Sunday, March 22, 2015

Best / Open Source Wordpress Vulnerability Scanner

WPScan :

                 is a black box WordPress vulnerability scanner.


WPScan comes pre-installed on the following Linux distributions:
Prerequisites:
  • Ruby >= 1.9.2 - Recommended: 2.2.1
  • Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
  • RubyGems - Recommended: latest
  • Git
 Download Link : https://github.com/wpscanteam/wpscan

Flunym0us :

                   is a Vulnerability Scanner for Wordpress and Moodle.





                 Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.


Flunym0us requires python.

Arguments allowed:
-h, --help: Show this help message and exit
-wp, --wordpress: Scan WordPress site
-mo, --moodle: Scan Moodle site
-H HOST, --host HOST: Website to be scanned

Download Link : https://code.google.com/p/flunym0us/downloads/list

 Timthumb :

                Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

            Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.


Download Link : https://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip

 Vane :

          is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan.




Prerequisites

  • Windows not supported
  • Ruby => 1.9
  • RubyGems
  • Git
Download Link : https://github.com/delvelabs/vane


WordPress Security Scan

                           Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

Online URL : http://hackertarget.com/wordpress-security-scan/

 






Friday, March 20, 2015

Best / Open Source Tools for Security / Network Monitoring

Nagios:

              is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes. 
              
             Nagios is a powerful, enterprise-class host, service, application, and network monitoring program. Designed to be fast, flexible, and rock-solid stable. Nagios runs on *NIX hosts and can monitor Windows, Linux/Unix/BSD, Netware, and network devices.








             Designed with scalability and flexibility in mind, Nagios gives you the peace of mind that comes from knowing your organization's business processes won't be affected by unknown outages.


             Nagios is a powerful tool that provides you with instant awareness of your organization's mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end-users and customers.

Download Link : http://sourceforge.net/projects/nagios/

or

http://www.nagios.org/download/

 

OpenSMART :

Open (Source|System) Monitoring and Reporting Tool, can do that for you.

OpenSMART is a rich featured monitoring and reporting tool, including:
  • easy to use web frontend
  • many predefined checks for application and system monitoring
  • abiltiy to monitor HA cluster applications
  • notification of administrators by email / SMS or anything else you can script
  • collection and ad-hoc reporting of many system figures like disk space or CPU consumption
  • many checks for application monitoring report their response time, too

OpenSMART saves its data (monitoring data and reporting data) in a database. This enables you to
  • get your SLA reporting data from your database
  • get your monthly/weekly/daily performance data from your database
  • do trend analyses with your response times.
 Download Link : http://opensmart.sourceforge.net/index.php/downloads

 Icinga :

               is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations.


Features

  • Monitor host and service status
  • View the whole network and map dependencies
  • Gather performance and utilization data
  • Build in redundancy with distributed monitoring
  • Customize multiple users access, notifications and views

Download Link : https://www.icinga.org/download/

or

http://sourceforge.net/projects/icinga/

 

 Cacti :

              is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.


 
               Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and  populate them with data in a MySQL database. The frontend is completely PHP driven.
 


Download Link : http://www.cacti.net/download_cacti.php

or 

http://sourceforge.net/projects/cacti/

NeDi :

         is a lightwheight network management framework, which is based on a scheduled discovery, a SQL backend and a web based user interface.

         NeDi proofs to be a valuable tool for the security team as well. Keep track of wired and wireless clients throughout your entire network. You’ll be able to see IP changes and which hosts have more than one address. The upcoming host identification feature, expands NeDi’s awareness beyond the network layers and can locate vulnerable SSH servers for example…



Download Link : http://www.nedi.ch/download/

or

http://sourceforge.net/projects/nedi/?source=navbar

Observium :

                 is an autodiscovering PHP/MySQL based network monitoring system focused primarily on Cisco and Linux networks but includes support for a wide range of network hardware and operating systems.


                 Observium is an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network.
                 Observium Community is available free and open source. Observium Professional adds rapid patches, security fixes and additional features and hardware support for a small yearly license fee.





