+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Hacking Tools (https://sinister.ly/Forum-Hacking-Tools)
+--- