Search the Community

Hello everyone, I've been playing around with a freshly acquired Wifi Pineapple Tetra. I upgraded, did a few factory resets and frimware reset too I there a two problems that need to be fixed. The first one apparead with the firmware upgrade from 2.4.something to the latest 2.6.2. : The live scan results don't print. We need to do a scan, stop it and load the scan file to output the results. I have seen this issue a few times on the forums but no admin/dev here made any answer or fix. WE NEED TO FIX THIS. This feature is important for the field pentesting. The second one is linked to wlan1mon. When I enable the PineAp, wlan1 goes into monitor mode and becomes wlan1mon. When PineAP gets disabled, the reverse operation is not done, making the red LED to keep blinking even though the PineAP is stopped. Any admin or dev here could take a look at this please ?

Hello everyone just though I would say my JavaScript network scanner project here : https://github.com/DarrenRainey/JavaScript-Network-Scanner Currently I it will scan and fingerprint devices based upon what files exist or don't exist on the device and once it fingerprints or can connect to a device it sends a post request with the fingerprint such as the routers model, the internal ip address and the user-agent from the victims PC. This code could be embedded into any website and sent a victim for recon. Currently it only scans a few predefined ip address's in the test.html file but I plan to make it scan the local subnet automatically and report any found devices to the attacker web server. The scanning code is based of lan-js with some custom code for identifying and sending the data to the attacker.

Hey everyone, just wanted to show you a recently created service for automated web application and network security scan. If some of you are hosting you'r own web applications perhaps you could test it. If you actually do, please check if there is some vulnerability Metascan could not find. Features: 1. Scans all 65535 ports on target hosts. The scan might take a while but it makes sure that all running services are found. 2. All the services running on host are checked for available vulnerabilities using CVEdetails DB. 3. All input forms and HTTP parameters are tested for most common web application vulnerabilities (XSS, SQLi, XXE and other OWASP TOP 10 attacks). 4. 40 protocols can be brute forced with Metascan's unique password dictionary. The dictionary has quite a long history as it was made up of real user passwords from recent data leaks. Most pentesters i know are building their own dictionaries, the METASCAN's one is huge. 5. Wordpress is tested separately with multiple tools and dir listing dictionaries for Wordpress version,plugins, themes enumeration. After the versions of plugins and CMS itself are revealed, METASCAN automatically searches for public exploits. The key word in METASCAN is "automatically", id say it's like an automatic pentester. 6.METASCAN is capable of subdomains enumeration too, so in case you have left some subdomains/testing servers and beta version servers on public, there will be info about them in the end report too. In my experience it is a common problem, especially for ICO. The reason i created this post is to provide website administrators who are most likely to be hanging out here with a useful service for automated web application security assessment. The solution could be useful in case you are not a pentester/whitehat yourself, but need to get some sense of how secure you'r website is without paying for human work, which is much more expensive. Also the scan is performed with usage of all the tools attacker could use to attack you'r web application. Also METASCAN is probably the best solution in case you need to scan multiple hosts or huge network. The network scanner is capable of scanning huge subnets, like /80. Hope you like it, and any feedback is always appreciated. It took a lot of coding and time to roll out this project. English version for a scan submit: https://metascan.ru/en.html

sorry guys i deleted the script to refine it

Started getting into writing scanners in python a few months back after reading the violent python book, so thought I'd show off what I've done based from the book. The script gets the odd false/positive but apart from that it works fine on finding zimbra-mail by going through network ranges, ex: 192.168.0.1/24, checks if it uses port 7071 then reads the banner received. Feel free to alter the code for personal use or to share. And also, I take no responsibility for anyone's actions. password = ..hak5 https://pastee.org/6daha -Rizla