Thursday, 6 June 2013

OWASP MANTRA SECURITY TOOLKIT - GANDIVA BETA 0.61

OWASP MANTRA SECURITY TOOLKIT - GANDIVA BETA 0.61



Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.


HACK PACK 33 HACKING TOOLS PACK

HACK PACK 33 HACKING TOOLS PACK




1-ACT Anti Phishing 2006
Crack search engine 1
DLLs Essential Tools AIO (pass: When-You-Say)
Gabri3l
hack attack ebook
Hacking cat1Q
Hacking section
Hacking tutorials
How Stuff Works (pass: samonvn)
ISO AIO (pass: O__iapS525uyOOOLK2*/Z)
Loads of cracks & serials
PHP5 For Dummies-RiPPED
ping 1 7 5
Ports Utilities AIO (pass: PU_PACHINO)
TMDozen (pass: TMDAIO-TPachino)
Tons of keygens
Unhackme.v3.0.3, Rootkits remover
WingateTest
WTF.TK.2006 (pass: no_more_gates)
XP hack


CAT BETA 4.0 PENTESTING TOOL

CAT BETA 4.0 PENTESTING TOOL



CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available both commercially and open source, but CAT provides a richer feature set and greater performance, combined with a more intuitive user interface.


WEB APPLICATION HACKING BASICS

WEB APPLICATION HACKING BASICS



In this following post we will have a little basicunderstanding about web application and web application hacking. Now before our discussion on what is web application hackinglets understand first what a web application is? A web application is application which can be accessed over Internet or Intranet. Usually a term web application is used for a computer application hosted over a web server which can be accessed using web browser.The main motive of a web application is to give more functionality than just a website. Webmails, database, login forms, flash scripts, Java scripts and applets, discussion boards, guest books, blogs including blogger and word-press all are examples of web applications.


A web application works on principle of client/server architecture where a web browser usually acts as a client and web server acts as application server. In early days usually Java was held as programming language for web application development but things are changed with time. All web applications are designed to perform some specific task or job in a possible easier way like online shopping, banking, social networking(even facebook is a web app), mailing and even sharing of information in an interactive way. Since there are several types of web applications it’s still little problematic situation to classify them on basis of application, vulnerability and threat level. But most commonly web application related threats can be classified as follows,


Cross Site Scripting (XSS) Attacks
SQL Injection
Command Injection
Cookie Attacks
Parameter/Form Tampering
Buffer Overflow
Directory Transversal
Cryptographic Authentication Attack or SSL Attack
Platform Exploiting
File Inclusion


Few of above are still under controversy about getting included as web application threat. By the way as you can see list is long and we will surely spend a lot of time understanding and creating countermeasure to them. There some other basic things too to consider before we move towards real web application hacking but we will cover them next time. Till then thanks for reading, have a nice time and keep visiting.