Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
RubyGems - Recommended: latest
Git
Download Link : https://github.com/wpscanteam/wpscan
Flunym0us :
is a Vulnerability Scanner for Wordpress and Moodle.
Flunym0us has been developed in Python. Flunym0us performs dictionary
attacks against Web sites. By default, Flunym0us includes a dictionary
for Wordpress and other for Moodle.
Flunym0us requires python.
Arguments allowed:
-h, --help: Show this help message and exit
-wp, --wordpress: Scan WordPress site
-mo, --moodle: Scan Moodle site
-H HOST, --host HOST: Website to be scanned
Download Link : https://code.google.com/p/flunym0us/downloads/list
Timthumb :
Vulnerability Scanner plugin will scan your entire wp-content
directory for instances of any outdated and insecure version of the
timthumb script, and give you the option to automatically upgrade them
with a single click. Doing so will protect you from hackers looking to
exploit this particular vulnerability.
Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.
Download Link : https://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip
Vane :
is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan.
Prerequisites
Windows not supported
Ruby => 1.9
RubyGems
Git
Download Link : https://github.com/delvelabs/vane
WordPress Security Scan
Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.
A little tool for local and remote file inclusion auditing and exploitation.
Fimap is a little python tool which can find, prepare, audit, exploit
and even google automaticly for local and remote file inclusion bugs in
webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.
The goal of fimap is to improve the quality and security of your website.
What works currently?
Check a Single URL, List of URLs, or Google results fully automaticly.
Can identify and exploit file inclusion bugs.
Relative\Absolute Path Handling.
Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
Download Link : https://code.google.com/p/fimap/downloads/list
Uniscan:
is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.
This tool identify six vulnerability :-
* Blind SQL-Injection
* Remote File Include (RFI)
* Local File Include (LFI)
* Remote Command Execution (RCE)
* Cross-Site Scripting (XSS)
* SQL-Injection (SQL-i)
Download Link : http://sourceforge.net/projects/uniscan/
Darkjumper.py:
This tool will try to find every website that host at the same server at your target
Then check for every vulnerability of each website that host at the same server.
Download Link : http://sourceforge.net/projects/darkjumper/
Simple Local File Inclusion:
Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI
vulnerabilities. After you found one, simply pass the URL of the
affected website and the vulnerable parameter to this tool. You can also
use this tool to scan a parameter of an ULR for a LFI vulnerability.
Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file
Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.
Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.
Viproy : Voip
Penetration and Exploitation Kit is developed to improve quality of SIP
penetration testing. It provides authentication and trust analysis
features that assists in creating simple tests. 10 different modules with authentication support: options tester,
brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester.
All attacks could perform before and after authentication to fuzz SIP
services and value added services.
Viproy
is a tool for testing SIP servers security, the Session Initiation
Protocol is widely used for voice and video calls over IP, the software
comes with different modules performing specific tasks, all of the
modules support debugging and verbose mode, this is a Linux only command
line tool, instructions are included and it should not be difficult for
a Linux beginner to understand them. - See more at:
http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf
Viproy
is a tool for testing SIP servers security, the Session Initiation
Protocol is widely used for voice and video calls over IP, the software
comes with different modules performing specific tasks, all of the
modules support debugging and verbose mode, this is a Linux only command
line tool, instructions are included and it should not be difficult for
a Linux beginner to understand them. - See more at:
http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf
Viproy
is a tool for testing SIP servers security, the Session Initiation
Protocol is widely used for voice and video calls over IP, the software
comes with different modules performing specific tasks, all of the
modules support debugging and verbose mode, this is a Linux only command
line tool, instructions are included and it should not be difficult for
a Linux beginner to understand them. - See more at:
http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf
Viproy
is a tool for testing SIP servers security, the Session Initiation
Protocol is widely used for voice and video calls over IP, the software
comes with different modules performing specific tasks, all of the
modules support debugging and verbose mode, this is a Linux only command
line tool, instructions are included and it should not be difficult for
a Linux beginner to understand them. - See more at:
http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf
Viproy
is a tool for testing SIP servers security, the Session Initiation
Protocol is widely used for voice and video calls over IP, the software
comes with different modules performing specific tasks, all of the
modules support debugging and verbose mode, this is a Linux only command
line tool, instructions are included and it should not be difficult for
a Linux beginner to understand them. - See more at:
http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf
VAST is a Linux-based security distribution specifically designed for
pentesting VoIP and UC networks. It enables security professionals and
UC administrators to rapidly perform VoIP security assessments and
enumerate vulnerabilities in IP Phones or IP PBX servers in a lab
environment. With VAST, a security consultant has every tool necessary
to carry out a successful onsite or remote penetration test or
vulnerability assessment against a UC network. VAST is built on Mint
Linux 13 and includes all of the open source VIPER Lab tools, in
addition to some other network pentest tools.
SiVuS is the first publicly available vulnerability
scanner for VoIP networks that use the SIP protocol. It provides
powerful features to assess the security and robustness of VoIP
implementations and it is used by VoIP product vendors, security
consultants, network architects, researchers and students. We encourage
our community to provide us with feedback so we can enhance the current
implementation and support the efforts to strengthen the security of
VoIP networks.
