Posted by at No comments:
Labels: , , , , ,

Saturday, November 3, 2012

[BeEF 0.4.3.8] Browser Exploitation Framework

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. 
 
beef
Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.
Posted by at No comments:
Labels: , , , ,

[Burp Suite] Free Edition v1.5

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.  Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.
Burp+Suite+Free+Edition+v1.5+released
Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
User Interface:
  • Burp's UI has been completely overhauled, to improve looks and usability:
  • Fonts are now available throughout the UI, with corresponding resizing of all UI elements (tables, dialogs, buttons, etc.).
  • There are configurable hotkeys for all common functions.
  • Intruder and Repeater now have smart tabs, which you can drag to reorder, and click to create, close or rename.
  • Tables are natively sortable everywhere, except where the row ordering is part of the options you are configuring.
  • Text fields now have context-aware auto-complete memory.
Burp now implements sslstrip-style functionality, allowing you to use non-SSL-capable tools against HTTPS applications, or to perform active MITM attacks against users who begin browsing using HTTP.
Posted by at No comments:
Labels: , , , , , , ,

Friday, November 2, 2012

[Scylla] v1 Penetration Testing Tool - Because there's no patch for human stupidity

Scylla+v1+Penetration+Testing+Tool

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works.

Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs dynamically. Scylla aims to be a better tool for security auditors, extremely fast, designed based on real scenarios, developed by experienced coders and constructed with actual IT work methods.
The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits. Scylla is a tool to audit different online application protocols and configurations, built over a brute-force core.

This tool acts as a tool for unifying auditing techniques, in other words, it does what oscanner, winfingerprint, Hydra, DirBuster, and other tools do, and also what those tools don't do.


Supported Protocols


  • Terminal (Telnet, SSH, telnets)
  • FTP (FTPS, FTP, SFTP)
  • SMB (Also Windows RPC)
  • LDAP
  • POP3 (POP3S)
  • SMTP (SMTPS)
  • IMAP
  • MySql
  • MSSQL
  • Oracle (Database and TNS Listener)
  • DB2 (Database and DAS)
  • HTTP(HTTPS; Basic AUTH Brute Force, Digest AUTH Brute Force, Form Brute Force, Directory and files Brute Force)
  • DNS (DNS snooping)
  • Postgres SQL
Basic features:
- User, password list based Brute force
- Multiple hosts support
- Multiple session support
- Nmap integration
- Non-synchronized threads (proof to be a bit faster)
- Ability to restore sessions
- Session auto-saving (based on SQL Server CE)
- Easy to use
- Auto configured options
- Hacker oriented
- Free, and always free
- Database browser (who have hacked a DB and don’t have a DB client to connect to it- And worse if you don’t have internet)
- Open source tool

Screen Shots, lots of screen shots
Scylla 
 AboutMSSQLReport 
 NmapWrapper 
 AfterNmapWrapper 
 DB2 
 DB2DBBrowse FTP HTTP MSSQL MSSQLExec MySQL Oracle 
 Postgres 
 ReportViewerOracle 
 SMB 
 SMTP 
 DBBrowserResults
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)