Vulnerability Analysis 240502-B

OwScan

scan your website for vulnerabilities.find website applications vulnerabilities and fingerprint the target web application
Installation :

$ apt update && apt upgrade
$ apt install git
$ apt install php
$ git clone
 https://github.com/gameye98/owscan
$ cd owscan
$ chmod +x *
 usage :
$ php owscan.php
 enter target site for example : example.com. it gives you information related to your target site.

CMS Map
CMS map is a tool used to find the vulnerabilities of website such as joomla,dripal,wordpress with the help of this tool we can scan our site vulnerabilities and fix it,and stay safe and secure execute these commands one by one to install.

Installation :
$ apt update
$ apt upgrade
$ apt install git
$ apt install python2
$ git clone
 https://github.com/Dionach/CMSmap.git
$ cd CMSmap
$ chmod +x *
usage :
$ python2 cms.py -h
[it shows all options how we can use this tool]

Click Jacking Scanner
This script scans target site is vulnerable for this attack

Installation :
$ apt update && apt upgrade
$ apt install git
$ apt install python2
$ apt install python
$ git clone https://github.com/D4Vinci/Clickjacking-Tester
$ cd Clickjacking-tester
$ chmod +hm *
Now create here file.text file, in this file paste vcitem website and save it
usage :
$ python3 Clickjacking-tester.py file.text
Now it starts scanning if target is vulnerable then it shows you..


Tm - Scanner

TM-scanner is simple python script. this tool for detecting vulnerabilities in websites

Installation :
$ apt update && apt upgrade
$ apt install git
$ apt install python2
$ apt install python
$ git clone
https;//github.com/TechnicalMujeeb/TM-scanner
$ cd TM-scanner
$ chmod +x *
$ sh install.sh
usage :
$ python2 tmscanner.py
select your option and enter target site[example.com]


AndroBugs_Framework

Androbug framework is used to check the android apps vulnerabilities
to find bugs in android application.
Execute these commands one by one to install.

Installation :
$ apt update
$ apt upgrade
$ apt install git
$ apt install python2
$ git clone https://github.com/AndroBugs/AndroBugs_Framework
$ cd AndroBugs_Framework
$ chmod +x *
 usage :
Now move your app to AndroBugs_Framework folder
for example :
mv app.apk /$HOME/AndroBugs_Framework/
$ python2 androbugs.py -f app.apk -o result.txt
above command is used to check app bugs..
app.apk = is your app name
result.txt = to store all information
It shows all bugs and vulnerabilities of your app
that's it

SQLI Scan
Sqliscan by dork :

Installation :
$ apt update && apt upgrade
$ apt install git
$ apt install curl
$ git clone https://github.com/thelinuxchoice/sqliscan
$ cd sqliscan
$ chmod +x *
usage :
$ ./sqliscan.sh
Now enter your dorks it will start collecting all vulnerable sites related to your dork and also these sites saved in saved.txt file.


Commix

Automated All-in-One OS command injection and exploitation tool
can be used from web developers, penetration testers or even security
researchers in order to test web-based applications
with the view to find bugs, errors or vulnerabilities
related to command injection attacks.

Installation :
$ apt update && apt upgrade
$ apt install git
$ apt install python2
$ git clone https://github.com/commixproject/commix
$ cd commix
$ chmod +x *
usage :
$ python2 commix.py
Now it shows how you can use this too..
$ python2 commix.py -h
it shows all options...
$ python2 commix.py -u site.com
it shows all information....


WPSeku

wpseku = wordpress security scanner
we can find vulnerabilities in wordpress sites this is very usefull tool

Installation :
$ apt update
$ apt upgrade
$ apt install git
$ apt install python2
$ apt install python
$ git clone https://github.com/m4110k/WPSeku
$ cd WPSeku
$ chmod +x *
$ pip install -r requirements.txt
usage :
python wpseku.py
Here all options are present to use this tool
example :
$ python wpseku.py --url http:target.com

RouterSploit

RouterSploit Framework = scan the routers devices and check the vulnerabilities of Routers/Devices
and exploits by the using frameworks
it consists of many more powerful modules for penetration testing operations RouterSploit.

Installation :
Execute these commands one by one.
$ apt update
$ apt upgrade
$ apt install python
$ apt install python2
$ git clone https://github.com/reverse-shell/routersploit.git
$ cd routersploit
Now install These all packages step by step :
$ pip2 install -r requirments-dev.txt
$ pip2 install -r requirments.txt
$ pip2 install request
$ pip2 install requests
Run routersploit:
python2 rsf.py
rsf> show all
it's shows all modules of rotersploit
rsf> use [module name]
it shows how you can use that module


Nikto Web Server Scanner

Nikto web server scanner
Nikto is a web server assessment tool.
It is designed to find various default and insecure files,
configurations and programs on any type of web server 

Installation :
$ apt update && apt upgrade
$ apt install git
$ apt install perl
$ git clone https://github.com/sullo/nikto
$ cd nikto
$ chmod +x *
usage :
perl nikto.pl -H
it shows all options how you can use this tool


Credmap

Credmap is an open source tool that was created to
bring awareness to the dangers of credential reuse.
It is capable of testing supplied user credentials
on several known websites to test if the password
has been reused on any of these

Installation
update && apt upgrade
$ apt install git
$ apt install python2
$ apt install python
$ git clone https://github.com/lightos/credmap
$ cd credmap
$ chmod +x *
usage :
$ $ python2 credmap.py -h
It shows all options to use this tool
$ python2 credmap.py --username king --email king56@email.com
king = is username of email
king56@email.com = this is email to check


 











Comments

Post a Comment

Popular posts from this blog

Image & Video GPT Models

What GPT is good for image generation of personal pics? Sources:  whatplugin.ai  (1)  featuredgpts.com  (2)  semrush.com  (3)  whatplugin.ai  (4) Sure, I can help you with that! Based on my knowledge, there are several GPTs (General Purpose Technologies) that are good for image generation of personal pics. Here are a few: DeepArt : This GPT uses a technique called style transfer to turn your photos into works of art in the style of famous artists. DeepDreamGenerator : This GPT uses Google's DeepDream AI to transform your photos into dream-like images. Runway ML : This GPT is a creative toolkit powered by machine learning that allows you to create images, videos, and 3D content. It's user-friendly and doesn't require any coding knowledge. Daz 3D : This GPT is a bit different - it's a 3D modeling application that allows you to create realistic human figures and environments. You can use it to create personalized 3D portraits or scenes. GANPaint Stud...
Read more

The science of external controls.

The science of external controls THE SCIENCE OF EXTERNAL CONTROLS A - MONITORING (ASSET CONTROL) Every intelligence service since time began has sought methods of owning people and ensuring they stayed loyal. Two of 13 Illuminati families who are known to have developed extremely well-run bloodline intelligence groups are the Li family and the Rothschild family. The Li’s  family started its Chinese intelligence back in 1400 A.D. They had already been an ancient Chinese aristocratic family for many centuries prior to this. Some of their techniques for their agents were state of the art mind control techniques. The Rothschild’s personal spy network and their own mail service was known to be superior to the national european governments during the 19th century. Traditional spycraft has involved the ability to recruit and keep agents loyal. The professional spook manipulates his recruits for a living. He becomes adept at controlling people. For thousands of years, spy operations have h...
Read more