web secrets - a nice tool I did in Java for websites
Not Open source.
This is a tool I coded in Java to scan websites for vulnerable files which can aid in someone hacking you site, it was pretty hard to develop as I literally had to hard code 80% of it, but it works nicely - it's only in beta stages so I have a lot more things to add, but this can be useful for people looking for vulnerablity's within a site and/or useful for site administrators looking to further secure there server, as stated it's done in Java so it'll work on windows, Mac, linux etc providing you have the JRE installed which most computers do.
So what does it scan so far?:
1) it'll search for the robots.txt file which will allow users to see URL's that are hidden from spiders, this can be valuble because these files can lead to in-depth server enumeration.
2)It'll scan /photoalbum/upload/ file, which in-turn can result in someone uploading photo's on your album which a lot of servers don't ask for authentication.
3)It'll scan for /_vti_pvt/ file which is a major security issue for sites developed with Microsoft frontpage, this file will show the username in plain text and password hash which can easily be cracked.
4)It'll scan :5800/ which is a common port for VNC, this will usually lead the a VNC login portal.
5)It'll scan /phpMyAdmin/ which is vulnerable on many php sites, this can lead to gaining root information.
6)It'll scan /config.html/ which can lead to further information, this seem's to be a problem with a lot of people using Apachi.
7)It'll scan /_private/ folder which sometimes holds information which can literally give you full access.
|All times are GMT +5.5. The time now is 12:46.|