Download Link : http://observium.org/wiki/Download

or

http://sourceforge.net/projects/projectobserver/

ZABBIX :

                is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices and other IT resources. It supports distributed and WEB monitoring, auto-discovery, and more.

An enterprise-class distributed monitoring solution for networks & apps




Zabbix Features

  •     Monitor Everything
  •     Enterprise Ready
  •     Proactive Monitoring
  •     Capacity Planning
  •     True Open Source
  •     Business Solutions


Download Link : http://www.zabbix.com/download.php

or

http://sourceforge.net/projects/zabbix/
 

Monday, March 16, 2015

Best / Open Automated and Manual Source Code Analysis Tool - Android

Lint :

        Android lint tool is a static code analysis tool that checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization.





     Android Studio, the configured lint and other IDE inspections run automatically whenever you compile your program. You can also manually run inspections in Android Studio by selecting Analyze > Inspect Code from the application or right-click menu. The Specify Inspections Scope dialog appears so you can specify the desired inspection profile and scope.

    lint tool processes the application source files.


You can configure lint checking at different levels:
  • Globally, for the entire project
  • Per project module
  • Per production module
  • Per test module
  • Per open files
  • Per class hierarchy
  • Per Version Control System (VCS) scopes

Configuring lint in Android Studio

Android Studio allows you to enable or disable individual inspections and configure project-global, directory-specific, and file-specific settings for lint.
You can manage inspection profiles and configure inspection severity within Android Studio using the File > Settings > Project Settings menu to open the Inspections page with a list of the supported profiles and inspections.





Download Link : http://developer.android.com/sdk/index.html#win-bundle

 Agnitio :

           A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.




Features


  • Security code reviews
  • Security code review metrics and reporting
  • Application security code review tool
  • Static analysis security guidance and reporting
Download Link : http://sourceforge.net/projects/agnitiotool/files/latest/download

DroidBench :

                       is an open test suite for evaluating the effectiveness of taint-analysis tools specifically for Android apps. The suite can be used to assess both static and dynamic taint analyses, but in particular it contains test cases for interesting static-analysis problems (field sensitivity, object sensitivity, tradeoffs in access-path lengths etc.) as well as for Android-specific challenges like correctly modeling an application’s lifecycle, adequately handling asynchronous callbacks and interacting with the UI.




Version 1.1 comprises the following categories
  • Arrays and Lists
  • Callbacks
  • Field and Object Sensitivity
  • Inter-App Communication
  • Lifecycle
  • General Java
  • Miscellaneous Android-Specific
  • Implicit Flows
  • Reflection

 Download Link : https://github.com/secure-software-engineering/DroidBench

SuSi:

        is a tool for the fully automated classification and categorization of Android framework sources and sinks

       There exist different kinds of sensitive sources and sinks in the area of Android security. For instance, the user’s location information or address book can be treated as a source, while the network connection or the SMS message sending facilities can be seen as sinks. In general, sources and sinks are accessed through specific API methods (e.g, getLastKnownLocation() for the user’s current location).




     SuSi is a tool that automatically generates a list of Android sources and sinks by analyzing the complete Android source code. Our approach is version-independent and can simply be run again when a new Android version is released. This relieves security analysts from having to regularly create new lists of sources and sinks by hand.


Download Link : https://github.com/secure-software-engineering/SuSi

     



DidFail:

            DidFail (Droid Intent Data Flow Analysis for Information Leakage) uses static analysis to detect potential leaks of sensitive information within a set of Android apps. DidFail combines and augments FlowDroid (which identifies intra-component information flows) and Epicc (which identifies properties of intents such as its action string) to track both inter-component and intra-component data flow in a set of Android applications. DidFail's two-phase analysis allows for fast user-response time by using precomputed phase-1 analysis results.

Note:

  • This tool is a research prototype. It is not intended for industrial use. 
Download Link : https://www.cs.cmu.edu/~wklieber/didfail/didfail.zip

Androwarn :

                   is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.







The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali.

