SQLiv: a massive SQL injection scanner

SQLiv is a Python-based scanning tool that uses Google, Bing or Yahoo for targetted scanning, focused on reveal pages with SQL Injection vulnerabilities.

It uses known dorks in order to find vulnerable URLs.

Features

  1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
  2. targetted scanning by providing specific domain (with crawling)
  3. reverse domain scanning

Installation

  1. Resolve some dependencies:
    pip install bs4 termcolor google
  2. Clone the git repository:
    git clone https://github.com/Hadesy2k/sqliv.git
  3. Start python setup:
    sudo python2 setup.py -i

Quick reference

python sqliv.py --help

usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]

optional arguments:
  -h, --help  show this help message and exit
  -d D        SQL injection dork
  -e E        search engine [Google only for now]
  -p P        number of websites to look for in search engine
  -t T        scan target website
  -r          reverse domain

Some usage examples

1. Multiple domain scanning with SQLi dork

  • it simply search multiple websites from given dork and scan the results one by one
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
python sqliv.py -d "inurl:index.php?id=" -e google

2. Targetted scanning

  • can provide only domain name or specifc url with query params
  • if only domain name is provided, it will crawl and get urls with query
  • then scan the urls one by one
python sqliv.py -t <URL>  
python sqliv.py -t www.example.com  
python sqliv.py -t www.example.com/index.php?id=1

3. Reverse domain and scanning

  • do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r

More information and downloads

WPSeku: a Black-box WordPress Security Scanner


WPSeku is a Black-box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.

What is a Black-box scanner?

Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings.
Essentially, black-box testing takes an approach similar to that of a real attacker.

(from Acunetix.com)

WPSeku is developed and mantained by m4ll0k, that have also developed other interesting security tools, like Infoga and Spaghetti.

The last available version is the 0.2.1 and can be downloaded from GitHub.

Installation

First, install requests:

# pip install requests

After, clone the git repository:

# git clone https://github.com/m4ll0k/WPSeku.git

Finally, start the tool:

# python wpseku.py

Usage

 

Usage: ./wpseku.py [--target|-t] http://localhost

-t --target Target URL (eg: http://localhost)
-x --xss Testing XSS vulns
-s --sql Testing SQL vulns
-l --lfi Testing LFI vulns
-q --query Testable parameters (eg: "id=1&test=1")
-b --brute Bruteforce login via xmlrpc
-u --user Set username, default=admin
-p --proxy Set proxy, (host:port)
-m --method Set method (GET/POST)
-c --cookie Set cookies
-w --wordlist Set wordlist
-a --agent Set user-agent
-r --redirect Redirect target url, default=True
-h --help Show this help and exit

Examples:
wpseku.py --target http://localhost
wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l]
wpseku.py --target http://localhost --brute --wordlist dict.txt
wpseku.py --target http://localhost --brute --user test --wordlist dict.txt

More information and downloads

Wifite 2: a complete rewrite of Wifite

A Python script for auditing wireless networks


Do you know Wifite
It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so the script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16).

The developer, Derv82, has recently released a new version of the tool, Wifite 2, designed entirely for the latest version of Kali Rolling release, with the support for the latest versions of Aircrack-ng suite, wash, reaver, tshark and cowpatty.


The new tool maintains the same interface and command line argument of the previous, but introduces a lot of changes:

  • Lots of files instead of “one big script”.
  • Cleaner process management — No longer leaves processes running in the background.
  • UX: Target access points are refreshed every second instead of every 5 seconds.
  • UX: Displays realtime Power level (in db) of currently-attacked target

So, the updated feature list is:

  • Reaver Pixie-Dust attack (--pixie)
    (The attack works by exploiting weaknesses in the generation of the E-S1 and E-S2 nonces which are used to produce the enrollee hash)
  • Reaver WPS PIN attack (--reaver)
    (A brute force attack against WPS registrar PINs in order to recover WPA/WPA2 passphrases)
  • WPA handshake capture (--no-reaver)
  • Validates handshakes against pyrit, tshark, cowpatty, and aircrack-ng
  • Various WEP attacks (replay, chopchop, fragment, etc)
  • 5Ghz support for wireless cards that support 5ghz (use -5 option)
  • Stores cracked passwords and handshakes to the current directory, with metadata about the access point (via --crackedcommand).
  • Decloaks hidden access points when channel is fixed (use -c <channel> option)
  • Provides commands to crack captured WPA handshakes (via --crack command)

Installation

As usual, installation is very simple:

git clone https://github.com/derv82/wifite2.git
cd wifite2
./Wifite.py

More information and downloads

https://github.com/derv82/wifite2


References

https://github.com/derv82/wifite2
https://github.com/derv82/wifite2
https://github.com/derv82/wifite2
https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

Raven: a tool for gathering information about company employees using google and Linkedin

Useful during a pentest


Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin.

It’s developed using python, Selenium e geckodriver

Features

  • Automatically check found emails in haveibeenpwned.com
  • Output in CSV format

Installation

Simply run setup.sh as root. 
The script resolves some python dependencies and installs geckodriver and xvfb:

pip install beautifulsoup4
pip install requests
pip install selenium
pip install tabulate
pip install pyvirtualdisplay


apt-get install xvfb
tar xvf bin/geckodriver-v0.18.0-linux64.tar.gz
mv geckodriver /usr/bin/geckodriver

Usage

The tool requires at least three parameters: company name , country initials and domain name.

raven.py [-h] -c COMPANY -s STATE -d DOMAIN [-p PAGES] [-lu LUSERNAME] [-lp LPASSWORD]

For example , if the company that you want to search is Evil Corp and the state is Albania the parameters would be:

python raven.py -c 'Evil Corp' -s al -d evilcorp.al

More information and downloads

https://github.com/0x09AL/raven

“Spaghetti”, a Python Web Application security scanner

Designed to find various default and insecure files, configurations and misconfigurations.


Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations.

It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool.


Features

Fingerprints

  • Server
  • Frameworks (CakePHP,CherryPy,Django,…)
  • Firewall (Cloudflare,AWS,Barracuda,…)
  • CMS (Drupal,Joomla,Wordpress)
  • OS (Linux,Unix,Windows,…)
  • Language (PHP,Ruby,Python,ASP,…)

Discovery

  • Admin Panel
  • Apache Enumeration Users
  • Apache XSS
  • Apache ModStatus
  • Backdoors
  • Backup
  • Captcha
  • Common Directories
  • Common Files
  • Cookie Security
  • Multiple Index
  • Information Disclosure (Emails and Private IP)

Installation

Really fast, simply clone the git repository and install the dependencies:

$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r doc/requirements.txt
$ python spaghetti.py -h

More information and downloads

https://github.com/m4ll0k/Spaghetti