Friday, July 15, 2011

Browser Based Hacking Framework - Mantra Security Toolkit 0.6.1 Released

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.


The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.


Project Goals
  • Create an ecosystem for hackers based on browser
  • To bring the attention of security people to the potential of a browser based security platform
  • Provide easy to use and portable platform for demonstrating common web based attacks( read training )
  • To associate with other security tools/products to make a better environment.
You can download Mantra 0.6.1 here:
Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe
Or read more here.

Thursday, July 14, 2011

WordPress Security/Vulnerability Scanner - WPScan

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).

Features

  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on version) (todo)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, …)

Requirements

WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.

sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple

The full README is available here.

You can download WPScan by checking it out from the SVN repository on Google Code:

svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-only

Or you can read more here.

PuTTY v.0.61 Released

PuTTY 0.61 is out, after over four years , with new features, bug fixes, and compatibility updates for Windows 7 and various SSH server software.

                                                         
PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator

These features are new in beta 0.61:
Kerberos/GSSAPI authentication in SSH-2.
Local X11 authorisation support on Windows. (Unix already had it, of course.)
Support for non-fixed-width fonts on Windows.
GTK 2 support on Unix.
Specifying the logical host name independently of the physical network address to connect to.
Crypto and flow control optimisations.
Support for the [email protected] SSH-2 compression method.
Support for new Windows 7 UI features: Aero resizing and jump lists.
Support for OpenSSH AES-encrypted private key files in PuTTYgen.
Bug fix: handles OpenSSH private keys with primes in either order.
Bug fix: corruption of port forwarding is fixed (we think).
Bug fix: various crashes and hangs when exiting on failure,
Bug fix: hang in the serial back end on Windows.
Bug fix: Windows clipboard is now read asynchronously, in case of deadlock due to the clipboard owner being at the far end of the same PuTTY's network connection (either via X forwarding or via tunnelled rdesktop).

Thursday, July 7, 2011

Vodafone Free Gprs Tricks

Vodafone Free Gprs Tricks

 

Vodafone Free Gprs Tricks Rs 4 Plan , Vodafone user get unlimited free gprs internet Send SMS ACT GPRS To 140 you will get 30MB Free Gprs Internet Data Pack, Once Finish 30MB Data usage again send SMS ACT GPRS To 140 , Again and again activate free vodafone gprs in your mobile phone,Maintain balance below Rs 5/-.
Vodafone Free Gprs Tricks only working for Punjab.


Regards
Adnan Anjum

Tuesday, July 5, 2011

Cryptinator - A simple Encryption Application

Today i decided to make a program like the following one i saw earlier.
[Image: 43201152623pm.png]

But instead of just copying it exactly, i used a different encryption algorithm (polystairs) and different methods towards generating/compiling a code.

I am not sure what you would have use for this, but for me when ever i need a completely random string i will use this now.

Cryptinator ScreenShot:
[Image: screenshotzu.png]

Virus Scan
Download

xuhaid SQLi Scanner V3

xuhaid SQLi Scanner V3
--Status:[online]--


I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!
Side Note: Better dork = more results! Keep that in mind!


Ok In This Version We have 2 New Scanner's Public & Private ... And In this Version I have added Duplicate Link remover Soo that after scanning you guys can easily remove duplicate Links.

Private Online SQLi Scanner V1
*Click here to Access*

Public Online SQLi Scanner V1
*Click here to Access*

Private Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*

Public Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*

Ok Public Version Will Log Your Links Which you'll Scan In Our Scanner For Those who hate scanning websites For more info Check here : http://sqlscanner.info/Public-Sql-Scanne...index.html

Public Scanner Version 1 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v1log.txt

Public Scanner Version 2 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v2log.txt

After Scanning You can Now easily Remove Links with one Click From here : http://sqlscanner.info/Repeatremover.html

About Version 2 If you Guys Don,t know This will Scan Only Vulnerable Sites

Dork List :


Code:
inurl:php?=id+gov
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:recruit_details.php?id=
inurl:index.php?cPath=

Quote:Use online sqli scanner (scan specific: websites/domains/countries)

Code:
www.sqlscanner.info

Quote:How to: Scan specific websites

Just use it like this:
inurl:php?id=+site:[domain of website]

you can either change it like:
inurl:php?page=+site:[domain of website]
inurl:php?type=+site:[domain of website]

If by any chance it fail's just put inurl or allinurl instead of site, like this:
inurl:php?id=+inurl:[domain of website]
inurl:php?id=+allinurl:[domain of website]

Examples:

If you want to scan specif countries websites:
for example .pt websites:
inurl:php?type=+site:.pt
or .br:
inurl:php?type=+site:.br

If you want to scan: http://www.thurrock.gov.uk
use: inurl:php?=id+site:thurrock.gov.uk

If You Face Any Kind of Problem Comment Here
Regards
Adnan Anjum