Category: WEB

All about web security!

Security, WEB

Detect, record and prevent attacks on web applications

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. Download The Shadow Daemon web application …

Hacking, Penetration Testing, WEB

Scan for vulnerable 3rd party web applications

Yasuo is a ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. During a network security assessment we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. Exploit-db contains hundreds exploits that could allow an attacker …

Detection, Probing, WEB

Web Application Fingerprinter – Discover Web Application

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/ Discussion and Forums: http://www.qualys.com/blindelephant License: LGPL …

Crawling, WEB

GNU Wget

GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc. GNU Wget has many features to make retrieving large files or mirroring entire web …

Browsers, Crawling, WEB

Offline browser utility

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a …

Detection, Enumeration, Penetration Testing, Scanners, Security Software, Vulnerabilities, WEB

Testing your web application for vulnerabilities | Part 1

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It is developed using Python to be easy to use and extend, and licensed under GPLv2.0. w3af is fully extensible and if you …

Proxy, Sniffing, WEB

Fiddler – web debugging proxy

I discovered recently this tool. I’d like to share with you.   Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and “fiddle” with incoming or outgoing data.   Fiddler is freeware and can debug traffic from virtually any …

Cracking, Email, General, Passwords, Physical security, Vulnerabilities, WEB

1 xor 1 = 0 | How Apple and Amazon Security Flaws Led to an Epic Hacking

Password-based security mechanisms —which can be cracked, reset, and socially engineered— no longer suffice in the era of cloud computing. … The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.‪ http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/