Showing posts with label Framework. Show all posts
Showing posts with label Framework. Show all posts

Friday, February 14, 2014

OWASP Xenotix XSS Exploit Framework v5


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1600+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Following are the V5 Additions

  • Xenotix Scripting Engine
  • Xenotix API
  • V4.5 Bug Fixes
  • GET Network IP (Information Gathering)
  • QR Code Generator for Xenotix xook
  • HTML5 WebCam Screenshot(Exploitation Module)
  • HTML5 Get Page Screenshot (Exploitation Module)
  • Find Feature in View Source.
  • Improved Payload Count to 1630
  • Name Changes

Xenotix Scripting Engine and API


This release features the Xenotix Scripting Engine that works on the top of Xenotix API. The Scripting Engine helps you to create tools and test cases on the go based on your requirements. There are situations when you have to go the manual way and since the ruleset set of an automated tool is not applicable in certain situations. Xenotix Scripting Engine powered by Xenotix API come into your rescue. Now you can make sure your tool works based on your requirements. Apply your Python scripting skills on the latest Scripting Engine.
Xenotix API features
  • 1630 XSS Detection Payloads.
  • An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS Vulnerability Detection.
  • Analyze Response in Trident and Gecko Web Engines to make sure that there are no false positives.
  • Interact with Web Engines from the scope of a Python Script.
  • Make GET and POST Requests with one liner codes.

 Reguirements

Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, January 7, 2014

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework


Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.

Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling

through the paths of a web application’s cyclomatic complexity.

This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.


Changelog

Framework v0.4.6
  • Massively decreased RAM consumption.
  • Amount of performed requests cut down by 1/3 — and thus 1/3 decrease in scan times.
  • Overhauled timing attack and boolean/differential analysis algorithms to fix SQLi false-positives with misbehaving webapps/servers.
  • Vulnerability coverage optimizations with 100% scores on WAVSEP’s tests for:
    • SQL injection
    • Local File Inclusion
    • Remote File Inclusion
    • Non-DOM XSS — DOM XSS not supported until Arachni v0.5.
WebUI v0.4.3
  • Implemented Scan Scheduler with support for recurring scans.
  • Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.

Posted by at No comments:
Labels: , , , , , ,

Tuesday, December 31, 2013

[Capstone] Ultimate Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

Features

  • Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
  • Clean/simple/lightweight/intuitive architecture-neutral API.
  • Provide details on disassembled instruction (called “decomposer” by others).
  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
  • Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
  • Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
  • Thread-safe by design.
  • Distributed under the open source BSD license.

Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Comments (Atom)