pentest

New Web Application Scanner: Netsparker

I’ve been involved in the beta testing of Netsparker for some time now.  Now that it’s publicly available, I wanted to write a brief blog post to recommend that you try it out… If you can’t be bothered reading this post, make sure you at least check out the videos of Netsparker in action (particularly […]

Cross-Site Request Forgery For POST Requests With An XML Body

I recently had cause to create a proof-of-concept for a site that seemed to be vulnerable to Cross-Site Request Forgery (CSRF).  I say “seemed” because there was no CSRF protection, but I was finding the XML POST body really hard to forge (It was a SOAP / XMLRPC type request). Eventually Sid from notsosecure.com pointed […]

exploit-suggester Update: v0.3

Minor update to exploit suggester.  It now suggests the raptor sploits for Netscape Portable Runtime vulnerability.  Download it here.

YaptestFE Update: v1.1

Version 1.1 of the Yaptest Frontend is now available.  Download it here. There are three main improvements to the interface: The “Ports” page now displays Nmap version and service information when it’s available. The “Windows Info” page displays a list of Windows hosts along with various information about each: Domain name, whether the host is […]

Yaptest Update: v0.2.1

Version 0.2.1 of yaptest is now available.  Download it here. This is quite a major update.  The most notable improvements are support for running Nessus and/or OpenVAS.  At present Nessus and OpenVAS are automatically run against  any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept […]

unix-privesc-check Update: v1.4

The next version of unix-privesc-check has just been released.  Download it here. This version checks the file permissions of SUID programs.  It should catch issue like the recent Ingres privesc where and SUID programs used a shared object file that could be modified by a non-root user.

unix-privesc-check Update: v1.3

I just updated unix-privesc-check.  Download it here. This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash).

exploit-suggester Update: v0.2

I just released an important update to exploit-suggester.  Download it here. It seems that “showrev -p” sometimes lists multiple revisions for the same patch.  This caused exploit-suggester to return false-positives.

Preventing Web-based Directory Enumeration Attacks Against IIS

I received an interesting tip from Munish about how to prevent directories from being easily identified in IIS.  I’ve updated my original post about directory enumeration with the following info: Setting the “Hidden” Attribute to Hide Files in IIS Hiding directories in IIS seems to be as easy as setting the “hidden” attribute: cd c:\Inetpub\wwwroot […]

YaptestFE

Full details about YaptestFE can be found on its project page.  If you’re after the download link, it’s on the same page.