Wednesday, 9 July 2014

Web Vulnerability Scanner

Hello Guys, As You all Know That Lately I've Launched My Own Tool For Web App Vuln Scanning Purposes, that is Pentester-ToolKit & You can Download it From the Link Given Below.

Download Pentester-Toolkit

Its Much Efficient and Supports a handsome number of Modern Day Attack Scanning So its very beneficial for Security researchers or Website Masters in order to Secure Their Websites From Modern Day Attacks. Also I'll Keep Updating it with New Tools for Making it more efficient for the People.

Scanning Options

Here is a List of Scans Which it can Do.

  1. Check For Server Info
  2. Check HTTPOnly Flag
  3. Check X-Frame-Options
  4. Check For X-XSS-Protection
  5. Check X-Content-Type Options
  6. Check SSL/TLS Security
  7. Check Content Secret Policy
  8. Check Access Control Flaws
  9. Check XDownload Options
  10. Check Cache Control Options
  11. Check DNS MisConfiguration
  12. Check BackUp Abusement
  13. Check Remote Code Execution
  14. Check Cross Site Scripting
  15. Check Error Based SQLi
  16. Check For Directory Traversal
  17. check For HTTP Trace Methods
  18. Check For All Attacks

How to Install

Now comes the Point of My writing this Tutorial Because I got Many Many requests from friends that Post a tutorial on How to Use This toolkit , So Here is the Procedure for Linux & Windows. 

ON Linux

 First of all Open Terminal on Your Linux Distro & Follow the Steps Given below.

  1. sudo easy_install requests
  2. git clone https://github.com/Chaudhary-Adeel/Pentester-Toolkit.git
  3. cd Pentester-Toolkit
  4. chmod +x *
  5. python main.py

and Finally You'r Done with Using Pentester Toolkit, You'll see The Pentester Toolkit Screen interface waiting for you to Command it and Operate as u want.

ON Windows

On Windows You Have to Download Some Basic Things in Order to Use This Tool Kit, Here are Mentioned.
Now That You Have All the Stuff Ready, So Follow the Steps Below,

  1. Extract & install Python 2.7
  2. Now Extract & Copy Python Setup Tools in C:\ Directory
  3. Now Open Command Prompt & Follow Steps
  4. Move to Setup Tools Directory By this Command: cd setuptools-0.9.8
  5. Now Give Command: python setup.py install 

It will install python setup-tools for and a directory named "Script" will be created in your python installation directory.For default installation path, this is newly created directory C:\Python27\Scripts.

Now Again Follow Steps

  1. Give Following Command in Command Prompt: cd C:\Python27\Scripts
  2. Now install requests By Following Command: easy_install.exe requests
  3. After Doing this, Extract Pentester Toolkit in This Directory: C:\Python27
  4. and Try to Execute This Command: python main.py
  5. Bingooo You've Installed it Successfully 


If You Still Have Any Problem in it, Let me Know Via Comments. 

Thanks
 

Playing with Pentester-Toolkit on Windows & Linux

Description: Pentester-Toolkit is Modern Day Web Apps Vulnerability Scanner Coded By Muhammad Adeel, Founder of UrduSecurity
  • Uploaded by: Adeel Chaudhary
  • Views:
  • Share

    12 comments:

    1. Traceback (most recent call last):
      File "main.py", line 6, in
      from Functions import *
      File "C:\Python27\Scripts\lol\Functions.py", line 3, in
      import requests,re,os,sys,time,urllib,urllib2,socket
      ImportError: No module named requests

      ReplyDelete
      Replies
      1. Read Tutorial Carefully, I've Already Told you that First install REQUESTS Module by following above tutorial.

        Regards

        Delete
      2. Web Security >>>>> Download Now

        >>>>> Download Full

        Web Security >>>>> Download LINK

        >>>>> Download Now

        Web Security >>>>> Download Full

        >>>>> Download LINK iG

        Delete
    2. bro ek or baat ki windows mey screen clear karney key liey cls command hoti hai clear nhi.. so es ko fix kijiey. linux mey test nhi kiya code only windows mey kiya hai so us hisab sey thora fix kijiey last mey exit honey par bhi errr dikha raha i windows mey. screenshot dekheye.. only fix for windows. :3
      because i've not enough knowledge of programming.
      http://i.imgur.com/sRJf0bL.png
      http://i.imgur.com/RVUxCef.png

      ReplyDelete
      Replies
      1. it would be better if you add a condition like this
        if sys.platform == 'linux':
        os.system('clear;)
        elif sys.platform == 'windows nt':
        os.system('cls')

        and so on...


        Well I'll Update it asap

        Delete
      2. yeh you are right but I've little experience in programming and totally newbie i'm in this. :p so I'm just able to advised as a user. :v rest depend on you as a point of expertise view. :v and one more thing fix the Python 2.7 download link for windows. :)

        Delete
    3. and bro please use dictionary check on your code. "invallid" spell is invalid in your code at exit. :) see at pic :)
      http://i.imgur.com/7SSKLP2.png

      ReplyDelete
      Replies
      1. Well, Basically This Was Developed For Linux OS, but I'll Now Modify it For Windows too and Not only 'clear' but many other commands i have to fix for windows aswell, so wait for my next update, i'll make it stable . + Yeah there are spell mistakes but PROGRAMMERS check that their code is fine Not Spell :D Anyway Thanks For Mention.

        Delete
      2. grammar and spelling is also important if in urdu language a boy say "" mai vaha par app ka intjaar kar rahi thi.. :v :v :v then how you feel about that.. :v same as applied on other languages. :p

        Delete
    4. Problem here to :----> http://picpaste.com/Capture_2.PNG

      ReplyDelete
      Replies
      1. Provide URL Like THIS: http://xyz.com OR http://xyz.com/somepage.php?id=x

        Also Make Sure that you have Python 2.7 Latest,

        Delete
    5. Hi All!

      I'm selling fresh & genuine SSN Leads, with good connectivity. All data is tested & verified.
      Headers in Leads:

      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | House Owner

      *You can ask for sample before any deal
      *Each SSN lead will be cost $1
      *Premium Lead will be cost $5
      *If anyone wants in bulk I will negotiate
      *Sampling is just for serious buyers

      Hope for the long term deal
      For detailed information please contact me on:

      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      ReplyDelete

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity