Hi all, A penetration test (pentest for short) is a method of attacking a computer’s systems in the hope of finding weaknesses in its security. If the pentest successfully gains access, it shows that...
by do son · Published February 18, 2017 · Last modified October 10, 2021
On previous post, I did Intelligence Gathering phase. After gathering target info, i need to do Vulnerability Scanning. Run Auto-WebApp-PenTest.sh script, choose option 2 All tools on this option will use “result.txt” file that you found...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published November 20, 2017 · Last modified May 25, 2021
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified February 24, 2018
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 22, 2016 · Last modified December 12, 2017
Introduce Cross-site request forgery [CSRF], also known as a one-click attack or session riding or Sea-Surf and abbreviated as CSRF or XSRF, is a type of malicious attack exploit of a website (“Web Application”);...
EasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed. For example, content type based protection for API (Rest API, GraphQL API, etc) or CSRF-protection based on obscure data format (binary...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published October 30, 2017 · Last modified November 10, 2017
Blazy Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL...
Understanding CSRF The Express team’s csrf and csurf modules frequently have issues popping up concerned about our usage of cryptographic functions. These concerns are unwarranted due to a misunderstanding of how CSRF tokens work. So here’s a quick...
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 2, 2016 · Last modified July 27, 2017
Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published December 12, 2016 · Last modified July 27, 2017
Vane is a vulnerability scanner that scans WordPress for all webmasters to scan for WordPress vulnerabilities and find and fix problems before they go live. It is a great WordPress security assessment tool, this...
