Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Products Showcase (http://www.go4expert.com/articles/products-showcase/)
-   -   WebSecrets 2 demo (http://www.go4expert.com/articles/websecrets-2-demo-t16114/)

Systemerror 7Feb2009 23:27

WebSecrets 2 demo
 
http://hackersparadise.synthasite.com/resources/ws2.jpg

Features:

Port Scanning Module:

The first part or the scan will check for some specific open ports, that are mostly particularaly interesting on webserver, in this demo version it'll scan for:

Code:

ftp port 21;
ssh port 22;
terminal port 23;
smtp port 25;
http port 80;
DNS port  53;
pop3 port 110;
netbios-ssn port 139;
https port 443;
RDP port 3389;

And will give you a good explanation on the service once revealed as open (see screen shot) - the full version soon to be released wll have some very good enumeration capabillities, such as: request analyzation, link enumeration, exception analyzing as well as scan more ports and enumeration via services running.

Directory file scanning module:

It still has the webserver file scan module that the beta version had, this list is being vastly improved, but for the sake of this demo it still the scans same file scans the same files, they are:

Code:

/robots.txt
/photoalbum/upload/
/_vti_pvt/
 :5800/
/phpMyAdmin/
/config.html/
/_private/


See the beta versions descrition for more information on those files, what they do, and how they can be exploited.


Denial Of Service Checking and Exploitation weaknesses:

This module (though currently in dev and not available in demo) will search for DoS vulnerabillitys, such as: Buffer Overflows, Bandwidth GET and Syn flood attacks checking, arbitary command execution, privelidge escalation, form input execution analactics, and other methods.., the exploit module will check for weaknesses such as: SQL injection, XSS, command execution, URL encoding to check for priveladge escalation, again - buffer overflows, user accounts default vulnerabilltys, database enumeration, Upload shell checking, shopping cart and other financial institution system weaknesses due to poor data analysation, poor web interface API setup etc, Microsoft IIS exploitation, Apache exploitation, Java remote command execution, FTP upload and directory rights checking, Basic 403 Forbidden authentication testing, and other methods.

Download here

shabbir 8Feb2009 00:09

Re: WebSecrets 2 demo
 
Moved to Product showcase section

Izaan 9Feb2009 12:37

Re: WebSecrets 2 demo
 
Nice product.

asadullah.ansari 9Feb2009 12:46

Re: WebSecrets 2 demo
 
downloaded and good your effort to help us...Thank u very much..

Saseydon 8Jun2009 22:04

WebSecrets 2 demo
 
very nice, I have to see if I can get one of our programmers to look at your shadow demo and implement something similar in our app. Will be interesting to see how well it performs compared to the ugly but fast stencils were using at the moment.

chathura 3Nov2009 16:21

Re: WebSecrets 2 demo
 
Wow..good product. What kind of purposes can we use this?


All times are GMT +5.5. The time now is 19:31.