'Crawling'에 해당되는 글 2건
2012. 3. 31. 23:56
Domain SQL Injector - Find SQL Injection on all sites hosted on server
2012. 3. 31. 23:56 in 모의해킹 (WAPT)

트윗하기 | |||
Hey Guys,
Sharing a private python script - "Domain SQL Injector - Error Based SQLi Tool"
The script has following features:
1. Crawling : it can crawl all or requested number of pages on a website
2. Reverse IP Look Up : it can find all sites hosted on a shared hosting server
3. Single-Mode Attack : Crawl and find SQLi on single website and report
4. Mass-Mode Attack : Find all sites hosted on domain, crawl one-by-one, find SQLi on each one-by-one and report
5. Targets could be skipped while crawling if found too big or irrelevant. Though the script can not be paused but could be skipped to target next site.
The script was developed as part of a Penetration Test assessment where Mass-Mode attack was required per clients request.
The Banner
Code:
# ./Domain-SQLi-finder.py

트윗하기 | |||
This demo shows how the AJAX Crawling Tool can be used in conjunction with your favorite proxy to fully enumerate and test AJAX applications. The purpose of the video is to:
1) Demonstrate how traditional spidering tools do not enumerate entire applications
2) How to run a basic ACT session and attacking it's findings using a proxy
출처 : owasp.org
출처 : owasp.org