This is a simple utility which runs against target site and look for external references and cross domain malicious injections. There are several vulnerable sites which get manipulated with these types of injections and compromised. The site gets registered with stopbadware and other databases as well. This tool helps in doing initial scanning to look for obvious injections. At this point it is looking into iframe and script tags as defined in regex file.
Saturday, September 12, 2009
Thursday, September 10, 2009
AppPrint (Beta)
Web, Application Server and Web 2.0 Fingerprinting tool (Beta)
AppPrint scans IP range, IP or host for Web and Application servers. It scans port 80 for a particular target and tries to deduce the banner using httprint methodology. This gives best guessed banner for Web Server. In next step it uses method of forced plug-in invoke and scan for application server type. At this point it tries to fingerprint Tomcat, WebLogic, WebSphere, Orion, ColdFusion and Resin. It also fingerprints Web 2.0 libraries and components. It requires .NET framework installed. In future version we will build several other technology mapping and fingerprinting technologies like Flash, Laszlo etc. Also, planning to add WAF fingerprinting module.
AppPrint scans IP range, IP or host for Web and Application servers. It scans port 80 for a particular target and tries to deduce the banner using httprint methodology. This gives best guessed banner for Web Server. In next step it uses method of forced plug-in invoke and scan for application server type. At this point it tries to fingerprint Tomcat, WebLogic, WebSphere, Orion, ColdFusion and Resin. It also fingerprints Web 2.0 libraries and components. It requires .NET framework installed. In future version we will build several other technology mapping and fingerprinting technologies like Flash, Laszlo etc. Also, planning to add WAF fingerprinting module.
Web2Fuzz (Beta)
Web 2.0 Application Auto Fuzzing tool
This tool helps in fuzzing next generation application running on Web/enterprise 2.0 platform. It can be used with Web2Proxy by harvesting JSON, XML, JS-Object etc. from already profiled HTTP requests. Adding various fuzz loads and injecting them into particular request. One can encode fuzz load in various forms to pollute/poison Web 2.0 streams. It is possible to analyze responses by using various techniques like response behavior, stream structure or patterns. Tool contains sample payload and pdf/slides can help you in giving better understanding of its behavior.
This tool helps in fuzzing next generation application running on Web/enterprise 2.0 platform. It can be used with Web2Proxy by harvesting JSON, XML, JS-Object etc. from already profiled HTTP requests. Adding various fuzz loads and injecting them into particular request. One can encode fuzz load in various forms to pollute/poison Web 2.0 streams. It is possible to analyze responses by using various techniques like response behavior, stream structure or patterns. Tool contains sample payload and pdf/slides can help you in giving better understanding of its behavior.
Subscribe to:
Posts (Atom)