1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebSecrets 2 demo

Discussion in 'Products Showcase' started by Systemerror, Feb 7, 2009.

  1. Systemerror

    Systemerror New Member

    Joined:
    Jan 11, 2008
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    0
    Home Page:
    [​IMG]

    Features:

    Port Scanning Module:

    The first part or the scan will check for some specific open ports, that are mostly particularaly interesting on webserver, in this demo version it'll scan for:

    Code:
    ftp port 21;
    ssh port 22;
    terminal port 23;
    smtp port 25;
    http port 80;
    DNS port  53;
    pop3 port 110;
    netbios-ssn port 139;
    https port 443;
    RDP port 3389;
    And will give you a good explanation on the service once revealed as open (see screen shot) - the full version soon to be released wll have some very good enumeration capabillities, such as: request analyzation, link enumeration, exception analyzing as well as scan more ports and enumeration via services running.

    Directory file scanning module:

    It still has the webserver file scan module that the beta version had, this list is being vastly improved, but for the sake of this demo it still the scans same file scans the same files, they are:

    Code:
    /robots.txt
    /photoalbum/upload/
    /_vti_pvt/
     :5800/
    /phpMyAdmin/
    /config.html/
    /_private/

    See the beta versions descrition for more information on those files, what they do, and how they can be exploited.


    Denial Of Service Checking and Exploitation weaknesses:

    This module (though currently in dev and not available in demo) will search for DoS vulnerabillitys, such as: Buffer Overflows, Bandwidth GET and Syn flood attacks checking, arbitary command execution, privelidge escalation, form input execution analactics, and other methods.., the exploit module will check for weaknesses such as: SQL injection, XSS, command execution, URL encoding to check for priveladge escalation, again - buffer overflows, user accounts default vulnerabilltys, database enumeration, Upload shell checking, shopping cart and other financial institution system weaknesses due to poor data analysation, poor web interface API setup etc, Microsoft IIS exploitation, Apache exploitation, Java remote command execution, FTP upload and directory rights checking, Basic 403 Forbidden authentication testing, and other methods.

    Download here
     
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83
    Moved to Product showcase section
     
  3. Izaan

    Izaan New Member

    Joined:
    Oct 16, 2007
    Messages:
    215
    Likes Received:
    2
    Trophy Points:
    0
    Nice product.
     
  4. asadullah.ansari

    asadullah.ansari TechCake

    Joined:
    Jan 9, 2008
    Messages:
    356
    Likes Received:
    14
    Trophy Points:
    0
    Occupation:
    Developer
    Location:
    NOIDA
    downloaded and good your effort to help us...Thank u very much..
     
  5. Saseydon

    Saseydon New Member

    Joined:
    May 20, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Czech Republic
    Location:
    Czech Republic
    very nice, I have to see if I can get one of our programmers to look at your shadow demo and implement something similar in our app. Will be interesting to see how well it performs compared to the ugly but fast stencils were using at the moment.
     
  6. chathura

    chathura New Member

    Joined:
    Oct 31, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    Home Page:
    Wow..good product. What kind of purposes can we use this?
     

Share This Page