Tuesday, October 8, 2013

Best Web Application security assessment and exploitation Tool ( Open Source / Freeware )

Web Application Exploiter (WAppEx) v2.0 :

                                                       is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

 



                                          WAppEx
is also equipped with a penetration testing toolbox that makes an effective synergy with the Exploit Database and a crafty security expert. The provided tools include Manual Request, Exploit Editor, Dork Finder, Hidden File Checker… More tools, such as a crawler, a multi-purpose fuzzer… are to be added to the arsenal in the future releases of WAppEx.
Still, keep your eyes peeled as this is just the beginning of a new, powerful war machine in the pentest battleground.



The full list features is as below:

  • An exploit database covering a wide range of vulnerabilities.
  • A set of tools useful for penetration testing:
    • Manual Request
    • Dork Finder
    • Exploit Editor
    • Hidden File Checker
    • Neighbor Site Finder
    • Find Login Page
    • Online Hash Cracker
    • Encoder/Decoder
  • Execute multiple instances of one or more exploits simultaneously.
  • Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
  • Test a list of target URL’s against a number of selected exploits.
  • Allows you to create your own exploits and payloads and share them online.
  • A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
    • Testing and exploiting of Local File Inclusion vulnerabilities
    • Testing and exploiting of Local File Disclosure vulnerabilities
    • Testing and exploiting of Remote File Inclusion vulnerabilities
    • Testing and exploiting of SQL Injection vulnerabilities
    • Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
    • Testing and exploiting of Server-side Code Injection vulnerabilities
     

Demo Video's : http://itsecteam.com/products/web-application-exploiter-wappex/#tabset-tab-7

Download Link : http://itsecteam.com/products/web-application-exploiter-wappex/#tabset-tab-2

 

 W3AF ( Web Application Attack and Audit Framework) :

                           w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

  

 

 

                         The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. w3af to identify more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.


Documentation : http://w3af.org/howtos/understanding-the-basics

Videos : http://w3af.org/videos & http://w3af.org/take-a-tour

Download Tool : http://w3af.org/download or http://sourceforge.net/projects/w3af/


 WebSurgery : 

                      is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation.

 

 

                    It currently contains a spectrum of efficient, fast and stable tools such as Web Crawler with the embedded File/ Dir Brute forcer, Fuzzer (for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS)), Brute force (for login forms and identification of firewall-filtered rules, DOS Attacks) and WEB Proxy (to analyze, intercept and manipulate the traffic between your browser and the target web application).

Download : http://sunrisetech.gr/?page=websurgery&tab=download



Arachni : 

                  is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. 

 

 


                   It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

                   It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

               

Download Link : http://www.arachni-scanner.com/download/

 

Vega :

           is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.






      

                         Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript. 

YouTube Videos :



Features :

  • Cross Site Scripting (XSS)
  • SQL Injection
  • Directory Traversal
  • URL Injection
  • Error Detection
  • File Uploads
  • Sensitive Data Discovery

 Download Link : http://www.subgraph.com/vega_download.php


WebSploit :

                   is an open source project which is used to scan and analysis remote system
in order to find various type of vulnerabilities. This tool is very powerful
and support multiple vulnerabilities.

 


 


Description :

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows
[+]ARP DOS - ARP Cache Denial Of Service Attack With Random MAC
[+]Web Killer Attack - Down Your WebSite On Network(TCPKILL)
[+]Fake Update Attack - Create Fake Update Page For Target OS
[+]Fake Access point Attack - Create Fake AP & Sniff Victims Information



 


Download Link : http://sourceforge.net/projects/websploit/files/


Thanks,


RRN Technologies Team.

        

No comments:

Post a Comment

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.




The following list contains free and open source Web Conferencing tools that are n't in particular order.



Also, you should be sure that the e-Learning community will highly appreciate:

  1. if you post a comment with your experience with these tools and/or,

  2. if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?



I support Free eLearning




BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.



*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.




OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.



OpenMeetings Key Features Mini Demo





Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.












Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees







Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.










With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.









Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.



*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront  Open Source Learning Management System.




Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free