Social Icons

Showing posts with label CROSS SITE SCRIPTING. Show all posts
Showing posts with label CROSS SITE SCRIPTING. Show all posts

Thursday, September 11, 2014

VEGA SCANNER : Powerful Open Source Web Application Vulnerability Scanner

1.   Vega is one free and open source scanner and testing platform to test the security of web applications by Subgraph, an open source security software company. Vega can help find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. 

Main Features:

    Automated Crawler and Vulnerability Scanner
    Consistent UI
    Website Crawler
    Intercepting Proxy
    SSL MITM
    Content Analysis
    Customizable alerts
    Database and Shared Data Model

2.   So to launch Vega in Kali Linux...go to Web Applications then to Web Vulnerability Scanners and select Vega

 Vega will flash an introduction banner and display a GUI

Vega has Scanner and Proxy tabs as u play with the interface as seen below. To use Vega as a Scanner,click on the Scanner tab , click on Scan on the top-left corner and select to start new scan
 You will see an input field asking for the target. The screen shot tested below is targeting www.thesecurityblogger.com. Choose target and click on Next:











3.   It takes time to scan but gives pretty exhaustive results and presents a summary too.

Sunday, August 17, 2014

Zenmap:GUI for NMAP@Kali Linux

1.     Most of us would have heard of the pretty famous Nmap ("Network Mapper") ,a free and open source (license) utility for network discovery and security auditing.It uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Designed to rapidly scan large networks Nmap runs on all major computer operating systems.Official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).In this post the focus will be to introduce Zenmap...a kind of GUI for running NMAP commands which is otherwise terminal based.

2.   To open Zenmap, go to the Backtrack menu. Navigate to Information Mapping - DNS Analysis, and click Zenmap.


3.   Notice that under the Profile menu that there are several options to determine what type of scan you would like to run, as shown in the following screenshot:

4.    The first step is creating a new profile. A profile in Zenmap allows a Penetration Tester to create what type of scan to execute and what different options to include.Navigate to the Profile menu and select New Profile as shown in the following screenshot:




5.   When you select New Profile, the profile editor will launch. You will need to give your profile a descriptive name. For example, you can call the profile testscan as I have named here.Optionally, you can give the profile a description. During your course of using Zenmap you will probably create many profiles and make multiple scans.








6.    Zenmap is the best way to get output from Nmap scans. Zenmap offers a rich graphical user interface that displays scans that can be exported into different formats, such as text or Microsoft Excel.

Wednesday, February 01, 2012

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE

Thursday, November 24, 2011

THREATS TERMINOLOGY & GLOSSARY : PART 1

1. The term VIRUS is still used in talks amongst the victims of so many threats which are relatively unknown to the normal user.Here I am putting down the commonly known present day threat terminology.I am missing out on the regular ones that include Malware,adware,spyware,spam etc....

BACKDOOR 

2. A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they may also be misused by attackers. A backdoor is usually able to gain control of a system because it exploits vulnerabilities, bugs or undocumented processes in the system's code. 

A Variation: The IRC Backdoor 

3. There also exist IRC backdoors, which are controlled via bots hidden in specific invite-only IRC channels accessible only to the attacker; these bots serve as the client component of the traditional client-server backdoor arrangement. 

BLUE TOOTH WORM 

4.  A platform-specific type of worm that propagates primarily over a Bluetooth network. This type of worm is almost always designed to function on mobile devices, which make more use of Bluetooth connectivity than computers. 

BOT 

5. A malicious program that, on being installed onto a computer system, allows the attacker to enslave the system into a network of similarly affected systems known as a botnet. The individual computers in a botnet may also be referred to as a bot or a zombie. 

BOTNET 

6.  A portmanteau formed from the words robot and network, a 'botnet' is a network of infected computers that can be remotely controlled by an attacker, usually via a command-and-control (C&C) server. Each infected computer may be known as a bot , a zombie computer , or a zombie . 

