• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

sqlmap POST request injection

In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss). However I have recently had to revisit this feature and have found it be to much improved. Both in ease of use and accuracy. This is a quick step by step guide to […]
Read More

Nmap 6.00 added to online port scanning tool

We have completed testing and rolled out the latest Nmap release version 6, to our online port scanner service. At this stage we have enabled Nmap 6 on the immediate port scan page, but are still testing it for scheduled port scanning. This will be upgraded once testing has completed. Congratulations to the Nmap development […]
Read More

WPScan added to WordPress Security Scan

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk). The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins […]
Read More

IPv6 added to online port scanner

Our online nmap port scanner is now IPv6 capable. Nmap has had the ability to scan IPv6 ip addresses for some time now and recently Linode also added IPv6 to its VPS offerings. These additions mean we can now provide on-line port scanning of both IPv4 and IPv6 addresses or Host names that have an […]
Read More

Ubuntu and AntiVirus

Does Ubuntu need anti-virus? This is a question posed by many new users who try out Ubuntu Linux everyday. Everyone who has installed a Windows based operating system knows the first step after the first boot is to install AV. Now for a quick background check; Ubuntu is stable, easy to use and a rock […]
Read More

SQL Injection Scanner List

A few of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. Sqlninja ( http://sqlninja.sourceforge.net/ ) Supports only Microsoft SQL Server. sqlmap ( http://sqlmap.org/ ) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase. Pangolin […]
Read More

Security Testing WordPress

Our scan does not perform brute forcing of accounts, passwords or plugins. Brute Forcing is more appropriate in a targeted pen-test or black-box vulnerability assessment. Simply put brute forcing: Plugins is achieved by testing URL's: http://myexampleblog.cm/wp-content/plugins/$pluginname Usernames can be brute forced with a POST request to the login form (Incorrect username) Passwords can be brute […]
Read More

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More

Hydra 6.4 Password Brute Forcer

The latest version of Hydra has been released with some bug fixes. Problems noted in my post comparing hydra with ncrack and medusa have been addressed and after testing I can confirm these issues are no longer present. CHANGELOG for 6.4 ================= * Update SIP module to extract and use external IP addr return from […]
Read More

Testing WordPress Password Security with Metasploit

How easy is it to hack wordpress admin accounts? Poor WordPress password security is an ongoing issue, the purpose of this post is to highlight how easy it is to break into wordpress admin accounts that have weak passwords. Metasploit Framework is an open source penetration testing application that has modules for the explicit purpose […]
Read More