Web Exploitation / WebApp PenTest
by do son · Published September 1, 2017 · Last modified October 10, 2021
SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published August 7, 2017 · Last modified March 25, 2018
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection XPATH injection Header injection...
WebVulScan Synopsis WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 12, 2017 · Last modified May 8, 2018
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 5, 2017 · Last modified August 2, 2017
sqlite-lab This code is vulnerable to SQL Injection and having SQLite database. During practicing one challenge i faced SQLI vulnerable script with SQLite database integrated with it For SQLite database, SQL Injection payloads are...
jSQL Injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the...
Web Exploitation / WebApp PenTest
by do son · Published June 29, 2017 · Last modified September 10, 2022
User Agent: sometimes abbreviated as UA, the user agent is a browser text string that is given to each website you visit; containing information such as the browser version, compatibility, operating system, and any...
Web Information Gathering / Web Vulnerability Analysis
by do son · Published June 29, 2017 · Last modified March 5, 2022
V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified February 24, 2018
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 12, 2017 · Last modified November 4, 2017
viSQL Scan SQL vulnerability on target site and sites of on server. Installation Demo Source: Github
Web Information Gathering / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 12, 2017 · Last modified October 10, 2021
RED HAWK All in one tool for Information Gathering and Vulnerability Scanning Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare Detection robots.txt Scanner Whois...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 4, 2017 · Last modified July 30, 2017
Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was...
What is the “order by” injection? Contents discussed herein refer to the position of the controllable order by clause, the order parameter controllable as: Analyzing simple injection In the early injection abound when using...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 19, 2017 · Last modified February 16, 2018
Find SQL injections This python script is developed to show, how many vulnerable websites, which are laying around on the web. The main focus of the script is to generate a list of vuln...
SQLmap POST request injection Sometimes SQL injection attacks are only successful with HTTP post methods. In this post, I am going to demonstrate the easiest way is to deploy a simple sqlmap command. Step...
Secure Your Connection
