|
PassView v1.63
|
|
Hits: 27 |
|
Date added: 04/04/2007 |
|
Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer. The passwords are revealed by reading the information from the Protected Storage.
Starting from version 1.60, this utility reveals all AutoComplete strings stored in Internet Explorer, not only the AutoComplete password, as in the previous versions. Works most of time with any login site thats ran on InternetExplorer.exe |
|
|
|
|
|
ASP Auditor v2 BETA
|
|
Hits: 28 |
|
Date added: 09/16/2006 |
|
Looks for common misconfigurations and information leaks in ASP.NET applications.
Changelog:
* Combined code from Asp Auditor v1 BETA and HDM’s DNAScanner.
* Version plugin allowing specific ASP.NET versioning.
* Version brute force capabilities using JavaScript validate
directories.
* Check if global ASP.NET validate is being used.
* Added brute force as option in usage()
–usage
$ ./asp-audit-latest.pl
Usage: ./asp-audit-latest.pl [http://target/app/file.aspx] (opts)
(opts)
-bf brute force ASP.NET version using JS Validate
directories.
–example 1
$ ./asp-audit.pl http://www.*hidden*/index.aspx
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
Application -> /
FilePath -> D:VirtualServers*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
–example 2
$ ./asp-audit.pl http://www.*hidden*/index.aspx -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
AppTrace -> LocalOnly
Application -> /
FilePath -> D:inetpub*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
[*] Sending brute force discovery requests…
Found -> /aspnet_client/system_web/1_1_4322 |
|
|
|
|
|
SXF
|
|
Hits: 28 |
|
Date added: 04/15/2006 |
|
Good tool to scan for site with XSS and SQL errors. Prior knowlege of SQL and XSS is needed. |
|
|
|
|
|
|
AttackAPI
|
|
Hits: 28 |
|
Date added: 12/02/2006 |
|
AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.
AttackAPI is standard part of many public and private security related projects hosted in GNUCITIZEN and other organizations. This library may be treated as open source (GPLv2) project although all visual elements are published under the Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.
This library may only be used for experimental and demonstration purposes. GNUCITIZEN disclaims any responsibility for your own actions. This is JavaScript Web Pen testing tool. Visit the home page for more info. |
|
|
|
|
|
|
mod_evasive
|
|
Hits: 28 |
|
Date added: 02/09/2007 |
|
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)
This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.
This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use. |
|
|
|
