Entries Tagged with ‘Vulnerability Research’

Today I am releasing my Simple Local File Inclusion Vulnerability Scanner 1.0 (29th December 2010). [Download] Description The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities. Usage ./lfi_scanner.py –url= Usage example ./lfi_scanner.py –url=”http://www.example.com/page.php?file=main” Usage notes – Always use http://…. – This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/. […]

(Continue reading…)

Download The Joomla Hacking Compendium here. With great pleasure I hereby announce the availability of the new “The Joomla Hacking Compendium”. It contains almost 1000 lines of pure knowledge and shows you the way to hack and protect Joomla. It contains the following chapters: Please find an excerpt below:

(Continue reading…)

I just uploaded a new version of the Simple Local File Inclusion Exploiter, version 1.1. It was updated with some new user agents, “interesting files” and now creates a small log file. Just visit the “My Tools” section for the download link.

(Continue reading…)

Today I am releasing my Simple Local File Inclusion Exploiter 1.0 (21th November 2010). [Download] Description The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan […]

(Continue reading…)

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]

(Continue reading…)

Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features). [Download here] Description The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work. Features – Scan a […]

(Continue reading…)

What if there was a project which checks all available extensions for popular CMS (such as Joomla or WordPress) for vulnerabilities and therefore creates a list of “trusted” and secure plugins on which ppl can rely on? During the last weeks I spent much time thinking about the security of websites in general. While many […]

(Continue reading…)

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

(Continue reading…)

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security […]

(Continue reading…)