One of the key aspects of penetration testing is the automation of routine actions. Someone writes standalone programs for this, but now there are many products that allow you to extend their functionality with the help of additional modules. An example of a free vulnerability scanner with custom modules support is OpenVAS, but this article is about Nessus, which isn't free, but in my humble opinion, finds more and generates fewer false positives (although OpenVAS started as a fork of Nessus, but that was a long time ago). Let's get started.
Continue reading "Writing simple Nessus plugin"
When it comes to black-box testing of web applications, one of the main things is to search through possible web paths to find new entry points and “forgotten” data. That is, any list of popular directory names (like /uploads/) and files (data.txt, file.php, etc.) is taken and a sequential search of valid paths is performed. The technique is well-known, old, there are many utilities to exploit it, many public lists of such paths. Among the most popular are the following utilities:
- dirb (http://dirb.sourceforge.net/)
- wfuzz (https://github.com/xmendez/wfuzz)
- DirBuster (https://sourceforge.net/projects/dirbuster/)
- nikto (https://github.com/sullo/nikto)
- dirsearch (https://github.com/maurosoria/dirsearch)
- nmap (http-enum module) (https://nmap.org)
- Metasploit Framework (dir_scanner and files_dir modules) (https://www.metasploit.com/)
- Burp Suite (using Intruder) (https://portswigger.net/burp)
Lots of them...
Personally I prefer wfuzz (pretty fast, convenient filtering of web server responses by several criteria), or Burp Suite.
Continue reading "Pentest 101: Content bruteforcing lists"
Simple perl script for mp3 broadcasting. Plays tracks in random order.
There is also a .bat + netcat implementation:
FOR /R %music% %%G IN (*.mp3) DO (
echo Playing: %%G
echo "HTTP/1.0 200 OK\r\nContent-Type: audio/x-mp3stream\r\n\r\n"
) | nc -l -p %port% > NUL
This is a simple SSH bruteforce script, also it can be used for batch command execution on multiple computers.
Basically this script loops through the list of IPs specified in iplist.txt, then uses all possible combinations of authorization credentials (from users.txt and passw.txt) and tries to login. If authorization is successful, the script executes a shell command specified in the $cmd variable, grabs the output and stores it in the res.txt file.
Also, the Net::SSH::Perl module must be installed. If you have troubles with installation of this module, then try to install one of the following modules first:
This is a simple example of Tk module usage for GUI creation in Perl. Here is the script to download mp3 files from Last.fm (available only if you're a paid or recently registered member).
A final version of the script will look like this:
Let's start. Continue reading "GUI в Perl (Tk)"