Entries Tagged with ‘Security Assessment’

Today I am releasing my Simple LAN Scanner 1.0 (08th January 2011). [Download] Description The Simple LAN Scanner is a very simple LAN scanner written in Python. It scans the local network and tries to give you the MAC and IP addresses of the discovered running systems. Furthermore it creates a small log file at […]

(Continue reading…)

Today I am releasing my Simple Local File Inclusion Vulnerability Scanner 1.0 (29th December 2010). [Download] Description The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities. Usage ./lfi_scanner.py –url= Usage example ./lfi_scanner.py –url=”http://www.example.com/page.php?file=main” Usage notes – Always use http://…. – This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/. […]

(Continue reading…)

I just uploaded a new version of the Simple Local File Inclusion Exploiter, version 1.1. It was updated with some new user agents, “interesting files” and now creates a small log file. Just visit the “My Tools” section for the download link.

(Continue reading…)

Today I am releasing my Simple Local File Inclusion Exploiter 1.0 (21th November 2010). [Download] Description The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan […]

(Continue reading…)

Today I am releasing version 0.5 of my Simple SQL Injection Vulnerability Scanner. [Download here] It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz […]

(Continue reading…)

Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features). [Download here] Description The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Features – Scan a […]

(Continue reading…)

What if there was a project which checks all available extensions for popular CMS (such as Joomla or WordPress) for vulnerabilities and therefore creates a list of “trusted” and secure plugins on which ppl can rely on? During the last weeks I spent much time thinking about the security of websites in general. While many […]

(Continue reading…)

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

(Continue reading…)

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security […]

(Continue reading…)