Wednesday 12 September 2012

Websecurify on BackTrack5


WebSecurify 
websecurify

Introduction 
  • Websecurify is an advanced testing solution built to quickly and accurately identify web application security issues.
Features


  • Available for all major operating systems (Windows, Mac OS, Linux) including mobile devices (iPhone, Android)
  • Simple to use user interface
  • Built-in internationalization support
  • Easily extensible with the help of add-ons and plugins
  • Moduler and reusable design based on the Weaponry Framework
  • Powerful manual testing tools and helper facilities
  • Powerful analytical and scanning technology

How to open Websecurify 

websecurify path

  • When you open this tool on backtrack 5 r2 , it display  a  message . (As shown below )
  • just click on OK and move to next step .
  • See the below image to see the message - 
websecurify message


websecurify scanner


  • When you click on the home shaped icon , this page will open ( shown below ) .
  • Here you have to enter the target url , which you want to scan for vulnerabilities.
  • See the below image for more details - 
websecurify : Enter your url here

  • Now , For testing websecurify tool  , I  used a demo website  named www.webscantest.com .
  • As you enter the url a warning will display , just click on I understand and click Continue button .
  • See the below image for more help -

websecurify warning


  • Now Websecurify Scanner started , it scan the whole website and display a report/result .
  • To see the report click the icon shown below - 
websecurify started


Result - 
  • Here I used a demo website to test the websecurify tool 
  • See the below image for result - 
websecurify XSS


websecurify : CRLI

Websecurift CSRF

websecurify Autocomplete

websecurify : banner disclosure


THIS IS HOW WE CAN USE THIS TOOL ON BACKTRACK 5 R2 
Posted by at 1 comment:

dnswalk on backtrack 5


DNSWALK
dnswalk

Introduction 
  • dnswalk is a DNS debugger. 
  • It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as for correctness according to accepted practices with the Domain Name System.
  • The domain name specified on the command line MUST end with a '.'
  • You can specify a forward domain, such as dnswalk pop.psu.edu. or a reverse domain, such as dnswalk 155.118.128.in-addr.arpa. 
What  is Zone Transfer ?
  • Zone Transfer is the term used to refer to the process by which the contents of a DNS Zone file are copied from a primary DNS server to a secondary DNS server.

OPTIONS

-f
Force a zone transfer from an authoritative nameserver. dnswalk normally will look in its saved 'axfr' file for each domain and use that. (if it exists, and the serial number has not increased)
-r
Recursively descend sub-domains of the specified domain. Use with care.
-a
Turn on warning of duplicate A records. (see below)
-d
Print debugging and 'status' information to stderr. (Use only if redirecting stdout) See DIAGNOSTICS section.
-m
Perform checks only if the zone has been modified since the previous run.
-F
perform "fascist" checking. When checking an A record, compare the PTR name for each IP address with the forward name and report mismatches. (see below)
-i
Suppress check for invalid characters in a domain name. (see below)
-l
Perform "lame delegation" checking. For every NS record, check to see that the listed host is indeed returning authoritative answers for this domain.
-D dir
Use dir as the directory to use for saved zone transfer files. Default is '.'.

How To Open dnswalk 
  • BackTrack > Information Gathering > Network Analysis > DNS Analysis > dnswalk  
  • See the below image for more details - 
dnswalk : How to open dnswalk

dnswalk


EXAMPLE 1 : Help Options 
  • See the below image for more details - 
dnswalk --help
EXAMPLE 2 : When Zone Transfer is Enabled 
  • Target Website -> listpk.com | Website Zone Transfer is enabled . 
  • See what happen when ZONE TRANSFER is enabled . 
  • See the below image for more details - 
dnswalk example
EXAMPLE 3: When Zone Transfer is disabled with -f option
  • -f option force a zone transfer from an authoritative nameserver. dnswalk normally will look in its saved 'axfr' file for each domain and use that. (if it exists, and the serial number has not increased)
  • The attempt FAILED and REFUSED by the server because by default these days zone transfers are set to disabled unless and until the admin enables it.
  • See the below image for more details - 
dnswalk -f
EXAMPLE 4 : dnswalk -i < domain >
  • Suppress check for invalid characters in a domain name.
  • See the below image for more deatils - 
dnswalk -i
EXAMPLE 5 : dnswalk -a < domain >
  • Turn on warning of duplicate A records. (see the below image )
  • See below image for more details - 
dnswalk -a
EXAMPLE 6 :./dnswalk -d < domain >
  • Print debugging and 'status' information to stderr. (Use only if redirecting stdout) See DIAGNOSTICS section.
  • See the below image for more details- 
dnswalk -d
EXAMPLE 7 : ./dnswalk -m < domain >
  • Perform checks only if the zone has been modified since the previous run.
  • See the below image for more details - 
dnswalk -m
EXAMPLE 8 : ./dnswalk -F < domain >
  • This option perform "fascist" checking. When checking an A record, compare the PTR name for each IP address with the forward name and report mismatches. (see below) .
  • See the below image for more details - 
dnswalk -F
EXAMPLE 9 : ./dnswalk -rfiadmFl < domain >
  • You can even use every options at once . As shown in the image below - 
  • See the below image for more details - 
dnswalk -rfiadmFl
EXAMPLE 10 : ./dnswalk -rfiadmFl < domain >
  • Save the result in dnslog.txt file . 
  • See the below image for more details - 
dnswalk -rfiadmFl save in a log file
THIS IS HOW WE CAN USE THIS TOOL . 
ITS A GREAT DNS ANALYSIS  TOOL . 
Posted by at 1 comment:
Subscribe to: Posts (Atom)