Web Application Security Testing Tool - Acunetix v11

London, UK – November 2016 – Acunetix, the pioneer in automated web application security software, has announced the release of version 11. New integrated vulnerability management features extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Version 11 includes a new web-based UI for greater ease-of-use and manageability, providing access by multiple users.

For the first time in the marketplace Acunetix is launching an enterprise-level product that integrates sophisticated automated testing technology with vulnerability management, at a price point accessible to every development team. Chris Martin, CEO, Acunetix explains:

“Acunetix has for the past 12 years been at the forefront in web application security with its cutting-edge vulnerability scanning technology. With version 11 we have combined proactive scanning for web application vulnerabilities with the prioritization of mitigation activities. This integration helps security teams gain the intelligence they need to work more efficiently, prioritizing actions, assigning jobs and therefore reducing costs.”

The new web-based interface significantly improves the manageability of the Acunetix on-premises solution, making it easy for less seasoned security personnel to check the vulnerabilities within the company’s web assets. In addition, user privileges can be automatically assigned.

Nicholas Sciberras, CTO, Acunetix, comments: “Version 11 helps organizations engaged heavily in application development by utilising a role-based multi-user system.”

Inbuilt Vulnerability Management

New integrated vulnerability management features allow for the review of aggregated vulnerability data across all Targets, prioritizing security risks and therefore providing a clear view of the business’ security posture, while facilitating compliance.

New inbuilt vulnerability management features include:

• All Targets (web applications to scan) are now stored in Acunetix with their individual settings and can be easily re-scanned.
• Targets are displayed in one interface and classified by business criticality, allowing you to easily focus on the most important assets.
• Vulnerabilities can also be prioritized by the Target’s business criticality.
• Consolidated reports are stored in the central interface.
• Users can choose between “Target reports”, “Scan reports” or “All Vulnerabilities” report.

Web-based user interface

The user interface has been re-engineered from the ground up for greater usability and manageability. The minimalist design focuses on the most widely used and important features, doing away with extras which cluttered the screen. Since the interface is now web-based, multiple users can access it from their browser irrespective of the OS used.

Role-based multi-user system

Acunetix version 11 allows the creation of multiple user accounts, which can be assigned a particular group of targets. Depending on the privileges assigned to the user, the user can create, scan, and report on the targets assigned to him.This is particularly important for large enterprises, which require multiple users to help secure their assets.

Standard, Pro and Enterprise Editions

Acunetix version 11 will be available in three main editions: Standard, Pro and Enterprise.

Standard Edition – is the entry level, ideal for small organisations and single workstation users. The Standard Edition offers the same level of vulnerability detection provided in the Pro and Enterprise Editions and includes Developer, Executive Summary and OWASP Top 10 reports.

Pro Edition – The Pro Edition allows outsourced or insourced security professionals to group and classify asset targets. It integrates with Software Development Life Cycle (SDLC) project management or bug tracking systems, includes comprehensive compliance reports, and integrates with top Web Application Firewalls (WAFs).

Enterprise Edition – includes full multi-user team support and has the ability to deploy multiple scan engines managed by the central system. The Enterprise Edition will be able to scale from 3 to unlimited users and up to 50 Acunetix scan engines.

Download Acunetix v11

Read More

AutoBrowser Screenshot of HTTP/s Based Ports - AutoBrowser 4.0

AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report(Json file) and screenshots of http/s based ports on the network. you can choose between analyze Nmap report(XML file -oX ) or scan with Nmap, then the tool automaticly Check the results with http/s request on each host using headless web browser, then it would take a screenshot of the response page content.

• This tool is designed for IT professionals to perform penetration testing.

Documentation:

positional arguments: * analyze - Analyze and browse (Require argument: nmap report location) ** scan - Scan and browse (Require argument: target host or file)

optional arguments: * -h, --help - show this help message and exit * **-p PROJECT, --project PROJECT * - project name (folder which contain all the data. default: project) * **-t TIMEOUT, --timeout TIMEOUT * - http request timeout period * **-w MAX_WORKERS, --max-workers MAX_WORKERS * - Max worker processes (Default: 4) * **--useragent USERAGENT * - Set specific user agent * **--java-enabled * - Display Java enviroment * **--verbose * - Show all checks verbosly * **--proxy PROXY * - Relay connections through HTTP/socks5 proxy (Example: socks5://127.0.0.1:8080) * **--proxy-auth PROXY_AUTH * - Set proxy credentials. (Example: username:password)

Examples:
You must to delimiting the values on the CLI arguments via double quotes only!

