|
AntiExploit
|
|
Hits: 14 |
|
Date added: 05/22/2006 |
|
AntiExploit is the first ON-ACCESS Exploit-Scanner for Linux and FreeBSD, it uses the dazuko kernel module to detect suspious files when they are accessed. Currently AntiExploit knows over 4000 bad files and the database is updated daily. |
|
|
|
|
|
Apache Vulnerability Scanner
|
|
Hits: 46 |
|
Date added: 11/05/2005 |
|
Apache Chunked-Encoding Vulnerability Scanner for Windows.Scann's Apache HTTP servers for exploits. A maliciously crafted request could lead to denial of service or possibly a remote exploit. |
|
|
|
|
|
|
ASP Auditor v1.0 BETA
|
|
Hits: 14 |
|
Date added: 09/19/2006 |
|
The purpose of ASP Auditor is to identify vulnerable and weakly configured ASP.NET servers.
Usage:
$ ./asp-audit.pl
ASP Audit v1.0 (BETA) [ david.kierznowski@gmail.com ]
Usage: ./asp-audit.pl (opts) [host] [port]
(opts)
-h these usage instructions
-b brute force ASP.NET version using JS Validate
directories.
-m match against fingerprints
-v verbose messaging
Some examples can be seen below:
$ ./asp-audit.pl labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No
$ ./asp-audit.pl -m labs.microsoft.com
Target: labs.microsoft.com
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: 2.0.50727
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: No
Fingerprint matches:
2.0.50727.07 Version 2.0 (Visual Studio.NET 2005 CTP) Aug 2005
2.0.50727.26 Version 2.0 (Visual Studio.NET 2005 RC / SQL Server 2005 CTP) Sep 2005
2.0.50727.42 Version 2.0 RTM (Visual Studio.NET 2005 RTM / SQL Server 2005 RTM) Nov 2005
$ ./asp-audit.pl *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES
$ ./asp-audit.pl -b *hidden*
Target: *hidden*
Server Software: Microsoft-IIS/6.0
ASP Framework: YES
ASP Simple Version: Unknown
ASP Specific Version: Unknown
ASP verbose messages: No
ASP Validate: No
Default Error Messages: YES
Found: aspnet_client/system_web/1_1_4322
Found: aspnet_client/system_web/2_0_50727 |
|
|
|
|
|
|
ASP Auditor v2 BETA
|
|
Hits: 28 |
|
Date added: 09/16/2006 |
|
Looks for common misconfigurations and information leaks in ASP.NET applications.
Changelog:
* Combined code from Asp Auditor v1 BETA and HDM’s DNAScanner.
* Version plugin allowing specific ASP.NET versioning.
* Version brute force capabilities using JavaScript validate
directories.
* Check if global ASP.NET validate is being used.
* Added brute force as option in usage()
–usage
$ ./asp-audit-latest.pl
Usage: ./asp-audit-latest.pl [http://target/app/file.aspx] (opts)
(opts)
-bf brute force ASP.NET version using JS Validate
directories.
–example 1
$ ./asp-audit.pl http://www.*hidden*/index.aspx
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
Application -> /
FilePath -> D:VirtualServers*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
–example 2
$ ./asp-audit.pl http://www.*hidden*/index.aspx -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
AppTrace -> LocalOnly
Application -> /
FilePath -> D:inetpub*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
[*] Sending brute force discovery requests…
Found -> /aspnet_client/system_web/1_1_4322 |
|
|
|
|
|
|
AttackAPI
|
|
Hits: 28 |
|
Date added: 12/02/2006 |
|
AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.
AttackAPI is standard part of many public and private security related projects hosted in GNUCITIZEN and other organizations. This library may be treated as open source (GPLv2) project although all visual elements are published under the Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.
This library may only be used for experimental and demonstration purposes. GNUCITIZEN disclaims any responsibility for your own actions. This is JavaScript Web Pen testing tool. Visit the home page for more info. |
|
|
|
