• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

WPScan added to WordPress Security Scan

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk). The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins […]
Read More
11 years ago

IPv6 added to online port scanner

Our online nmap port scanner is now IPv6 capable. Nmap has had the ability to scan IPv6 ip addresses for some time now and recently Linode also added IPv6 to its VPS offerings. These additions mean we can now provide on-line port scanning of both IPv4 and IPv6 addresses or Host names that have an […]
Read More
12 years ago

Ubuntu and AntiVirus

Does Ubuntu need anti-virus? This is a question posed by many new users who try out Ubuntu Linux everyday. Everyone who has installed a Windows based operating system knows the first step after the first boot is to install AV. Now for a quick background check; Ubuntu is stable, easy to use and a rock […]
Read More
12 years ago

SQL Injection Scanner List

A few of the wide range of SQL Injection scanning tools available from detection to automated exploitation and shells on a plate. Sqlninja ( http://sqlninja.sourceforge.net/ ) Supports only Microsoft SQL Server. sqlmap ( http://sqlmap.org/ ) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase. Pangolin […]
Read More
12 years ago

Security Testing WordPress

Our scan does not perform brute forcing of accounts, passwords or plugins. Brute Forcing is more appropriate in a targeted pen-test or black-box vulnerability assessment. Simply put brute forcing: Plugins is achieved by testing URL's: http://myexampleblog.cm/wp-content/plugins/$pluginname Usernames can be brute forced with a POST request to the login form (Incorrect username) Passwords can be brute […]
Read More
12 years ago

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More
12 years ago

Hydra Password Brute Force

THC Hydra examples for brute forcing passwords Hydra continues to be a recognised and widely used method for brute force attacks for password cracking. The tool supports many protocols, a few of which are SSH, SMTP, IMAP, MONGODB, CISCO AAA, VNC, RDP amongst many others. From the command line the basic syntax structure for brute […]
Read More
12 years ago

Testing WordPress Password Security with Metasploit

How easy is it to hack wordpress admin accounts? Poor WordPress password security is an ongoing issue, the purpose of this post is to highlight how easy it is to break into wordpress admin accounts that have weak passwords. Metasploit Framework is an open source penetration testing application that has modules for the explicit purpose […]
Read More
12 years ago

w3af web application security testing framework stable released

sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny new splash screen highlighting the new owner of the project that being Rapid7. A notice that I don't have the latest update appears, so auto update is performed after confirmation. Following some local testing […]
Read More
12 years ago

Brute Forcing Passwords with ncrack, hydra and medusa

Ready to test a number of password brute-forcing tools? Passwords are often the weakest link in any system and ultimately brute-force. Testing for weak passwords is an important part of security vulnerability assessments. This article will focus on tools that allow remote service brute-forcing. These are typically Internet facing services that are accessible from anywhere […]
Read More
12 years ago