• Get argument details of scan method:

    python AutoBrowser.py scan --help   

• Scan with Nmap, checks the results and create folder by name project_name verbose via 10 workers:

    python AutoBrowser.py scan "192.168.1.1/24" -a="-sT -sV -T3" -p project_name --workers=10   

• Scan a host list via Nmap(like -iL Nmap flag), checks the results and create folder by name project_name and enabling java environment:

    python AutoBrowser.py scan file_path.txt -a="-sT -sV -T3" -p project_name --verbose --java-enabled   

• Get the argument details of analyze method:

    python AutoBrowser.py analyze --help   

• Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="socks5://127.0.0.1:8080"   

• Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy with credentials:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="http://127.0.0.1:8080" --proxy-auth="username:password"   

• Analyzing Nmap XML report and create folder by name report_analyze with specify user agent:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --user-agent="My New UserAgent"   

Requirements:

Linux Installation:

1. sudo apt-get install python-pip python2.7-dev libxext-dev python-qt4 qt4-dev-tools build-essential nmap
2. sudo pip install -r requirements.txt

MacOSx Installation:

1. Install Xcode Command Line Tools (AppStore)

2.      ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"    

3. brew install pyqt nmap
4. sudo easy_install pip
5. sudo pip install -r requirements.txt

Windows Installation:

1. Install setuptools
2. Install pip
3. Install PyQt4
4. install Nmap
5. Open Command Prompt(cmd) as Administrator -> Goto python folder -> Scripts (cd c:\Python27\Scripts)
6. pip install -r (Full Path To requirements.txt)

Download AutoBrowser

Read More

Black Box vBulletin Vulnerability Scanner - VBScan 0.1.7

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham
• Github : https://github.com/rezasp/vbscan/
• SourceForge : https://sourceforge.net/projects/vbscan/
• OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project

usage :

./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin

OWASP VBScan 0.1.7 introduction (Youtube)


What’s New in Version 0.1.7 [Dennis Ritchie]
OWASP VBScan 0.1.7 [Larry Wall]

• Updated exploit database
• Compatible With Windows [Linux,OSX,Windows]
• Added Full Path Disclosure (FPD) module
• Added firewall detect/bypass module
• Optimized version checker module engine [#12 issue]
• Upgrade config finder module
• Random user agent module set as default setting
• Added HTML Report

Download VBScan

Read More

Exploit Network and Gathering Information with Nmap - Dracnmap

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the utilizing script engine of nmap and nmap can perform various automatic scanning techniques with the advanced commands.

Screenshot

Getting Started

git clone https://github.com/Screetsec/Dracnmap.git
cd Dracnmap
chmod +x Dracnmap.sh
sudo ./Dracnmap.sh or sudo su ./Dracnmap.sh

Requirements

• A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  
• Must install nmap
  

Tutorial
you can visit my channel : https://www.youtube.com/channel/UCpK9IXzLMfVFp9NUfDzxFfw

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Dracos Linux from Scratch Indonesia ( Awesome Penetration os ), you can see in http://dracos-linux.org/
• Offensive Security for the awesome OS ( http://www.offensive-security.com/ )
• http://www.kali.org/ "
  
• Jack Wilder admin in http://www.linuxsec.org
• And another open sources tool in github
• Uptodate new tools hacking visit http://www.kitploit.com
• My Friends ( Boy Suganda )

Download Dracnmap

Read More

KNXnet/IP scanning and auditing tool for KNX home automation installations - KNXmap

A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX (EN 50090, ISO/IEC 14543). KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to scanning, KNXmap supports other modes to interact with KNX gateways like monitor bus messages or write arbitrary values to group addresses.

