WebSecrets 2 demo

Systemerror's Avatar author of WebSecrets 2 demo
This is an article on WebSecrets 2 demo in Products Showcase.
Rated 5.00 By 1 users


Features:

Port Scanning Module:

The first part or the scan will check for some specific open ports, that are mostly particularaly interesting on webserver, in this demo version it'll scan for:

Code:
ftp port 21;
ssh port 22;
terminal port 23;
smtp port 25;
http port 80;
DNS port  53;
pop3 port 110;
netbios-ssn port 139;
https port 443;
RDP port 3389;
And will give you a good explanation on the service once revealed as open (see screen shot) - the full version soon to be released wll have some very good enumeration capabillities, such as: request analyzation, link enumeration, exception analyzing as well as scan more ports and enumeration via services running.

Directory file scanning module:

It still has the webserver file scan module that the beta version had, this list is being vastly improved, but for the sake of this demo it still the scans same file scans the same files, they are:

Code:
/robots.txt
/photoalbum/upload/
/_vti_pvt/
 :5800/
/phpMyAdmin/
/config.html/
/_private/

See the beta versions descrition for more information on those files, what they do, and how they can be exploited.


Denial Of Service Checking and Exploitation weaknesses:

This module (though currently in dev and not available in demo) will search for DoS vulnerabillitys, such as: Buffer Overflows, Bandwidth GET and Syn flood attacks checking, arbitary command execution, privelidge escalation, form input execution analactics, and other methods.., the exploit module will check for weaknesses such as: SQL injection, XSS, command execution, URL encoding to check for priveladge escalation, again - buffer overflows, user accounts default vulnerabilltys, database enumeration, Upload shell checking, shopping cart and other financial institution system weaknesses due to poor data analysation, poor web interface API setup etc, Microsoft IIS exploitation, Apache exploitation, Java remote command execution, FTP upload and directory rights checking, Basic 403 Forbidden authentication testing, and other methods.

Download here
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Moved to Product showcase section
Izaan's Avatar, Join Date: Oct 2007
Skilled contributor
Nice product.
asadullah.ansari's Avatar, Join Date: Jan 2008
TechCake
downloaded and good your effort to help us...Thank u very much..
Saseydon's Avatar, Join Date: May 2009
Light Poster
very nice, I have to see if I can get one of our programmers to look at your shadow demo and implement something similar in our app. Will be interesting to see how well it performs compared to the ugly but fast stencils were using at the moment.
chathura's Avatar, Join Date: Oct 2009
Go4Expert Member
Wow..good product. What kind of purposes can we use this?