Monday, July 25, 2011
Friday, July 15, 2011
Browser Based Hacking Framework - Mantra Security Toolkit 0.6.1 Released
Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
Project Goals
Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe
Or read more here.
The software is intended to be lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
Mantra can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
Project Goals
- Create an ecosystem for hackers based on browser
- To bring the attention of security people to the potential of a browser based security platform
- Provide easy to use and portable platform for demonstrating common web based attacks( read training )
- To associate with other security tools/products to make a better environment.
Linux 32-bit – Mantra Security Toolkit – Gandiva.tar.bz2
Windows – OWASP Mantra Security Toolkit – Gandiva.exe
Or read more here.
Thursday, July 14, 2011
WordPress Security/Vulnerability Scanner - WPScan
WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc).
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on version) (todo)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
Requirements
WPScan requires two non native Ruby gems, typhoeus and xml-simple. It should work on both Ruby 1.8.x and 1.9.x.
sudo apt-get install libcurl4-gnutls-devsudo gem install –user-install typhoeussudo gem install –user-install xml-simpleThe full README is available here.
You can download WPScan by checking it out from the SVN repository on Google Code:
svn checkout http://wpscan.googlecode.com/svn/trunk/ wpscan-read-onlyOr you can read more here.
PuTTY v.0.61 Released
PuTTY 0.61 is out, after over four years , with new features, bug fixes, and compatibility updates for Windows 7 and various SSH server software.
PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator
These features are new in beta 0.61:
Kerberos/GSSAPI authentication in SSH-2.
Local X11 authorisation support on Windows. (Unix already had it, of course.)
Support for non-fixed-width fonts on Windows.
GTK 2 support on Unix.
Specifying the logical host name independently of the physical network address to connect to.
Crypto and flow control optimisations.
Support for the [email protected] SSH-2 compression method.
Support for new Windows 7 UI features: Aero resizing and jump lists.
Support for OpenSSH AES-encrypted private key files in PuTTYgen.
Bug fix: handles OpenSSH private keys with primes in either order.
Bug fix: corruption of port forwarding is fixed (we think).
Bug fix: various crashes and hangs when exiting on failure,
Bug fix: hang in the serial back end on Windows.
Bug fix: Windows clipboard is now read asynchronously, in case of deadlock due to the clipboard owner being at the far end of the same PuTTY's network connection (either via X forwarding or via tunnelled rdesktop).
Download: http://www.chiark.greenend.org.uk
Thursday, July 7, 2011
Vodafone Free Gprs Tricks
Vodafone Free Gprs Tricks
Vodafone Free Gprs Tricks Rs 4 Plan , Vodafone user get unlimited free gprs internet Send SMS ACT GPRS To 140 you will get 30MB Free Gprs Internet Data Pack, Once Finish 30MB Data usage again send SMS ACT GPRS To 140 , Again and again activate free vodafone gprs in your mobile phone,Maintain balance below Rs 5/-.
Vodafone Free Gprs Tricks only working for Punjab.
Regards
Adnan Anjum
Tuesday, July 5, 2011
Cryptinator - A simple Encryption Application
Today i decided to make a program like the following one i saw earlier.
![[Image: 43201152623pm.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vWralpxRYklIy2udwjUUriqXR8i6qFObXtG3RIMCn6pWXmidA-KcjjF23tzhQRPcGSbZGp-kGAltGSFUeDMnzjOTZ-_v1U0bSEoRayACgJSmq6qfg1QpW3GA=s0-d)
But instead of just copying it exactly, i used a different encryption algorithm (polystairs) and different methods towards generating/compiling a code.
I am not sure what you would have use for this, but for me when ever i need a completely random string i will use this now.
Cryptinator ScreenShot:
![[Image: screenshotzu.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uWr68ux_V4BNBwf3CBTpELje6jSZ3jm4--f5PZQwERNPNNXAj4De0B3vKO8wNHVfvNdSXHdc4z0iBV4IOoShIbEaoEDOCG8nF_mf4w2lB94E0IDXdEkBIOALgd=s0-d)
Virus Scan
Download
But instead of just copying it exactly, i used a different encryption algorithm (polystairs) and different methods towards generating/compiling a code.
I am not sure what you would have use for this, but for me when ever i need a completely random string i will use this now.
Cryptinator ScreenShot:
Virus Scan
Download
xuhaid SQLi Scanner V3
xuhaid SQLi Scanner V3
--Status:[online]--
I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!
Side Note: Better dork = more results! Keep that in mind!
Ok In This Version We have 2 New Scanner's Public & Private ... And In this Version I have added Duplicate Link remover Soo that after scanning you guys can easily remove duplicate Links.
Private Online SQLi Scanner V1
*Click here to Access*
Public Online SQLi Scanner V1
*Click here to Access*
Private Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*
Public Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*
Ok Public Version Will Log Your Links Which you'll Scan In Our Scanner For Those who hate scanning websites For more info Check here : http://sqlscanner.info/Public-Sql-Scanne...index.html
Public Scanner Version 1 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v1log.txt
Public Scanner Version 2 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v2log.txt
After Scanning You can Now easily Remove Links with one Click From here : http://sqlscanner.info/Repeatremover.html
About Version 2 If you Guys Don,t know This will Scan Only Vulnerable Sites
Dork List :
If You Face Any Kind of Problem Comment Here
Regards
Adnan Anjum
--Status:[online]--
I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!
Side Note: Better dork = more results! Keep that in mind!
Ok In This Version We have 2 New Scanner's Public & Private ... And In this Version I have added Duplicate Link remover Soo that after scanning you guys can easily remove duplicate Links.
Private Online SQLi Scanner V1
*Click here to Access*
Public Online SQLi Scanner V1
*Click here to Access*
Private Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*
Public Online Sqli Scanner V2 Source Code edited By XuhaiD (Only Vulnerable Sites )
*Click here to Access*
Ok Public Version Will Log Your Links Which you'll Scan In Our Scanner For Those who hate scanning websites For more info Check here : http://sqlscanner.info/Public-Sql-Scanne...index.html
Public Scanner Version 1 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v1log.txt
Public Scanner Version 2 Logger here : http://sqlscanner.info/Public-Sql-Scanner/v2log.txt
After Scanning You can Now easily Remove Links with one Click From here : http://sqlscanner.info/Repeatremover.html
About Version 2 If you Guys Don,t know This will Scan Only Vulnerable Sites
Dork List :
Code:
inurl:php?=id+gov
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:tran******.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:recruit_details.php?id=
inurl:index.php?cPath=Quote:Use online sqli scanner (scan specific: websites/domains/countries)
Code:
www.sqlscanner.infoQuote:How to: Scan specific websites
Just use it like this:
inurl:php?id=+site:[domain of website]
you can either change it like:
inurl:php?page=+site:[domain of website]
inurl:php?type=+site:[domain of website]
If by any chance it fail's just put inurl or allinurl instead of site, like this:
inurl:php?id=+inurl:[domain of website]
inurl:php?id=+allinurl:[domain of website]
Examples:
If you want to scan specif countries websites:
for example .pt websites:
inurl:php?type=+site:.pt
or .br:
inurl:php?type=+site:.br
If you want to scan: http://www.thurrock.gov.uk
use: inurl:php?=id+site:thurrock.gov.uk
If You Face Any Kind of Problem Comment Here
Regards
Adnan Anjum
