A newer and improved version of FOCA version 3.0 is out for the grabs! Our old post regarding FOCA can be found here.
“FOCA, which stands for “Fingerprinting Organization with Collected Archives” is an automated tool for downloading documents published in websites, extracting metadata and analyzing data. FOCA is a tool for conducting fingerprinting processes and information gathering on [...]
Our first post regarding RIPS can be found here. New and updated version of RIPS version 0.40 is now available for download!
“RIPS is a static source code analyser for vulnerabilities in PHP web applications.”
This is the official change log:
Code analysis:
fixed bug with vartrace and different dependencies (if(condition) $var=1; else $var=2;)
fixed bug with string reconstruction of [...]
After almost a year, fimap has been updated to fimap alpha version 09. Our first post about fimap can be found here.
“fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql [...]
One of our favourites – w3af is now updated! We now have w3af version 1.0-rc6! We spoke about it in detail here.
“w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af [...]
Static code analysis is the analysis of computer software that is performed without actually executing programs built from that software. The amount of websites has increased rapidly during the last years. While websites consisted mostly of static HTML files in the last decade, more and more web applications with dynamic content appeared as a result [...]
We blogged about fimap here. Now, an updated version 08 is available for download.
“fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.”
This is the change [...]
Today, we have this post from the milw0rm, which is written by ZeQ3uL & JabAv0C.
“LFI to RCE Exploit with Perl Script” is an interesting post about exploiting a website via File Inclusion (RFI/LFI). The author has done an amazing job that we think needs an applause.
This post as it’s name suggests uses Perl as [...]
After finishing up the list of free web application scanners, we still wanted to see if we have missed any web application scanner. We missed this one. Though this is a small Python application, not meant for large web applications, this will work good on small applications. The name of this tool is – Grabber.
Grabber [...]