python

Patator: Brute forcer tool

by Black on January 16, 2012

in Portable, PPOTD, Security Reconnaissance

Patator is a multi-purpose brute-forcer, written in pyton language, with a modular design and a flexible usage. Can be modified and rewritten as per our environment requirement. Patator is licensed GPLv2.

Modules supported buy patator

ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt [...]

Tagged as: , , ,

Be the first to comment!

SHORT POST: WhoHasTLB – Extract TypeLib data from COM Objects!

by Black on September 25, 2010

in Malware Analysis, Open Source, Reverse Engineering, Short Post, Windows

Our old post about Dranzer introduced you with tools such as COMRaider and AxMan. Dranzer could help you fuzz ActiveX objects.

But some times, you would also need to know the Interface Definition Language (IDL) of the component that is not registered on the computer. In such case of reverse engineering or malware analysis or fuzzing, [...]

Tagged as: , , , , , , ,

Be the first to comment!

UPDATE: fimap v08!

by Black on March 14, 2010

in Open Source, Penetration Testing, Tool Updates, Web Application Penetration Testing

We blogged about fimap here. Now, an updated version 08 is available for download.

“fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.”

This is the change [...]

Tagged as: , , ,

Be the first to comment!

WEBreak: Perform Security Audits on Web Applications!

by Black on March 12, 2010

in Fuzzing, Open Source, Penetration Testing, Web Application Penetration Testing

You must be aware of our post regarding WFuzz. Consider WEBreak as the better version of WFuzz. Infact, it comes from the same author.

WEBreak performs security audits on web applications. It has been programmed in Python. Infact, you can consider it to be a web interface to WFuzz. It has a RIA (Rich internet [...]

Tagged as: , , , , ,

Be the first to comment!

UPDATE: fimap v07!

by Black on December 21, 2009

in Open Source, Penetration Testing, Security tools, Tool Updates, Web Application Penetration Testing

We blogged about fimap here. Now, an updated fimap version 07 is available for download.
“fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.”

This is [...]

Tagged as: , , ,

Be the first to comment!

fimap: Audit local and remote file inclusions!

by Black on November 12, 2009

in Open Source, Penetration Testing, Security tools, Web Application Penetration Testing

Remote File Inclusion is a type of attack; which primarily affects PHP, that allows a user to run his/her own PHP code on a vulnerable website.
With Local File Inclusion, you have the ability to execute an arbitrary file on the server.
So, you see both these types of attacks are very dangerous, yet easy to scan! [...]

Tagged as: , , ,

Be the first to comment!

Page 1 of 1
1