On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt” file that you found...
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the...
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”);...
EasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed. For example, content type based protection for API (Rest API, GraphQL API, etc) or CSRF-protection based on obscure data format (binary...
Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL...
Understanding CSRF The Express team’s csrf and csurf modules frequently have issues popping up concerned about our usage of cryptographic functions. These concerns are unwarranted due to a misunderstanding of how CSRF tokens work. So here’s a quick...
Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on...
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress security assessment tool, this...
Cross-site request forgery [CSRF], also known as one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”); where unauthorized...
