"사무라이" 리눅스 기반, 오픈 소스 및 프리웨어의 툴로 구성된 프레임 웍 형태에 웹 사이트 진단 및 테스팅 도구이다. backtrack에 밀려 좀처럼 알려지지 않았지만 진단자에게 필요한 툴로만 구성되어 있다.
Samurai Web Testing Framework (WTF) is an excellent Linux-based LiveCD distribution created by Kevin Johnson of Secure Ideas and Justin Searle of InGuardians to include what they believe are the best of the open source and free tools that focus on testing and attacking websites, selections based on the tools they use as part of their job duties. As part of the Samurai collective there is also the Samurai WTF Firefox add-ons collection which includes web application penetration testing and security analysis add-ons for your Firefox browser.
안드로이드 기반에 Dos 공격을 일으키는 툴이 나왔다. 역시 우려했던 바이다. -ㅅ-; 아직까지는 단순한 flood attack이지만 기본이 갖춰졌으니 DDos나 다양한 공격방식이 나오는 건 시간 문제인 것 같다.
AnDOSid the DOS tool for Android
A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.
Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.
AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.
What's in this version:
Requires Internet access to send the http post data
Requires phone state to access the IMEI (one of the two identifiers sent with each post)
AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.
Setelah download, ekstrak semua filenya dan jalankan XCodeXploitScanner.exe, Klik Dork It dan Tool ini akan mengumpulkan Link dari Dork yang anda masukkan kemudian menampilkan listnya. setelah selesai menampilkan List, Anda akan bisa melakukan scanning kerentanan SQL injection/Local File Inclusion/Cross Site Scripting pada web yang ada di list. Tool ini akan mengirimkan parameter injeksi ke web seperti ‘ – * /../../../../../../../../../../../../../../etc/passwd%00 , “>alert(“XXS DETECTED XCode Exploit Scanner”) . Jika Web tersebut memiliki bug maka di status akan muncul : www.target.com?blabla.php?=1234 : SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../../../etc/passwd%00 LFI Vulnerable
www.target.com?blabla.php?=1234″>alert(“XXS DETECTED XCode Exploit Scanner”) XSS Vulnerable
Pada status list yang terdeteksi, anda bisa klik Open Vuln Link with Browser untuk menampilkan web pada browser anda
Tool ini juga menambahkan webshell hunter, dimana anda bisa mencari web shell c99, r57, c100, ITsecteam_shell, b374k, yang telah diupload oleh hacker.
Mungkin masih banyak kekurangan atau Bug yang belum diketahui oleh penulis. Tapi setidaknya tool ini bisa mempermudah anda untuk mencari target.
Code name : .::XCode Exploit – Vulnurable & webshell Scanner::.
Description : – SQLI/LFI/XSS/Webshell Hunter with Google Engine -
Compiler : Microsoft Visual Basic 6.0
Author : poni
System : Windows 95, 98, XP, Vista, 7
Size : 718 kb
Update : I`m not sure where will i put it. Just
check the sites below
http://www.xcode.or.id
http://ferdianelli.wordpress.com
================================================================
Info :
XCode Exploit – Vulnurable & webshell Scanner help you to
gather the dorks Link from Google. then you may check the
results if its Vulnurable to exploit with SQL injection commands
, LFI,and XSS. And You may hunt the webshells those uploaded.
=================================================================
