-
-
DOMScan (Beta)
DOMScan - Scanning and Analyzing DOM -
DOMScan is utility to drive IE and capture real time DOM from the browser. It gives access to active DOM context along with JavaScripts. One can observe the DOM in detail using this utility. It has predefined rules to scan DOM. One can run the scan on existing DOM and fetch interesting entry points and calls. It allows tracing through JavaScript variables as well. Using this utility one can identify following vulnerabilities.
• DOM based XSS
• DOM based vulnerable calls
• Source of abuse and external content loading methods
• Possible DOM logic and business layer calls
• Same Origin Bypass calls and usage
• Mashup usage inside DOM
• Widget Architecture review using the tool
XAPScan (Beta)
Silverlight Application Scanning and Analysis -
XAPScan is a tool to dissect and understand RIA-based applications written using Microsoft's Silverlight technology. A Silverlight application creates a XAP file and includes DLLs and other configuration files. It is imperative to understand client side code and to discover possible vulnerabilities associated with it. This tool dissects a XAP file and helps in analyzing its contents:
• Uncompresses the XAP file to extract package details
• Analyze cross domain and client access policy
• Dissemble files using ILDASM and perform searches
• Parses the config file to identify back-end entry points
DOMTracer (Beta)
DOMTracer - Firefox Plugin (Trace DOM and JavaScript Calls) -
The DOM as seen in all the aforementioned cases needs to be analyzed in many aspects. Run-time analysis of the DOM/JavaScript is vital and aids one to look at the calls made during the ‘dynamic DOM manipulation’. The DOMTracer is a Firefox Extension for this same purpose. It has been written using the standard method of writing extensions using the XUL platform and the JavaScript language in majority. This is in beta and we are working on new features.
AppCodeTrace (Beta)
Real Time .NET Assembly Instrumentation and Tracer -
AppCodeTrace enables the profiling of a managed .NET target application. It is a command line tool that traces the execution of .NET compiled assemblies (.DLL or .EXE binaries) by investigating classes that represent the assembly and its modules, types, methods, properties and fields, and the behavior of function calls and the order in which functions are invoked from the main function.
To display the filename, line number and column number of functions, AppCodeTrace must have access to the symbol (.PDB) files for the target application that is to be analyzed. A program database (PDB) file holds debugging and project state information, such as line numbers, source code file information and sequence points.
AppCodeTrace helps you understand the behavior of functions invoked within an assembly, even when .PDB files are not available, by retrieving the Intermediate Language (IL) code and instrumenting it. A backup of the target application is created in the backup directory prior to profiling the target application. -
ScanDroid reverse engineers an Android application, scans through the code and detects possible vulnerabilities for application testing. It points out some interesting calls. We can then decide whether these calls are secure or not. ScanDroid runs on Ruby. With ScanDroid you can:
• Extract all the files from the APK file
• Convert the files to readable xml formats and the classes to .smali format.
• Convert classes.dex file to separate .class files
• Convert .class files to readable java code.
• Check the code for possible vulnerabilities.
• Check the androidmanifest.xml for additional information.
For more information read an article over (net-security.org)
Analyzing and dissecting Android applications for security defects and vulnerabilities
Binging(Beta)
Binging - Footprinting and Discovery Tool -
Binging is a simple tool to query Bing search engine. It will use your Bing API key and fetch multiple results. This particular tool can be used for cross domain footprinting for Web 2.0 applications, site discovery, reverse lookup, host enumeration etc. One can use various different directives like site, ip etc. and run queries against the engine. On top of it tool provides filtering capabilities so you can ask for unique URLs or hosts. It is also possible to filter results by applying power of regular expression. Get your Bing API key and use this tool for your audit, assessment and research.
View more documents from Blueinfy Solutions.
Web2Fuzz (Beta)
Web 2.0 Application Auto Fuzzing tool
This tool helps in fuzzing next generation application running on Web/enterprise 2.0 platform. It can be used with Web2Proxy by harvesting JSON, XML, JS-Object etc. from already profiled HTTP requests. Adding various fuzz loads and injecting them into particular request. One can encode fuzz load in various forms to pollute/poison Web 2.0 streams. It is possible to analyze responses by using various techniques like response behavior, stream structure or patterns. Tool contains sample payload and pdf/slides can help you in giving better understanding of its behavior.View more documents from Blueinfy Solutions.
Web2Proxy (Beta)
Web 2.0 Application Proxy, Profiling and Fuzzing tool
This tool helps in assessing next generation application running on Web/enterprise 2.0 platform. It profiles HTTP requests and responses at runtime by configuring it as proxy. It identifies structures like JSON, XML, XML-RPC etc. along with key HTTP parameters like cookie, login forms, hidden values etc. Based on profile one can take decision to trap and fuzz requests to identify potential vulnerabilities. This tool needs .NET framework and tested on Windows platform. We are adding several new features to upcoming edition.