Compatibility

KNXmap requires Python 3.3 or newer. There are no external dependencies, everything is included in the standard library.

Note : Users of Python 3.3 need to install the asyncio module from PyPI .

Usage
Invoke knxmap.py locally or install it:

python setup.py install

Documentation
The documentation is available in the repository wiki .

Hacking
Enable full debugging and verbosity for development:

PYTHONASYNCIODEBUG=1 knxmap.py -v scan 192.168.178.20 1.1.0-1.1.6 --bus-info

Download KNXmap

Read More

Top 10 Best Apps 2016 - Android Hacking

Do you wanna know how to turn your smartphone in hacking machine ? then you came at  right place . let’s talk about Top 10 Best Android Hacking Apps.

Obs, I'm not responsible for your act

Top 10 Best Android Hacking Apps

#1 Androrat

#AndroRat  ‘s meaning is  Android Remote Administration Tool. androrat is a remote administration tool which is used to control another device without physical access to victim’s device!

see features of Androrat

ºGet contacts (and all theirs informations)
ºGet call logs & Get all messages
ºLocation by GPS/Network
ºMonitoring received messages in live
ºMonitoring phone state in live (call received, call sent, call missed..)
ºTake a picture from the camera & Stream sound from microphone (or other sources..)
ºStreaming video (for activity based client only)
ºDo a toast & Send a text message
ºGive call & Open an URL in the default browser


Download Androrat



#2 DroidBox

DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:

features of Droidbox

ºHashes for the analyzed package
ºIncoming/outgoing network data
ºFile read and write operations
ºStarted services and loaded classes through DexClassLoader
ºInformation leaks via the network, file and SMS
ºCircumvented permissions
ºCryptographic operations performed using Android API
ºListing broadcast receivers
ºSent SMS and phone calls


Download DroidBox



#4 zANTI


zANTI is a penetration testing toolkit  developed by Zimperium Mobile Security for cyber security professionals. Basically, it allows you to simulate malicious attacks on a network. With the help of zANTI, you will be able to perform various types of operations such as MITM attacks, MAC address spoofing, scanning, password auditing, vulnerability checks and much more. In short, this android toolkit is a perfect companion of hackers.  How to use zANTI for Hacking .  this app is very professional in android hacking apps.

features of zANTI

ºuser can Change device’s MAC address.
ºthey can Create a malicious WiFi hotspot.
ºHijack HTTP sessions.
ºCapture downloads.
ºModify HTTP requests and responses.
ºExploit routers.
ºAudit passwords.
ºCheck a device for shellshock and SSL poodle vulnerability.


Download zANTI


#5 APK Inspector

APKinspector is a powerful GUI tool to analyse the Android apps , goal for this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code , edit remove credits license etc.


Download APK Inspector


#6 Droid Sheep

DroidSheep can use victims’ accounts, gaining access to sites that don’t use a secured and encrypted SSL connection that may make HTTPS vulnerable . DroidSheep requires root privileges. While popular sites like Yahoo, Google, and Facebook now support encrypted HTTPS connections that aren’t vulnerable to a tool like DroidSheep, there surely are hundreds of others that are.

Droidsheep apk is also a tool to hack Facebook, Twitter and many other site via your android device. Droidsheep uses the method of cookie Hijacking to hack these accounts. Droidsheep don’t reveal you the passwords and email but you can access Facebook accounts directly without them, i.e. this app provides a ink to get access to other accounts directly.this tool is beast one in the list of android hacking apps.


Download Droid Sheep



#7 Arpspoof

Arpspoof is a tool for network auditing originally written by Dug Song as a part of his dsniff package. Arpspoof  redirects traffic on the local network by forging ARP replies and sending them to either a specific target or all the hosts on the local network paths ,arpsoof in list of my favorite android hacking apps.


Download Arpspoof



#8 Nmap for Android

Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good so that was one of in android hacking apps.