Download Link : https://github.com/maaaaz/androwarn


FlowDroid – Taint Analysis :

                          FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android we aim for an analysis with very high recall and precision. To achieve this goal we had to accomplish two main challenges: To increase precision we needed to build an analysis that is context-, flow-, field- and object-sensitive; to increase recall we had to create a complete model of Android’s app lifecycle.

   
                        Our analysis is based on Soot and Heros. FlowDroid uses a very precise callgraph which helps us to ensure flow- and context-sensitivity. Its IFDS-based flow functions guarantee field- and object-sensitivity. Because an accurate and efficient alias search is crucial for context-sensitivity in conjuction with field-sensitivity, we want to highlight this part of our analysis, which is inspired by Andromeda. 
 
Note: soot-infoflow-android is part of FlowDroid, a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
 
Download Link : https://github.com/secure-software-engineering/soot-infoflow-android
 
 








Wednesday, March 11, 2015

Best / Open Risk Assessment / Analysis Tool

CORAS:

               is a method for conducting security risk analysis. Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.





               CORAS provides a customised language for threat and risk modelling, and comes with detailed guidelines explaining how the language should be used to capture and model relevant information during the various stages of the security analysis. In this respect CORAS is model-based. The Unified Modelling Language (UML) is typically used to model the target of the analysis. For documenting intermediate results, and for presenting the overall conclusions we use special CORAS diagrams which are inspired by UML. The CORAS method provides a computerised tool designed to support documenting, maintaining and reporting analysis results through risk modelling.

Download Link :

http://coras.sourceforge.net/downloads.html

or

http://sourceforge.net/projects/coras/files/latest/download?source=navbar 

Microsoft Security Assessment Tool 4.0:


                                                           is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.




There are two assessments that define the Microsoft Security Assessment Tool:


  • Business Risk Profile Assessment
  • Defense in Depth Assessment (UPDATED)
Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273

PTA (Practical Threat Analysis):

                                     is a risk assessment methodology and a suite of software tools that enable users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment. 






Download link : http://www.software.co.il/ptadownload/pta1215.exe


ISO 17799 RAT ( Risk Analysis Toolkit ) :

                           to perform risk analysis based on the ISO 17799 on public or private companies.

This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.



Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:

    Safeguards (or countermeasures)
    Safety Standards
    Safety procedures
    Elements backup (back up)
    Disaster Recovery Plans

The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.

 Download Link : http://ratiso17799.sourceforge.net/descargas.html

Security Officers Management and Analysis Project (SOMAP):

                              is all about defining security management work methods and supplying Security Officers with tools to do their job more efficient and following standards easily.





Features

  • Information Security Risk Management Methodologies and Tools
  • Open Risk Model Repository
  • Risk Assessment
  • Risk Management
Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar






Friday, February 13, 2015

Open Source DoS/DDoS Analyzer / Mitigation Tool

FastNetMon:
           - high performance DoS/DDoS analyzer with sflow/mirror support and load analyzer builded on top of PF_RING.





FastNetMon - high performance DoS/DDoS and netflowk load analyzer builded on top of multiple packet capture engines (PF_RING, sFLOW, Netflow, PCAP).

What we do? We can detect hosts in our own network with big amount of packets per second/bytes per second or flow per second incoming or outgoing from certain host. And we can call external script which can send notify, switch off server or blackhole this client.
 

Features:
+ Can process incoming and outgoing traffic
+ Can trigger block script if certain IP load network with big amount of packets per second
+ Can trigger block script if certain IP load network with big amount of bytes per second
+ Can trigger block script if certain IP load network with big amount of flows per second
+ VLAN untagging
+ MPLS traffic processing
+ L2TP decapsulation of nested packets
+ PF_RING ZC/DNA support (wire speed processing on tens of MPPS but need license)
+ Can process sFLOW v5
+ Can work on mirror/SPAN ports
+ Can work on server/soft-router
+ Can detect DoS/DDoS in 1-2 seconds
+ Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599

Download Link : https://github.com/FastVPSEestiOu/fastnetmon


DDOSMON:
                  is a network analysis platform which is designed to find anomalous network patterns such as DDoS attacks and act on them automatically. It can do this either by directly sniffing or acting on netflow data export streams.

