Security Training Share
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing...
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. How It Works When...
SQLiv Massive SQL injection vulnerability scanner Features multiple domain scanning with SQL injection dork targetted scanning by providing specific domain (with crawling) reverse domain scanning both SQLi scanning and domain info checking are done...
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection XPATH injection Header injection...
SafeSQL is a static analysis tool for Go that protects against SQL injections. How does it work? SafeSQL uses the static analysis utilities in go/tools to search for all call sites of each of the query functions in...
RED HAWK All in one tool for Information Gathering and Vulnerability Scanning Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois...
Find SQL injections This python script is developed to show, how many vulnerable websites, which are laying around on the web. The main focus of the script is to generate a list of vuln...
Introduction sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many...
Damn Web Scanner Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working in the background and will notify you if it finds any vulnerability Currently, it scans for:...
SQLi-Hunter SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily. Installation Requirement Ruby: > 2.0.0 sqlmap Install git clone https://github.com/sqlmapproject/sqlmap.git git clone https://github.com/zt2/sqli-hunter.git cd sqli-hunter gem...
viSQL Scan SQL vulnerability on target site and sites of on server. Installation Demo Source: Github
jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source and cross-platform (Windows, Linux, Mac OS X). Kali Linux logo jSQL Injection is also part...