Download NmapA



#9 dSploit 

dSploit is a penetration testing suite developed by Simone Margaritelli for the Android operating system. which consists of several modules that are capable to perform network security assessments on wireless networks,must read guide on


Download dSploit


#10 Wifikill

Wifi Kill Pro Hacking Tool

WiFiKill  is an android tool that you can use to disable internet connection for a device on constant WiFi network. It is a light-weight tool with simple interface , you can kick any user in same wifi network which means you can prevent your neighbors to using your wifi connection using wifikill


Download Wifi Kill Pro


By OffSec

Read More

Console Web Vulnerability Scan Tools - Syhunt ScanTools

Syhunt released the new generation of its console-based scan tools, simply called ScanTools. The first release of ScanTools comes with four console applications: - ScanURL,ScanCode, ScanLog and ScanConf, incorporating the functionality of the scanners Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt Insight and Syhunt Harden respectively. Whether you want to scan a live web application, source code files, web server logs or configuration files for vulnerabilities, weaknesses and more, ScanTools can help you start the task with a single line command. Syhunt ScanTools is available for download as a freeware portable package or as part of Syhunt Community.

Installation

Download Information

Syhunt ScanTools is included with the latest release of Syhunt. It is located in the installation directory of the suite.

Please note that the full-featured version of the tools is only available for registered users.

System Requirements

1. 512 MB of memory
2. 200 MB of free disk space
3. Internet connection (optional for remote scanning)
4. Windows XP, 2003, 2008, Vista, 7, 8 or 10.

Usage

Just run any of the Scan*.exe apps, which are located in the installation directory of Syhunt Hybrid, with no parameters to see usage instructions.

Supported Hunt Methods

For detailed information about scan methods, see the Hunt Methods page.

Scanning IPv6 addresses

Scanurl fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:

Scanurl http://[2001:4860:0:2001::68]

Black Box (Dynamic Scan)

1. Go to the directory Syhunt Hybrid is installed using the command prompt.
2. Use the following command-line:

 Scanurl [starturl] -hm:[a huntmethod]] -gr

 Example:
 Scanurl http://www.somehost.com -hm:appscan -gr

White Box (Source Code Scan)

1. Go to the directory Syhunt is installed using the command prompt.
2. Example command-line:

 Scancode C:\WWW\Docs\ -gr

Gray Box (Dynamic + Code Scan)

1. Go to the directory Syhunt Hybrid is installed using the command prompt.
2. Use the following command-line:

 Scanurl [starturl] -hm:[a huntmethod]] -srcdir:"[SourceDir]" -gr

 Example:
 Scanurl localhost -hm:appscan -srcdir:"C:\WWW\Docs\" -gr

Note: if you already entered the source code directory for the target host using the Syhunt Hybrid GUI in a past scan it is not necessary to assign it again using the -srcdir command.

Download  Syhunt ScanTools

Read More

Onion URL Inspector - ONIOFF

A simple tool - written in pure python - for inspecting Deep Web URLs (or onions).
Compatible with Python 2.6 & 2.7.
Author: Nikolaos Kamarinakis ( nikolaskama.me )


Installation
You can download ONIOFF by cloning the Git Repo and simply installing its requirements:

$ git clone https://github.com/k4m4/onioff.git
$ cd onioff
$ pip install -r requirements.txt

Usage
Usage: python onioff.py {onion} [options]
To view all available options run:

$ python onioff.py -h

NOTE : In order for ONIOFF to work, Tor must be correctly configured and running.

Demo
Here's a short demo:

(For more demos click here )

Download ONIOFF

Read More

Vulnerability Scanner - HellRaiser

HellRaiser Vulnerability Scanner

HellRaiser Vulnerability Scanner scans targets with nmap and then correlates cpe’s found with cve-search to enumerate vulnerabilities.
In order to test and run HellRaiser Vulnerability Scanner you need to install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04

Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install and bundle exec rake db:migrate.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install
bundle exec rake db:migrate

