ClsHack:Computer Security Blog    

Today I found an interesting script that uses the library python scapy both of which I have spoken to find Gateway :)
From the official website:

Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet.
This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other Internal LANs. It doesn’t perform a hugely thorough check, but it is quick at least. It’s python, so it should be easy to modify if you need it to do something more sophisticated.

Download

https://github.com/pentestmonkey/gateway-finder
(more…)

And here I am again, in this article, we will talk about tools, for the penetration-test, level web applications.
Many times we find sites defacciati, well it is not always the fault of the cms vulnerable, also depends on changes we made, that might make them unsafe.
And after, you are so index:

After this:
[tutorial]Tool for Information Gathering
[tutorial]Tool for Network Mapping
[tutorial]Tool for Vulnerability Identification level Server

Let's see how to identify vulnerabilities, level web applications…
I tools, I have proposed are the following:

===WEB VULNERABILITY SCANNER===

• Wapiti: Web application security Scanner
• Grendel-Scan:web application security testing tool
• Skip Fish: Google security Scanner
• Websecurify
• w3af:Web Application Attack and Audit Framework
• SqlMap
• Fimap: Scanner LFI(Local File Inclusion ) and RFI(Remote File Inclusion)

===FINGER PLUGIN AND VERSION===


• WhatWeb
• Plecost: A WordPress Penetration-Test for Plugins
• OWASP Joomla Vulnerability Scanner

===CODE ANALYTICS===


• RIPS:source code analyser for vulnerabilities in PHP
• RATS: Rough Auditing Tool for Security
• Pixy

(more…)

Information Gathering, or how to gather information from remote systems and.
This phase, is very useful in an approach for example with the penetration-test.

Let's say that before attacking, need to know “What's behind”, and this stage allows us to gather a wealth of information, come email, telephone numbers, or other useful also for conducting a social attack.

In backTrack, are placed in this category, Numbers Software, I, I have selected some.
I'm not saying that others do not go well, rather , but I can not talk about 30 tool :D

• theHarvester, Email, User names and Subdomain/Hostnames finder[presente in backtrack]
• Maltego 2[presente in backtrack]
• Fierce Domain Scan
• httprint is a web server fingerprinting tool. [presente in backtrack]
• DirBuster

We start from the first: theHarvester, Email, User names and Subdomain/Hostnames finder.

This simple tool, python found in backtrack, with the name of goog email enum.

This tool, as from the description, allows to find:

• Email;
• User names;
• Subdomain/Hostnames;

Leveraging google, or other search services such as linklin or bing ;)
Let's see how to use it.
I put the package on my website to facilitate any change of address ;)
We open our console :D
wget http://www.clshack.com/nopaste/theHarvester-1.6.tar
tar -xvf theHar*.tar
cd theH*
Well now we type, per un help:
python theHarvester.py
Example:
python theHarvester.py -d SITO_DA_CERCARE -l 100 -b bing
I used bing, because I know that I required the google captcha, I have found no human :)
(more…)