Jump to content

Search the Community

Showing results for tags 'owasp'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Skype

Location

Interests

Found 2 results

  1. Metascan
    Hey everyone, just wanted to show you a recently created service for automated web application and network security scan. If some of you are hosting you'r own web applications perhaps you could test it. If you actually do, please check if there is some vulnerability Metascan could not find. Features: 1. Scans all 65535 ports on target hosts. The scan might take a while but it makes sure that all running services are found. 2. All the services running on host are checked for available vulnerabilities using CVEdetails DB. 3. All input forms and HTTP parameters are tested for most common web application vulnerabilities (XSS, SQLi, XXE and other OWASP TOP 10 attacks). 4. 40 protocols can be brute forced with Metascan's unique password dictionary. The dictionary has quite a long history as it was made up of real user passwords from recent data leaks. Most pentesters i know are building their own dictionaries, the METASCAN's one is huge. 5. Wordpress is tested separately with multiple tools and dir listing dictionaries for Wordpress version,plugins, themes enumeration. After the versions of plugins and CMS itself are revealed, METASCAN automatically searches for public exploits. The key word in METASCAN is "automatically", id say it's like an automatic pentester. 6.METASCAN is capable of subdomains enumeration too, so in case you have left some subdomains/testing servers and beta version servers on public, there will be info about them in the end report too. In my experience it is a common problem, especially for ICO. The reason i created this post is to provide website administrators who are most likely to be hanging out here with a useful service for automated web application security assessment. The solution could be useful in case you are not a pentester/whitehat yourself, but need to get some sense of how secure you'r website is without paying for human work, which is much more expensive. Also the scan is performed with usage of all the tools attacker could use to attack you'r web application. Also METASCAN is probably the best solution in case you need to scan multiple hosts or huge network. The network scanner is capable of scanning huge subnets, like /80. Hope you like it, and any feedback is always appreciated. It took a lot of coding and time to roll out this project. English version for a scan submit: https://metascan.ru/en.html
  2. research-bob
    Are Google URLs truly vulnerable to Open Redirection like explained here https://www.indusface.com/blog/?p=1646 Can it happen to anyone's website?
×
×
  • Create New...