• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

Egress Firewall Test

This guide outlines a method to quickly assess the egress traffic filtering of a firewall using the Nmap port scanner. Egress Traffic are connections that are initiated from within an organsiation / system to an external Internet host. Ingress Traffic are connections that are coming into a system, this is typically web servers, mail servers […]
Read More

Webscarab and Ratproxy installation and chaining

In this mini tutorial we are going to use Webscarab and Ratproxy together in a chained fashion. This will enable passive testing of a web application by Ratproxy, with more active intercepting proxy testing to be done by Webscarab. For this reason we will run Ratproxy as the first hop in the proxy chain with […]
Read More

Nessus 5 on Ubuntu 12.04 install and mini review

Having yet to play with Nessus 5, today I grabbed a copy and installed it into my Ubuntu 12.04 64 bit system. Take note I am having a quick look at the product, not using it in a commercial manner as part of the work done by HackerTarget.com. This would require a professional feed license […]
Read More

Install Rapid7’s Nexpose community edition

This is a quick overview of how to install Rapid 7 vulnerability scanner Nexpose on Ubuntu 12.04. Included is a very light review. There are different versions of the NeXpose engine, we will be using the community edition on 64 bit Linux. The company is more famous for its penetration testing framework Metasploit, so lets […]
Read More

sqlmap POST request injection

In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss). However I have recently had to revisit this feature and have found it be to much improved. Both in ease of use and accuracy. This is a quick step by step guide to […]
Read More

Nmap 6.00 added to online port scanning tool

We have completed testing and rolled out the latest Nmap release version 6, to our online port scanner service. At this stage we have enabled Nmap 6 on the immediate port scan page, but are still testing it for scheduled port scanning. This will be upgraded once testing has completed. Congratulations to the Nmap development […]
Read More

WPScan added to WordPress Security Scan

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk). The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins […]
Read More

IPv6 added to online port scanner

Our online nmap port scanner is now IPv6 capable. Nmap has had the ability to scan IPv6 ip addresses for some time now and recently Linode also added IPv6 to its VPS offerings. These additions mean we can now provide on-line port scanning of both IPv4 and IPv6 addresses or Host names that have an […]
Read More

Ubuntu and AntiVirus

Does Ubuntu need anti-virus? This is a question posed by many new users who try out Ubuntu Linux everyday. Everyone who has installed a Windows based operating system knows the first step after the first boot is to install AV. Now for a quick background check; Ubuntu is stable, easy to use and a rock […]
Read More

SQL Injection Scanner List

A few of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. Sqlninja ( http://sqlninja.sourceforge.net/ ) Supports only Microsoft SQL Server. sqlmap ( http://sqlmap.org/ ) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase. Pangolin […]
Read More