Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner

Damn Small SQLi Scanner (DSSS): A Fully Functional SQL Injection Vulnerability Scanner 

As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

Sample runs

$ python dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
by: Miroslav Stampar (@stamparm)

Usage: 

dsss.py [options]

Options:

  --version          show program's version number and exit
  -h, --help         show this help message and exit
  -u URL, --url=URL  Target URL (e.g. "http://www.target.com/page.php?id=1")


--data=DATA        POST data (e.g. "query=test")
  --cookie=COOKIE    HTTP Cookie header value
  --user-agent=UA    HTTP User-Agent header value
  --referer=REFERER  HTTP Referer header value
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")
$ python dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.2o
 by: Miroslav Stampar (@stamparm)

* scanning GET parameter 'artist'
 (i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
 (i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

Requirements

Python version 2.6.x or 2.7.x is required for running this program.

Download DSSS

NILI: A Tool For Network Scan, Man in the Middle, Protocol Reverse Engineering And Fuzzing

NILI: A Tool For Network Scan, Man in the Middle, Protocol Reverse Engineering And Fuzzing

Installing

Here is some Instructions for Installing Prerequisites, Select Proper Instructions for your Operating System.

Unix-like

1- Install Python3 and pip:

$ sudo apt-get install python3
$ sudo apt-get install python3-pip

2- Install Scapy:

$ cd /tmp
$ git clone https://github.com/phaethon/scapy

$ cd scapy
$ sudo python3 setup.py install

3- Install Netzob:

$ git clone https://dev.netzob.org/git/netzob
$ cd ./netzob/
$ sudo apt-get install python3 python3-dev python3-setuptools build-essential
$ python3 setup.py install
$ python3 -m pip install bintrees --upgrade

Windows

1- Install python3

2- Install Scapy:

2-1- Install Winpcap
2-2- Install Scapy3k

python -m pip install scapy-python3

3- Install Netzob

Download

SweetSecurity - Network Security Monitoring on Raspberry Pi Type Devices

SweetSecurity - Network Security Monitoring on Raspberry Pi Type Devices

Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.

Installation:

sudo python setup.py

Follow prompts to enter appropriate information for chosen installation type

Installation Types

• Full Install: This will install Bro IDS, Critical Stack (optional), Logstash, Elasticsearch, Kibana, Apache, and Sweet Security Client/Server. Choose this option ONLY if you have 2GB of memory or more.
• Sensor Only: This will install Bro IDS, Critical Stack (optional), Logstash, and Sweet Security Client
• Web Server Only: This will install Elasticsearch, Kibana, Apache, and Sweet Security Server

New Functionality:

• Modularized Installation - Choose to deploy all the tools on one device, or split among multiple for better performance.

1. Full Install - Deploy Bro IDS, Critical Stack, Elasticsearch, Logstash, Kibana, Apache, and Sweet Security
2. Sensor Install - Deploy Bro IDS, Critical Stack, Logstash, and Sweet Security
3. Web Admin Install - Deploy Elasticsearch, Kibana, and Apache

• ARP Spoofing - Full code to monitor all network traffic out of the box without network changes.
• Complete Bro Log Support - All Bro log files are now normalized by Logstash
• Kibana Content - Searches, Visualizations, and Dashboards are now included
• Architecture Support - Now supports installing on non ARM architectures
• Custom NMAP Pre-Fix - updated NMAP pre-fixes based on the IEEE OUI list
• Web Administration - apache/flask based web administration to manage known devices and system health

Prerequisites

Most of the dependencies will be installed during installation. However you will need to make sure these are followed before trying to install the code.

Supported Operating Systems

• Raspbian Jessie
• Debian Jessie
• Ubuntu 16.04

Supported Hardware

• RaspberryPi 3
• x86
• x86_64

System Requirements

• ARM, x86, or x86_64 CPU
• 2GB RAM
• 8GB Disk Storage
• 100 MB NIC (Recommended 1GB) Note: 2GB of storage is required while the Raspberry Pi 3 only has 1GB. The code can be split to run on two devices, such as two Raspberry Pi's or a Raspberry Pi and AWS.

Fixes:

• Optimized Logstash Config
• Updated Bro IDS to 2.5.1
• Updated Logstash to version 5.5.1
• Updated Elasticsearch to version 5.5.1
• Update kibana to version 5.5.1

Download SweetSecurity

RastLeak Tool To Automatic Leak Information Using Hacking With Search Engine

RastLeak: Tool to automatic leak information using Hacking with Search Engines

How to install

Install requirements with:

pip install -r requirements.txt

#How to use:

python rastleak.py

The last stable version is rastleak.py

$python rastleak.py -h

Usage: rastleak.py [-h] -d DOMAIN -o OPTION -n SEARCH -e EXT [-f EXPORT]

This script searchs files indexed in the main searches of a domain to detect a possible leak information

Optional Arguments:

-h, --help show this help message and exit

-d DOMAIN, --domain DOMAIN


The domain which it wants to search

-o OPTION, --option OPTION

                    Indicate the option of search
                  
                     1.Searching leak information into the target
                     2.Searching leak information outside target

-n SEARCH, --search SEARCH

                    Indicate the number of the search which you want to do

-e EXT, --ext EXT Indicate the option of display:

                     1-Searching the domains where these files are found
                     2-Searching ofimatic files

-f EXPORT, --export EXPORT

                    Indicate the type of format to export results.
                  
                     1.json (by default)
                     2.xlsx              

Download RastLeak