Tag Archives: tools

Pentest tools – Burp Suite Professional v1.6.23

Burp Suite contains the following key components:
An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
An application-aware Spider, for crawling content and functionality.
An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
A Repeater tool, for manipulating and resending individual requests.
A Sequencer tool, for testing the randomness of session tokens.
The ability to save your work and resume working later.
Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.
scanner_1
Release Notes

v1.6.23

This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags containing entity parameters. Burp now sends payloads like:

%f5a30; ]>

and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.

The release also fixes some issues:

Some bugs affecting the saving and restoring of Burp state files.
A bug in the Collaborator server where the auto-generated self-signed certificate does not use a wildcard prefix in the CN. This issue only affects private Collaborator server deployments where a custom SSL certificate has not been configured.

FacebookTwitterGoogle+Share

linux – vane (a fork of wpscan)

Source
Vane is a GPL fork of the now non-free popular wordpress vulnerability scanner WPScan.

Prerequisites

  • Windows not supported
  • Ruby => 1.9
  • RubyGems
  • Git

Installing on Debian/Ubuntu

sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/delvelabs/vane.git
cd vane
sudo gem install bundler && bundle install --without test development

Continue reading linux – vane (a fork of wpscan)

FacebookTwitterGoogle+Share

windows – autolock your system with your phone

download
Download btprox from the sourceforge website and start the installer.

Btprox setup screen 1
Btprox setup screen 1

You can keep the original destination folder and click on Install and close it when it is finished.
Now pair your phone with your laptop by bluetooth. You can do this by rightclicking on the bluetooth icon Bluetooth iconand clicking on add a bluetooth device.  Now select your phone (You have to enable bluetooth and make your phone visible first)

Nexus 5 bluetooth pair
Nexus 5 bluetooth pair

After this we start the btproxy.exe from the C:\Program Files (x86)\BtProx folder

Btprox screen
Btprox screen

Select your phone at Used device

Select BT device
Select BT device

Now you can add the lock command in the Lock command box. The command to lock your system is: rundll32.exe user32.dll,LockWorkStation

Btprox with lock command
Btprox with lock command

Now press Start and your all set.
When you reboot the system BTprox will autostart.

FacebookTwitterGoogle+Share

windows – foca fingerprinting tool

download link
extract en start the foca.exe in the bin folder
Simple example to extract some meta data:

Screenshot of FOCA fingerprinting software
Foca start new project

Fill in your project name, domain website, alternative domains (if you know some), folder where to save documents, project date and project notes. Press +Create

FOCA search all
Foca search all

Press the Search All button
Now FOCA will search google and bing for documents which can contain metadata. If you get lucky FOCA will list some:

extract metadata with foca
extract metadata with foca

Right click in the results and click download all. When the download is finished you can click Extract All Metadata.

If all goes fine you now have a list with the extracted metadata.

foca metadata overview
foca metadata overview
FacebookTwitterGoogle+Share