It is used by a few hosting providers and datacenters.




Program that uses low level linux packet sniffing in incoming network traffic for monitoring possible network attacks and reacting to them by alerting and triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch recent events. Logs are saved to log folder, any ddos attack detection send an email to the user.
It can classify following attacks:
  • SYN Flood
  • UDP Flood
  • ICMP Flood
Any other attack with massive amount of traffic or packet would still be detected.





Download Link : https://github.com/edubart/ddosmon

or

https://bitbucket.org/tortoiselabs/ddosmon/overview



Sunday, August 24, 2014

Android App Security / Vulnerability Scanner

Bluebox Security Scanner:

                                        will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws.




Further details of the Android "Fake ID" and "Master Key" security flaws are available


Download Link : https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

 eEye Android Scanner:
                                  eEye Digital Security, the security industry's most trusted name in vulnerability assessment has brought their expertise to your Android phone.
Did you know that more than 80% of employees now use personal smartphones for work-related purposes? Every day these devices access email, games, and work related material
and are unchecked by your businesses' standard vulnerability management processes.
Until now, one of the biggest challenges for consumers and information technology security teams was they inability to determine potential vulnerabilities on their mobile assets as they do their servers and desktops. Watch the video below to see how Retina CS is solving that problem and how users can download the tool for free to check their own devices.
Benefits of Mobile Security in Retina CS to extend the benefits of this free agent:
Retina CS is the first and only product to integrate mobile device assessment and vulnerability management for complete visibility and context on all vulnerabilities ­ so that your team can discover, prioritize, and fix weaknesses quickly.



* Reduce overall IT security risk by extending vulnerability management to your BlackBerry, Android and ActiveSync-managed mobile devices
* Reduce resource demands by automating vulnerability assessment for mobile devices with in-depth scanning.
* Simplify and improve IT security by managing mobile devices and all other assets through a single, Web-based console.
* Gain greater visibility through vulnerability profiles of mobile devices accessing your network.
* Streamline remediation through advanced threat prioritization according to severity of mobile vulnerabilities.Use built-in and custom audits to scan for weaknesses in mobile device hardware, applications, and configurations.
* Report on mobile device vulnerabilities and demonstrate compliance.



Download Link : https://play.google.com/store/apps/details?id=com.eeye.mobile.android


Belarc Security Advisor:
                                     does this by automatically checking your Android tablet or phone for over 400 security vulnerabilities in both the operating system and installed apps, and gives you the result in seconds as to which ones are vulnerable and need to be updated. The Security Advisor also works with all other security apps such as anti-virus and anti-malware apps.
 
 
Download Link : https://play.google.com/store/apps/details?id=com.belarc.securityadvisor
 
Drozer :
          helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. 

Drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
  • Discover and interact with the attack surface exposed by Android apps.
  • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.
 
Download Link : https://www.mwrinfosecurity.com/products/drozer/community-edition/
 
TrustGo Mobile Security :
                                protects you from today's most dangerous malware and viruses PLUS apps that can steal your personal privacy, identity and data. In addition, TrustGo offers "Find My Phone" features including remote location, lock, alarm and "Candid Camera" thief ID (via email), system tools and web browsing security...all in one totally Free package.
 
TrustGo detects and removes all the latest malicious apps and viruses, and is the only security app that protects your privacy and data from High Risk apps that others miss.

 
TrustGo has achieved West Coast Labs’ Checkmark Certification! It is one of the best products in malware detection test by AV-Comparatives
 
Key Features:
Security Scanner - On-demand or scheduled scans of your mobile phone or tablet and SD card to find and remove viruses, malware, spyware and trojans PLUS risky apps that can steal your data.
Secure App Search - Our Secure App Finder Engine (SAFE) lets you search and download apps that you know are safe. TrustGo alerts you before downloading bad and risky apps. 
 
