This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label Web Security Scanner. Show all posts
Showing posts with label Web Security Scanner. Show all posts

Nipper - Toolkit Web Scan for Android

January 06, 2015  , , , , , , , , ,  


La Primera herramienta de escáner de vulnerabilidades WEB, En entorno Android (Versión para iOS en desarrollo), este escáner de vulnerabilidad fue enfocado para CMS más usadas, (WordPress, Drupal, Joomla. Blogger ).

En su primera versión Nipper cuenta con 10 módulos distintos, para recopilar información acerca de un URL en específica.

Su interfaz ha sido pensada para que tan solo con unos “toques” en su interfaz extraerías gran parte de su información.

Módulos Disponibles:
  • IP Server
  • CMS Detect & Version
  • DNS Lookup
  • Nmap ports IP SERVER
  • Enumeration Users
  • Enumeration Plugins
  • Find Exploit Core CMS
  • Find Exploit DB
  • CloudFlare Resolver
Nipper NO requiere ROOT, tan solo requiere permiso a internet.
Compatible desde 2.3 a Android L.


Read More

[Netsparker v3.2] Web Application Security Scanner

January 25, 2014  , , , , , ,  


Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.

The main highlight of this version is the web services scanner; now scan and identify vulnerabilities and security issues in web services automatically and easily.

Changelog v3.2

New Features
  • Ability to scan SOAP web services for security issues and vulnerabilities
  • Request and Response viewers to view HTTP requests/responses like XML and JSON tree views
  • New knowledge base node that will include all AJAX/XML HTTP Requests
  • New value matching options for form values other than regex pattern (exact, contains, starts, ends)
  • New report template for parsing source information Crawled URLs List (CSV)
New Security Checks
  • Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path
  • Added Programming Error Message vulnerability detection for SOAP faults
  • Added AutoComplete vulnerability for password inputs
  • NuSOAP version disclosure
  • NuSOAP version check
Improvements
  • Improved XSS vulnerability confirmation
  • Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources
  • Added latest version custom field for the version vulnerabilities
  • Added standard context menus to text editors
  • Sitemap tree will displan nodes of JSON, XML and SOAP requests and responses with no parameters
  • Added force option to form value settings to enforce user specified values
  • Optimized attack patterns for JSON and XML attacks by reducing attack requests
  • Optimized Common Directories list and removed the limit for Extensive Security Checks policy
  • Improved the license dialog to show whether a license is missing or expired
Fixes
  • Fixed update dialog to not show on autopilot mode
  • Fixed an interim auto update crash
  • Fixed typo in Out of Scope Links knowledge base report template
  • Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation
  • Fixed Controlled Scan button disabled issue for some sitemap nodes
  • Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template
  • Fixed form authentication wizard to use user agent set on currently selected policy
  • Fixed zero response time issue for some sitemap nodes
  • Fixed dashboard progress bar showing 100%
  • Fixed random crashes on license dialog while loading license file or closing dialog
  • Fixed Microsoft Anti-XSS Library links on vulnerability references

Read More

[Vega v1.0 Build 108] Web Security Scanner

January 13, 2014  , , , , , , ,  


Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.


 Features

  • Automated Crawler and Vulnerability Scanner
  • Consistent UI
  • Website Crawler
  • Intercepting Proxy
  • SSL MITM
  • Content Analysis
  • Extensibility through a Powerful Javascript Module API
  • Customizable alerts
  • Database and Shared Data Model
Some of the features in the 1.0 release include:
  • Active proxy scanner
  • Greatly improved detections
  • Greatly improved support for authenticated scanning
  • API enhancements
  • HTTP message viewer enhancements

Modules

  • Cross Site Scripting (XSS)
  • SQL Injection
  • Directory Traversal
  • URL Injection
  • Error Detection
  • File Uploads
  • Sensitive Data Discovery

Read More
Subscribe to: Posts (Atom)