Social Icons

Thursday, September 11, 2014

VEGA SCANNER : Powerful Open Source Web Application Vulnerability Scanner

1.   Vega is one free and open source scanner and testing platform to test the security of web applications by Subgraph, an open source security software company. Vega can help find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. 

Main Features:

    Automated Crawler and Vulnerability Scanner
    Consistent UI
    Website Crawler
    Intercepting Proxy
    SSL MITM
    Content Analysis
    Customizable alerts
    Database and Shared Data Model

2.   So to launch Vega in Kali Linux...go to Web Applications then to Web Vulnerability Scanners and select Vega

 Vega will flash an introduction banner and display a GUI

Vega has Scanner and Proxy tabs as u play with the interface as seen below. To use Vega as a Scanner,click on the Scanner tab , click on Scan on the top-left corner and select to start new scan
 You will see an input field asking for the target. The screen shot tested below is targeting www.thesecurityblogger.com. Choose target and click on Next:











3.   It takes time to scan but gives pretty exhaustive results and presents a summary too.

Wednesday, August 27, 2014

Skipfish : Web Application Security Reconnaissance@Kali Linux

1.   Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active security checks. Skipfish is fast and easy to implement and can perform a robust scan of any website providing a lot of security tests, like php injection, XSS, format string vulnerabilities, overflow vulnerabilities, file inclusions and lot more categorized into high risk, medium risk and low risk issues. Skipfish also provides summary overviews of document types and issue types found; and an interactive sitemap, with nodes discovered through brute-force denoted in a distinctive way.

2.    The first thing that you should do is download the latest version of Skipfish here: http://code.google.com/p/skipfish/downloads/list

3.     The following screenshots show a stepped way to run and use this tool...





4.    As u download the file,you move to the terminal and cd to the place you have downloaded the file.Type the following command  to unzip the ,tgz file.
5.    There are pleothra command options available in Skipfish against a target website using a custom wordlist, enter skipfish, select your wordlist using the -W option followed by the location of the wordlist, select your output directory using -o followed by the location, and finally the target website.

Skipfish –o (output location) –S (location of wordlist) (target site)

The following example shows a scan using a wordlist called medium.wl on securityblogger.com. Skipfish will create a folder called Skipfishkaoutput on the desktop. This is run using the keyword skipfish, –o /root/Desktop/Skipfishkaoutput to specify the location to which send the output, -W /root/Desktop/medium.wl to specify the location of the dictionary and http://www.thesecuirtyblogger.com as the target to scan against.

So in the example that I take here,you need to type the following at the terminal :




It is also seen that the default Skipfish dictionaries will not run when using the –W command. You can copy a default wordlist and remove the read-only in the first line of the list (#ro) to run as a custom wordlist. This is shown in the following screen-shot:
Once the scan is complete or if you end it early, Skipfish will generate thousands of output files in the location specified when using the –o option to designate an output folder.To see the results, click on the index.html file, which will bring up an browser. You can click through the drop-down boxes to see your results.


The tool is pretty powerful indeed...can be gauged from the following screen shot of a news site that says that professional criminals used this tool to hack a financial site... :-)


Tuesday, August 26, 2014

WEBSHAG : Scan a Web server@Kali Linux

1.    The name of this tool is such that a layman might start pondering some other thoughts :-)..Webshag ... is actually a multi-threaded, multi-platform web server audit tool  that's coded in Python and gathers useful common functionality for web server auditing like website crawling, URL scanning and file fuzzing.This can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication. In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated. It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).This post gives out a stepped screenshot on how to use it in Kali Linux for auditing a website.







The post shows the screen-shots for a Webshag version 1.10....that's the latest as on date...like always I have...this tool is too an opensource tool with a great functionality.....

Friday, August 22, 2014

FOCA : Extracting website Meta data

1.    Metadata is "data about data". It provides info about a certain item's content like for example, an image may include metadata that describes when was the picture clicked,which camera was used to click the image,the resolution etc. A text document's metadata may contain information about how long the document is, who the author is, when the document was written, and a short summary kind of document.Metadata can be useful to Penetration Testers,because it contains information about the system where the file was created, such as Name of users logged into the system,Software that created the document and OS of the system that created the document.This post will introduce to a tool know as FOCA ...that stands for

Once the project is named and u locate to store the project files, click on the Create button, as shown below :

Next thing to do is save the project file and click on the Search All button so FOCA will use search engines to scan for documents.


Right-click on the file and select the Download option, as shown below:

Right-click on the file and select the Extract Metadata option, as shown below :

Right-click on the file and select the Analyze Metadata option, as shown above :
 One can see the user who created and used this document as seen below :
You can also see what all software’s have been used to create the document.
In many cases, attackers will be able to see much more information and gather intelligence about a target, the network, usernames, etc… by using this tool.Though the tool is available with Kali but with newer versions it is only available with Windows....


Sunday, August 17, 2014

Zenmap:GUI for NMAP@Kali Linux

1.     Most of us would have heard of the pretty famous Nmap ("Network Mapper") ,a free and open source (license) utility for network discovery and security auditing.It uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Designed to rapidly scan large networks Nmap runs on all major computer operating systems.Official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).In this post the focus will be to introduce Zenmap...a kind of GUI for running NMAP commands which is otherwise terminal based.

2.   To open Zenmap, go to the Backtrack menu. Navigate to Information Mapping - DNS Analysis, and click Zenmap.


3.   Notice that under the Profile menu that there are several options to determine what type of scan you would like to run, as shown in the following screenshot:

4.    The first step is creating a new profile. A profile in Zenmap allows a Penetration Tester to create what type of scan to execute and what different options to include.Navigate to the Profile menu and select New Profile as shown in the following screenshot:




5.   When you select New Profile, the profile editor will launch. You will need to give your profile a descriptive name. For example, you can call the profile testscan as I have named here.Optionally, you can give the profile a description. During your course of using Zenmap you will probably create many profiles and make multiple scans.








6.    Zenmap is the best way to get output from Nmap scans. Zenmap offers a rich graphical user interface that displays scans that can be exported into different formats, such as text or Microsoft Excel.
Powered By Blogger