Download link :
https://play.google.com/store/apps/details?id=com.trustgo.mobile.security

 PenTest Tools List:
 
             is a list of android apps for penetration testing.IT IS JUST A LIST, DON'T EXPECT ANYTHING MORE THAN THAT (sorry for all caps, but some people expect matrix meets mission impossible... and give a bad rating when their expectations are not met :) )
Please read the description...
Penetration test is used to test security of something. (if that something passes penetration test, there is a higher chance that hacker cant hack into it)


Apps are sorted with Tags.
Features:
Links to Apps on the Play Store.
Links to Apps that are NOT on the Play Store
Links to Source Code of Open Source Apps
Links to App websites.
Links to Google the name of the App or App Package.

 Download Link : https://play.google.com/store/apps/details?id=com.itslap.pentesttools


 

Saturday, August 23, 2014

Remote & Local file Inclusion Testing Tools

Fimap:

              A little tool for local and remote file inclusion auditing and exploitation.

              Fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

              The goal of fimap is to improve the quality and security of your website.


What works currently?

  • Check a Single URL, List of URLs, or Google results fully automaticly.
  • Can identify and exploit file inclusion bugs.
    • Relative\Absolute Path Handling.
    • Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
    • Remotefile Injection.
    • Logfile Injection. (FimapLogInjection)
  • Test and exploit multiple bugs:
    • include()
    • include_once()
    • require()
    • require_once()
  • You always define absolute pathnames in the configs. No monkey like redundant pathes like:
    • ../etc/passwd
    • ../../etc/passwd
    • ../../../etc/passwd
  • Has a Blind Mode (--enable-blind) for cases when the server has disabled error messages. BlindMode
  • Has an interactive exploit mode which...
    • ...can spawn a shell on vulnerable systems.
    • ...can spawn a reverse shell on vulnerable systems.
    • ...can do everything you have added in your payload-dict inside the config.py
  • Add your own payloads and pathes to the config.py file.
  • Has a Harvest mode which can collect URLs from a given domain for later pentesting.
  • Goto FimapHelpPage for all features.
  • Works also on windows.
  • Can handle directories in RFI mode like:
    • <? include ($_GET["inc"] . "/content/index.html"); ?>
    • <? include ($_GET["inc"] . "_lang/index.html"); ?>
    • where Null-Byte is not possible.
  • Can use proxys.
  • Scans and exploits GET, POST and Cookies.
  • Has a very small footprint. (No senseless bruteforcing of pathes - unless you need it.)
  • Can attack also windows servers! (WindowsAttack)
  • Has a tiny plugin interface for writing exploitmode plugins (PluginDevelopment)
  • Non Interactive Exploiting (FimapNonInteractiveExec
 Download Link : https://code.google.com/p/fimap/downloads/list

Uniscan:
             is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.

This tool identify six vulnerability :-

* Blind SQL-Injection

* Remote File Include (RFI)

* Local File Include (LFI)

* Remote Command Execution (RCE)

* Cross-Site Scripting (XSS)

* SQL-Injection (SQL-i)



Download Link : http://sourceforge.net/projects/uniscan/

 Darkjumper.py:
                       This tool will try to find every website that host at the same server at your target Then check for every vulnerability of each website that host at the same server.

Features

  • scan sql injection, rfi, lfi, blind sql, rce injection
  • autosql injector
  • proxy support
  • verbocity added
  • autoftp bruteforcer
  • IP or Proxy checker and GeoIP

 Download Link : http://sourceforge.net/projects/darkjumper/


 Simple Local File Inclusion:

     
Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage
./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Download Link : http://www.xenuser.org/my-tools/


                                   

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.




The following list contains free and open source Web Conferencing tools that are n't in particular order.



Also, you should be sure that the e-Learning community will highly appreciate:

  1. if you post a comment with your experience with these tools and/or,

  2. if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?



I support Free eLearning




BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.



*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.




OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.



OpenMeetings Key Features Mini Demo





Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.












Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees







Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.










With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.









Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.



*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront  Open Source Learning Management System.




Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free