BROWSER HELPER OBJECT (BHO) 

7.   A type of web browser plug-in specifically designed for use with the Microsoft Internet Explorer browser. A Browser Helper Object (BHO) executes automatically every time the browser is launched and provides functionality that is not built-in to the browser. 

CROSS SITE SCRIPTING 

8.   A type of attack in which malicious scripts are injected into a legitimate website in oder to be served to subsequent site visitors. Cross site scripting (XSS) attacks can result in a variety of effects, including hijacked web browsing sessions, stolen session cookies, information theft and more. As more people become increasingly dependent on web-based services, XSS attacks are becoming increasingly common. 

DENIAL OF SERVICE

9.   A type of Internet-based attack that aims to deny legitimate users access to a service (for example, a website or a network) by overloading a relevant computer resource or network device. The most common type of Denial of Service (DoS) attack takes the form of a massive amount of requests being sent from a host machine to the target, for example, a government website server. 

ICMP Flood

10.   The attackers sends out a flood of ICMP_ECHO packets to the target, swamping CPU usage and effectively rendering the target unusable until the flood is ended or the target is reset or restarted. 

Peer to Peer attack

11.   Attacker exploit bugs in peer-to-peer servers and redirect clients from the peer-to-peer server to the target server instead, flooding the target with thousands of connections and overwhelming its resources. 
Application level floods: A DoS attack carried out via particular applications, most commonly Internet chat systems. The most common kind of flood is an IRC flood, which is carried out on the popular IRC chat system. 

DISTRIBUTED DENIAL OF SERVICE (DDOS)

12.   A type of attack conducted over the Internet, using the combined resources of many computers to bombard, and frequently crash, a targeted computer system or resource (e.g., a program, website or network). 

GENERIC DETECTION

13.   A new type of sophisticated detection that is being increasingly used by antivirus programs to identify programs with malicious characteristics. Unlike more traditional detections (also known as signature-based or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware. 

POLYMORPHIC VIRUS

14.   A virus that mutates, or modifies, its own code at various intervals. The changes in code typically occur each time the virus replicates, or infects a new machine. Detection and disinfection of a polymorphic virus can be very challenging, as mutating code makes traditional signature-based detection methods ineffective. Nowadays, many antivirus programs instead use heuristic analysis to identify polymorphic viruses.

POLYMORPHISM

15.   The act of a virus 'mutating' parts of its code at various intervals in order to evade detections. By constantly changing its code, a virus ensures that each iteration of its code looks different from the preceding one, making it impossible for traditional signature-based antivirus programs to identify the two iterations as one and the same virus. These so-called 'mutating viruses' can be divided into polymorphic and metamorphic viruses. 

Polymorphic Versus Metamorphic 

16.   A metamorphic virus works performs its mutation routine differently. Rather than using encryption to obfuscate its virus body, a metamorphic virus 'rearranges' entire chunks of actual code between iterations in order to create a seemingly different virus. The changes in code are directed by a metamorphic engine and despite the alterations, do not affect function - that is, the virus is still able to perform the same malicious actions through each iteration. Fortunately, the major code changes performed by a metamorphic virus require a high degree of technical skill from the virus author, and there are very few such viruses in the wild so far.

ZERO DAY

17.   A type of attack that exploits a recently publicized vulnerability or security loophole, before program vendors or the security community are able to develop a patch for the vulnerability. The period between the public announcement of a vulnerability and the first release of a patch fixing the vulnerability is also sometimes referred to as "zero hour" – even if the actual timespan is longer than an hour. Dealing With Zero-Day attacks A zero-day attack can be very destructive, as vulnerable systems generally have few defenses against it. 

Tuesday, September 20, 2011

XSS and CSS : Whats the difference ?


I often used to read XSS and CSS being read in the same context when i knew that CSS stands for Cascading Style Sheets.There has been a lot of mixing up of Cascading Style Sheets (CSS) and cross site scripting. But actually when people are speaking of CSS in context of Cross site scripting what they actually mean is XSS only....its the same.....

Powered By Blogger