More Info : http://nil.uniza.sk/sip/tools/sivus-voip-vulnerability-scanner
is a full IP PBX consisting of a
Linux Distribution, an IP PBX and a Web Graphical User Interface for
easy configuration.
Features
Define, group extensions
Set dial plan
Direct Inward Calling
Set Auto Attendant
Music on hold
Short Dialing
Set call forwarding
Voicemail
For all security audits on VoIP systems, FreeSental can make a quick and
easy solution to implement. It can therefore be used as a training
platform for testing VoIP vulnerabilities and issues. See here our VoIP tools collection to help you auditing and scanning.
is a standalone utility used to detect and remove specific viruses. It
is not a substitute for full anti-virus protection, but a specialized
tool to assist administrators and users when dealing with infected
system. Stinger utilizes next-generation scan technology, including
rootkit scanning, and scan performance optimizations. It detects and
removes threats identified under the "Threat List" option under Advanced
menu options in the Stinger application.
Microsoft's Malicious Software Removal Tool
does a good job of detecting and removing the most common viruses. The
Malicious Software Removal Tool works with Windows 7, Vista, XP, and
Server 2003. Microsoft releases updates to this tool on the second
Tuesday of each month.
This tool checks your computer for infection by specific, prevalent
malicious software (including Blaster, Sasser, and Mydoom) and helps to
remove the infection if it is found.
McAfee Rootkit Remover is a stand-alone utility used to detect and
remove complex rootkits and associated malware. Currently it can detect
and remove ZeroAccess and TDSS family of rootkits. McAfee Labs plans to
add coverage for more rootkit families in future versions of the tool.
McAfee also provides real-time, hardware enhanced rootkit protection for
enterprises. McAfee Deep Defender, unlike traditional security and post
infection tools, operates beyond the operating system to provide
real-time kernel monitoring to reveal and remove advanced, hidden
attacks.
detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. The application checks the Windows registry, running processes, web
browser cookies, local files and folders. It uses extensive, regularly
updated parasite definitions database, which contains signatures of
spyware, adware, keyloggers, trojans, browser hijackers and other
malicious programs. Practically every aspect of Spybot-S&D can be
customized. The user can modify various scan and startup specific
settings, set the program to ignore certain objects, schedule system
scans, apply different skins or languages (Spybot-S&D is translated
into 51 languages).
The program includes useful additional tools, which
prevent browser hijacks, uninstall user-chosen software, unrecoverably
delete specified files, display and allow changing system startup
settings and other advanced options. Spybot-S&D implements powerful
real-time protection that blocks malicious ActiveX scripts and keeps
unsolicited software off the system.
is a freeware (a legitimate spyware remover created by sUBs), Combofix was designed to scan a computer for known malware, spyware (SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications) and remove them,ComboFix allows the manual removal of spyware infections , It ‘s a specialized effective cleaning tool, which is useful compared to other malware and spyware removers.
After Combofix finished,a report will be created. You can use this report to search and remove infections which are not automatically removed.
is a free utility that generates an in depth report of registry and
file settings from your computer. HijackThis makes no separation between
safe and unsafe settings in its scan results giving you the ability to
selectively remove items from your machine. In addition to this scan and
remove capability HijackThis comes with several tools useful in
manually removing malware from a computer.
Advanced users can use HijackThis to remove unwanted settings or files.
Source code is available on the SVN server under Code and also as a zip file under Files.
McAfee Klez Removal Tool helps you detect and remove any variation of
the Klez virus from your computer. Based on the award-winning McAfee® VirusScan®
software, the Klez Removal Tool searches for and deletes variants of
the Klez virus, including any file infected by the virus payload.
McAfee Bugbear Removal Tool helps you detect and remove any variation of
the Bugbear virus from your computer. Based on the award-winning McAfee® VirusScan®
software, the Bugbear Removal Tool searches for and deletes variants of
the Bugbear virus, including any file infected by the virus payload.
Trend Micro’s HouseCall has been around for years and has earned an excellent reputation. It’s
available in a 32-bit version for XP and in both 32-bit and 64-bit
versions for Vista, Win7, and Win8.
is another tool with a long pedigree and a well-deserved reputation for
excellence. It’s not particularly fast, but it is nicely configurable.
For example, the scanner’s Advanced settings let you select which drives to scan — even remote networked drives. It will also scan inside archives (e.g., .zip
files), which not all scanners can do. You can select the depth of the
scan, such as looking for potentially unwanted and/or unsafe
applications.
ESET’s scanner runs on all current versions of Windows (XP
through Win 8) and comes in both 32- and 64-bit flavors. Unlike its
competitors, it’s also available in two versions based on your choice of
browser. If you download Online Scanner via Internet Explorer, you’ll
get an in-browser, ActiveX version. Downloading the scanner with another
browser (e.g., Chrome or Firefox) installs a non-ActiveX version that
runs outside the browser. Both versions work identically
is at the other end of the usability spectrum. It’s a Linux-based tool
with a minimalistic, DOS-style text interface (see Figure 6). It’s not
point-and-click; you navigate with arrow-key and keystroke entries.
Rescue CD contains Knoppix (a derivative of Linux), an operating
system that runs completely from the CD and allows access to your
computer's Windows operating system and hard disks.
