|
THCSSLCheck
|
|
Hits: 34 |
|
Date added: 11/19/2006 |
|
Windows tool that checks the remote ssl stack for supported ciphers and version.
|
|
|
|
|
|
|
Obiwan
|
|
Hits: 34 |
|
Date added: 04/20/2006 |
|
The goal of ObiWaN is a brute force authentication attack against Webserver with authentication requests - and in fact to break in insecure accounts. |
|
|
|
|
|
|
Absinthe - Blind SQL Injection
|
|
Hits: 32 |
|
Date added: 05/04/2005 |
|
Absinthe is a gui-based tool that automates the process of downloading the schema contents of a database that is vulnerable to Blind SQL Injection.
Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the process of data recovery.
Features
Automated SQL Injection
Supports MS SQL Server, MSDE, Oracle, Postgres
Cookies / Additional HTTP Headers
Query Termination
Additional text appended to queries
Supports Use of Proxies / Proxy Rotation
Multiple filters for page profiling
Custom Delimiters
This is the windows version of the latest release. No installation should be necessary, you should be able to run it straight from the bin directory in the zipfile.
This package includes both the binaries and the source code, as well as custom builds of wx.NET 0.6.1 that are patched to allow threading (The patch is available here)
The C# source code for Absinthe is available under the GPLv2. Certain portions of the source are also available under a BSD-style license in the documentation section. |
|
|
|
|
|
GoldenEye
|
|
Hits: 30 |
|
Date added: 11/06/2005 |
|
GoldenEye is famous Website security tool. You can
also brute Web-Logins and much more. Testing your sites security or trying to hack in? this is your tool. |
|
|
|
|
|
ASP Auditor v2 BETA
|
|
Hits: 28 |
|
Date added: 09/16/2006 |
|
Looks for common misconfigurations and information leaks in ASP.NET applications.
Changelog:
* Combined code from Asp Auditor v1 BETA and HDM’s DNAScanner.
* Version plugin allowing specific ASP.NET versioning.
* Version brute force capabilities using JavaScript validate
directories.
* Check if global ASP.NET validate is being used.
* Added brute force as option in usage()
–usage
$ ./asp-audit-latest.pl
Usage: ./asp-audit-latest.pl [http://target/app/file.aspx] (opts)
(opts)
-bf brute force ASP.NET version using JS Validate
directories.
–example 1
$ ./asp-audit.pl http://www.*hidden*/index.aspx
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
Application -> /
FilePath -> D:VirtualServers*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
–example 2
$ ./asp-audit.pl http://www.*hidden*/index.aspx -bf
[*] Sending initial probe request…
[*] Sending path discovery request…
[*] Sending ASP.NET validate discovery request…
[*] Sending application trace request…
[*] Sending null remoter service request…
[ .NET Configuration Analysis ]
Server -> Microsoft-IIS/6.0
AppTrace -> LocalOnly
Application -> /
FilePath -> D:inetpub*hidden*
ADNVersion -> 1.1.4322.2300
matches -> 1.1.4322.2300 Version 1.1 Post-SP1 (Windows Server 2003 SP1) Mar 2005
[*] Sending brute force discovery requests…
Found -> /aspnet_client/system_web/1_1_4322 |
|
|
|
