Hiding your tracks for public facing targets has become easier - thanks to scanless! It allows you to scan IP addresses utilizing online services that already exist. However, instead of you manually submitting the target to each of them, this Python script does it for you.What is scanless?Scanless is an open source script coded in Python that helps you to perform port scans utilizing multiple online scanners such as you get signal, View DNS, Hacker Target, IPFingerPrints, ping.eu, Read more about scanless: Anonymize Your Port Scans!
Vulnerability Assessment Archives:
If you use Kali and like searchsploit, chances are you will like getsploit even more. What searchsploit is to exploit-db, getsploit is to well, every exploit source covered by vulners.com. Read more about getsploit: Search & Download Exploits!
My last post was about PowerMeta, which launches Google & Bing search queries to download files from a target domain and performs EXIF analysis on them. This method gives us an insight into the different "actors" on the domain. However, if you want more information about the domain, check out DataSploit. Read more about DataSploit: An Open Source OSINT Assistant!
This short post is about HatCloud, an open source tool coded in Ruby that helps you find the IP addresses of websites that are protected by CloudFlare. You know why would you need the real IP addresses right?The tool is quiet simple, needs just net/http, open-uri, json, socket and optparse. It leverages CrimeFlare to get the IP address behind CloudFlare and then uses ipinfo.io to get more information about the IP address. It sends a HTTP POST with your input via the cfS parameter Read more about HatCloud: Identify CloudFlare Protected IP Addresses!
My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites. Read more about WPXF: The WordPress Exploit Framework!
There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it's release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website. Read more about WPSeku: A Simple WordPress Security Scanner!
A problem with remote web application vulnerability scanners is that sometimes they have false positives. The only way to get good results is by launching an actual exploit, which if not treated with caution can lead to problems with the web application itself. This is where pyfiscan comes into picture and helps you perform a non-intrusive vulnerability scan on your own web application. Read more about pyfiscan: A Local Web Application Vulnerability Scanner!