Web Information Gathering / Web Vulnerability Analysis
by do son · Published May 13, 2017 · Last modified May 29, 2022
I would like to talk about arachni, an open-source framework among many Web Vulnerability Scanners (WVS). I tested it briefly, and it seems to be usable. Also, you should learn how to secure coding...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 1, 2017 · Last modified October 10, 2021
Vega is a free web vulnerability diagnostic scanner developed by SUBGRAPH. The UI is also one of my favorite scanners because of its superior performance compared to other WVS that is clean and non-commercial....
WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However,...
Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users’ installations to keep...
hsecscan A security scanner for HTTP response headers. Installation Requirement: Python 2.x Usage Example Copyright (C) 2015 riramar Source: https://github.com/riramar/
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 24, 2017 · Last modified February 24, 2018
WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by...
Web Vulnerability Analysis / WebApp PenTest
by do son · Published May 26, 2017 · Last modified February 10, 2018
BruteXSS is a tool written in python simply to find XSS vulnerabilities in the web application. This tool was originally developed by Shawar Khan in CLI. I just redesigned it and made it GUI...
A file upload point is an excellent opportunity to execute XSS applications. Many sites have user rights to upload personal data pictures of the upload point, you have a lot of opportunities to find...
Web Exploitation / Web Vulnerability Analysis / WebApp PenTest
by do son · Published June 2, 2017 · Last modified July 30, 2017
WATABO is a security tool for testing web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits. Most important features: WATOBO has Session Management capabilities! You can...
What is a local file inclusion (LFI) vulnerability? LFI allows an attacker to include a file on a server through a browser. When a Web application does not properly filter the input data, there...
