Wapiti is a vulnerability assessment framework that performs black box security auditing of the web applications. The … [Read More...]
Featured Articles
Sparta –Network Scanning and Enumeration Tool
Sparta is a network reconnaissance tool that helps penetration testers during the scanning and enumeration stage. Sparta … [Read More...]
How To Use Trape To Phish And Track Any User
Trape is a web based penetration testing tool that can track users and launch different browser attacks. The payloads … [Read More...]
Latest Blog Updates
Loading...Wapiti –Web Applications Security Auditing Framework
Wapiti is a vulnerability assessment framework that performs black box security auditing of the web applications. The vulnerabilities that can be assessed with Wapiti include database injections, Local File Inclusion (LFI), Remote File Inclusion (RFI), command execution, CRLF injection, Server Side Request Forgery (SSRF), XML External Entity (XXE) injection, Shellshock bugs, .htaccess attacks, and source code disclosure vulnerabilities. The database injection includes SQL, XPATH, PHP, ASP, and JSP injection attacks. Command execution attack analysis includes detection of eval(), system(), and pastru() … [Read More...]
Sparta –Network Scanning and Enumeration Tool
Sparta is a network reconnaissance tool that helps penetration testers during the scanning and enumeration stage. Sparta can identify the live hosts in a network, find the services running on each host, and perform bruteforce attacks to find out default credentials for the common services. The tool also enumerates the devices/services that use the same login credentials in the network. Sparta Installation Sparta requires Nmap, Hydra, and Cutycapt tools to perform the basic functions like adding hosts to the tool, performing bruteforce attack on the services, and taking screenshots of the network hosts. In … [Read More...]
How To Use Trape To Phish And Track Any User
Trape is a web based penetration testing tool that can track users and launch different browser attacks. The payloads are shared with the victim through social engineering tricks. Upon clicking the vulnerable link, the information about target operating system, running browser, target location, IP address, and active user sessions on different networks is exposed. Some of the supported networks include Google, Facebook, Instagram, Linkedin, Amazon, Redit, Etsy, Youtube, and Twitter. Trape can launch different browser attacks on the victim’s machine. These include replacing active web pages with desired pages, … [Read More...]
How to get from SQL Injection to Shell — Walkthrough
SQL Injection to Shell is a SQL injection based VM which is hosted on pentesterlab, in this our main goal is to identify the SQL injection vulnerability, exploit that, gain access to the admin console, and run the commands on the system. The VM can be downloaded from the URL: https://pentesterlab.com/exercises/from_sqli_to_shell The VM is good for learning SQL injection exploitation and how to obtain shell access of a system by exploiting SQL Injection vulnerability. The level of this virtual machine is easy and is very good for beginners to start with. So lets start the walkthrough to get the shell---Firstly … [Read More...]
Rebel Framework –Multi Platform Penetration Testing Framework
Rebel is a testing framework that can perform various penetration tests related to networks and web applications. Regarding networks, Rebel Framework scans networks, detects live hosts, does port scanning, finds common vulnerabilities, sniffs network traffic, obtains network interface information, and halts connection between two or more points in a network. The web application penetration testing features of Rebel Framework include website information gathering (IP address, email server, phone numbers), website/IP address location finding, sub-domains enumeration, email information gathering, CMS detection, CMS … [Read More...]
Like Us On Facebook
Become a Member
