Features: Port Scanning Module: The first part or the scan will check for some specific open ports, that are mostly particularaly interesting on webserver, in this demo version it'll scan for: Code: ftp port 21; ssh port 22; terminal port 23; smtp port 25; http port 80; DNS port 53; pop3 port 110; netbios-ssn port 139; https port 443; RDP port 3389; And will give you a good explanation on the service once revealed as open (see screen shot) - the full version soon to be released wll have some very good enumeration capabillities, such as: request analyzation, link enumeration, exception analyzing as well as scan more ports and enumeration via services running. Directory file scanning module: It still has the webserver file scan module that the beta version had, this list is being vastly improved, but for the sake of this demo it still the scans same file scans the same files, they are: Code: /robots.txt /photoalbum/upload/ /_vti_pvt/ :5800/ /phpMyAdmin/ /config.html/ /_private/ See the beta versions descrition for more information on those files, what they do, and how they can be exploited. Denial Of Service Checking and Exploitation weaknesses: This module (though currently in dev and not available in demo) will search for DoS vulnerabillitys, such as: Buffer Overflows, Bandwidth GET and Syn flood attacks checking, arbitary command execution, privelidge escalation, form input execution analactics, and other methods.., the exploit module will check for weaknesses such as: SQL injection, XSS, command execution, URL encoding to check for priveladge escalation, again - buffer overflows, user accounts default vulnerabilltys, database enumeration, Upload shell checking, shopping cart and other financial institution system weaknesses due to poor data analysation, poor web interface API setup etc, Microsoft IIS exploitation, Apache exploitation, Java remote command execution, FTP upload and directory rights checking, Basic 403 Forbidden authentication testing, and other methods. Download here
very nice, I have to see if I can get one of our programmers to look at your shadow demo and implement something similar in our app. Will be interesting to see how well it performs compared to the ugly but fast stencils were using at the moment.