All of you web application penetration testers, check out this release of XSSer version 0.7a, for it now has 26 new injections!
“XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
It contains several options to try to bypass certain filters, and various special techniques of code injection.“
These are the changes:
- Added attack payloads to fuzzer (26 new injections).
- Added POST connections: Now you can inject on webforms.
- Added Statistics: reports with data about efficiency, connections, vectors, etc..
- Added URL Shorteners: Now, it is possible to have valid results in short links. for the moment support tinyurl and is.gd. your “malicious” code ready to share!!
- Added IP Octal: Spoofing for fuzzing vectors. Your remote/local IPs encoded in Octal.
- Added Post-processing payloads: When you see have a valid “hole/payload”, you can say to XSSer to prepare the real code that you want to inject.
- Added DOM Shadows: For this version, this implementation is a server side anti-logging feature. You can inject code using Document Object Model eval function, to evade some possible server IDS’s.
- Added Cookie injector: Now is possible to inject code on HTTP Cookie parameters automatically.
- Added Browser DoS (Denial of Service): Yes!!. If you have a valid payload to inject, XSSer will prepare you a code for share with victims who “collapse” their browsers. DoS of client browser ready for play friend -scripter-!
You can download XSSer version 0.7a here.
Searches leading to this post:
xsser tutorial
Tagged as: cross-site scripting, FireFox, HTTPS, Open Source, Web Application Penetration Testing, Web Application Scanner, xss attack, XSSer, XSSploit
Good news for Websecurify lovers, as we have an updated Websecurify version 0.7 amongst us finally!
“Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.”
This version contains the following improvements:
- Users interface improvements
- Faster, more stable testing platform
- Improved extension development API
- Less false-positives
- Significant testing performance gains
- Automatic taking of vulnerability screenshots
- Integration with the Websecurify Network
- Improved fuzzing strategies
- Workspace perspectives
- Integrated application and extension automatic updates
Download Websecurify version 0.7 here!
Tagged as: local file inclusion, Open Source, Web Application Penetration Testing, Web Application Scanner, web application testing, Websecurify
PacketFence is a free and open source network access control (NAC) system and the reason for us writing about it again is that a new version has been released! The latest MAJOR release is PacketFence version 1.9.0. Our first post can be found here.
“
PacketFence is an open-source network access control (NAC) system which provides the following features: registration, detection of abnormal network activities, proactive vulnerability scans, isolation of problematic devices, remediation through a captive portal, 802.1X, wireless integration and DHCP fingerprinting.“
This is the update log:
- Official Linux 64 bit support
New Hardware Support
- Cisco Wireless Services Module (WiSM)
- Cisco Integrated Services Routers (ISR) 1800 Series
- Cisco Catalyst 3750 Series
- Cisco Catalyst 4500 Series
- Foundry FastIron 4802 Port security and Voice over IP support (feature sponsored by an entity who preferred to remain anonymous)
- HP Procurve 3400cl (tested by roelof)
- SMC SMC8824M and SMC8848M in Port Security (feature sponsored by Seattle Pacific University developed with the help of SMC)
New Features
- Node category support, you can assign different VLANs or whitelist violations based on a node’s category (#968)
- Added support for Floating Network Devices (See Admin Guide for details)
Enhancements
- Improved error reporting in the web administration panel and cli
- More information available in Node Lookup (IP, DHCP lease)
- Improved database layer (more robust and logs errors)
- pfsetvlan is more resistant to configuration mistakes and reports them
- Net-SNMP 5.4 support
- Freeradius 2.x support
- @ character now allowed in person id (pid). This is very common in Active Directory environment.
- New admin authentication mechanism added (disabled by default)
- New debugging features (disabled by default)
- New DHCP fingerprints
- Optional backup script in addons/ now archives old records
- New helper synchronization scripts in addons/high-availability
Download the major release packetfence-1.9.0.tar.gz here.
Searches leading to this post:
packet fence howto,
packetfence,
packetfence 1 9 tutorial install,
packetfence openvas
Tagged as: how to setup network access control tool, Open Source, PacketFence