Start

Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage

Access http://127.0.0.1:3000

Download HellRaiser 

Read More

Auto Scanning to SSL Vulnerability - A2SV

                    █████╗ ██████╗ ███████╗██╗   ██╗
                   ██╔══██╗╚════██╗██╔════╝██║   ██║
                   ███████║ █████╔╝███████╗██║   ██║
    .o oOOOOOOOo   ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝        OOOo
    Ob.OOOOOOOo O  ██║  ██║███████╗███████║ ╚████╔╝   .adOOOOOOO
    OboO'''''''''' ╚═╝  ╚═╝╚══════╝╚══════╝  ╚═══╝  ''''''''''OO
    OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo.   `'OOOOOOOOOP,OOOOOOOOOOOB'
    `O'OOOO'     `OOOOo'OOOOOOOOOOO` .adOOOOOOOOO'oOOO'    `OOOOo
    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
    OOOOO                 ''OOOOOOOOOOOOOOOO'`                oOO
   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
 OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO'`  ''OOOOOOOOOOOOO.OOOOOOOOOOOOOO
 'OOOO'       'YOoOOOOMOIONODOO'`  .   ''OOROAOPOEOOOoOY'     'OOO'
    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
    .            oOOP'%OOOOOOOOoOOOOOOO?oOOOOO?OOOO'OOo
                 '%o  OOOO'%OOOO%'%OOOOO'OOOOOO'OOO':
                      `$'  `OOOO' `O'Y ' `OOOO'  o             .
    .                  .     OP'          : o     .
                              :
                   [Auto Scanning to SSL Vulnerability]
                       [By Hahwul / www.hahwul.com]

1. A2SV?
Auto Scanning to SSL Vulnerability.
HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc

A. Support Vulnerability

[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack

B. Dev Plan

[DEV] DROWN Attack
[PLAN] SSL ACCF

2. How to Install?
A. Download(clone) & Unpack A2SV

git clone https://github.com/hahwul/a2sv.git
cd a2sv

B. Install Python Package / OpenSSL

pip install argparse
pip install netaddr

apt-get install openssl

C. Run A2SV

python a2sv.py -h

3. How to Use?

usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]
optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Target URL/IP Address
-p PORT, --port PORT  Custom Port / Default: 443
-m MODULE, --module MODULE
                      Check SSL Vuln with one module
                      [h]: HeartBleed
                      [c]: CCS Injection
                      [p]: SSLv3 POODLE
                      [f]: OpenSSL FREAK
                      [l]: OpenSSL LOGJAM
-u, --update          Update A2SV (GIT)
-v, --version         Show Version

[Scan SSL Vulnerability]

python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111

[Update A2SV]

python a2sv.py -u
python a2sv.py --update

4. Support
Contact hahwul@gmail.com


5. Screenshot

6. Code Reference Site

poodle : https://github.com/supersam654/Poodle-Checker
heartbleed : https://github.com/sensepost/heartbleed-poc
ccs injection : https://github.com/Tripwire/OpenSSL-CCS-Inject-Test
freak : https://gist.github.com/martinseener/d50473228719a9554e6a

Download A2SV

Read More

Vulnerability Scanner - HellRaiser

Install
Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04
Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install

Start
Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage
Access http://127.0.0.1:3000

How it works?
HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities.

Download HellRaiser

Read More

Web Application XSS Scanner - XssPy

XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After that, it starts scanning each and every input on each and every page that it found while its traversal. It uses small yet effective payloads to search for XSS vulnerabilities.

The tool has been tested parallel with paid Vulnerability Scanners and most of the scanners failed to detect the vulnerabilities that the tool was able to find. Moreover, most paid tools scan only one site whereas XSSPY first finds a lot of subdomains and then scan all the links altogether. The tool comes with:

• Short Scanning
• Comprehensive Scanning
• Finding subdomains
• Checking every input on every page

With this tool, Cross Site Scripting vulnerabilities have been found in the websites of MIT, Stanford, Duke University, Informatica, Formassembly, ActiveCompaign, Volcanicpixels, Oxford, Motorola, Berkeley and many more.

Download XssPy

Read More

Black Box vBulletin Vulnerability Scanner Tool - OWASP VBScan 0.1.6

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham
• Github : https://github.com/rezasp/vbscan/
• SourceForge : https://sourceforge.net/projects/vbscan/
• OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project

Usage :

perl vbscan.pl <target>
perl vbscan.pl http://target.com/vbulletin
perl vbscan.pl --help

Download OWASP VBScan

Read More