AppPrint (Beta)
Web, Application Server and Web 2.0 Fingerprinting tool (Beta)
AppPrint scans IP range, IP or host for Web and Application servers. It scans port 80 for a particular target and tries to deduce the banner using httprint methodology. This gives best guessed banner for Web Server. In next step it uses method of forced plug-in invoke and scan for application server type. At this point it tries to fingerprint Tomcat, WebLogic, WebSphere, Orion, ColdFusion and Resin. It also fingerprints Web 2.0 libraries and components. It requires .NET framework installed. In future version we will build several other technology mapping and fingerprinting technologies like Flash, Laszlo etc. Also, planning to add WAF fingerprinting module.
View more presentations from Blueinfy Solutions.
ScanEx (Beta)
ScanEx - Scanning for iframe and script Injections and External References (Beta)
This is a simple utility which runs against target site and look for external references and cross domain malicious injections. There are several vulnerable sites which get manipulated with these types of injections and compromised. The site gets registered with stopbadware and other databases as well. This tool helps in doing initial scanning to look for obvious injections. At this point it is looking into iframe and script tags as defined in regex file.
web2wall
Web Application/Services Firewall - IHTTPModule for Web 2.0 application
Microsoft‘s .Net framework includes two interfaces - IHTTPModule and IHTTPHandler. These two interfaces can be leveraged to provide application-level defense customized to application-level, folder-level or variable-level. This can act as the first line of defense, before any incoming request touches the Web application source code level. This is Web application defense at the gates, for the .Net framework on IIS.
Web2wall is a simple binary module which can be loaded in your Web 2.0 applications. You can defend your application layer code by using regex patterns; this can help in filtering XML and JSON streams. This tool is in beta and more features will be added with time. We will resolve bugs to make the module much more robust.
AppCodeScan 1.2
Application Code Scanning and Tracing tool
Update - 24th June
This tool is designed to help in performing whitebox testing. During whitebox testing one needs to scan complete application code for various different vulnerabilities like XSS, SQL injection, Poor validations etc. It is possible to discover these vulnerable points using this tool and one can follow code walking across the code base to trace this vulnerability.This tool works on following two areas:
Code Scanning - One needs to feed target code folder, rules pattern in regex (sample is provided for ASP) and list of file extension to scan. The tool will take this information and run against the target folder with depth of three (3) and scan each line for matching pattern. If pattern is found then it will report that line in the tool.
Code Walker - This little utility would help in walking across the code base and find variable or function. This will help to trace variables and their entire path in the large code base. This utility would help in negating false positives from the identified pattern.
This tool runs on .NET framework and still in initial beta state. We are working on it and more features will be added.
You can read on code scanning method written by Shreeraj Shah at Onlamp.
[Go to article]
wsScanner
Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool
wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool is having following utilities:
Discovery tool - By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.
Vulnerability detection - It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.
Fuzzing - This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.
UDDI scan - It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.
This tool is still in beta and we are planning to add some more features and support. Stay tuned for future releases as well.
scanweb2.0
Web 2.0 Fingerprinting, Scanning and Discovery tools
Scanweb2.0 is a set of ruby scripts which can help in assessing Web 2.0 applications. This is a start point for an assessment. Here is a list of things it can do:
Ajaxfinger - It helps in ajax framework fingerprinting, it is possible to identify frameworks like atlas, dojo, GWT etc using this script.
Flashfinger - One can scan a page for RIA component running with Flash and follow-up assessment is possible. It helps in fingerprinting Laszlo framework as well.
Scanajax - It scans for XSS entry points into JavaScripts and Web 2.0 applications. It is possible to trace these points and discover XSS.
Scanatlas - This script will scan page for atlas reference and discover hidden Web Services.
Urlgrep - This script will fetch all JavaScripts and look for hidden URLs residing in Web 2.0 applications.
AppMap
Application footprinting and mapping tool using MSN APIs
AppMap is very simple tool which runs against MSN using Web APIs over SOAP. It is a desktop based mashup application. One can do following things using it:
Application host footprinting - It uses ip switch to identify virtual hosts.
Application domain footprinting - It uses combination of site, inurl and linkdomain switches for fetching domain and crossdomain applications belongs to one parent domain.
Application crawling - It fetches all links belong to an application from MSN
Application fetching and searching - It runs rule based queries against MSN. One can build a set of rules and fetch the vulnerable URLs from MSN for a target application.
This tool is still in beta and we are planning to add some more features and support. Stay tuned for future releases as well.
