Archive | Tools RSS feed for this section

WPScan added to WordPress Security Scan

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk). The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins [...]

IPv6 added to online port scanner

Our online nmap port scanner is now IPv6 capable. Nmap has had the ability to scan IPv6 ip addresses for some time now and recently Linode also added IPv6 to its VPS offerings. These additions mean we can now provide on-line port scanning of both IPv4 and IPv6 addresses or Host names that have an [...]

Ubuntu and AntiVirus

Does Ubuntu need anti-virus? This is a question posed by many of the legions of new users who try out Ubuntu Linux everyday. New users dive into Linux booting up the massively popular Ubuntu Linux. Now for a quick background check; Ubuntu is stable, easy to use and a rock solid desktop. I have been [...]

SQL Injection Scanner List

Coresec.org has an excellent summary of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. Hit the link for the full list – SQL Injection Scanners

Security Testing WordPress

A couple of wordpress security assessment tools have popped up over the past couple of months, this has to be a good thing with the number of WordPress installations sky-rocketing. First of course there is the HackerTarget.com scan, externally facing and coming in at a fairly high level. The system downloads some of your pages, [...]

Backdoor Corporate Networks with Metasploit

Backdoor Corporate Networks with Metasploit

HD Moore recently announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. Let’s first look at a common locked down Corporate Network. Then we will show how [...]

Hydra 6.4 Password Brute Forcer

The latest version of Hydra has been released with some bug fixes. Problems noted in my post comparing hydra with ncrack and medusa have been addressed and after testing I can confirm these issues are no longer present. CHANGELOG for 6.4 ================= * Update SIP module to extract and use external IP addr return from [...]

Installing OpenVas 4.0 on Ubuntu 10.04

OpenVas 4.0 was released at the end of March, I have been busy and have not had a chance to fire up the production release. Today I built it from source using one of my test VPS servers. What follows is a quick summary of the process. I think I covered all the steps, however [...]

Testing WordPress Password Security with Metasploit

How easy is it to hack wordpress admin accounts? Poor WordPress password security is an ongoing issue, the purpose of this post is to highlight how easy it is to break into wordpress admin accounts that have weak passwords. Metasploit Framework is an open source penetration testing application that has modules for the explicit purpose [...]

w3af web application security testing framework stable released

The latest version of w3af has been released and its a “stable” 1.0 release. To fire it up on Ubuntu only a couple of steps are required: Download the latest version from here: http://sourceforge.net/projects/w3af/files/ sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny [...]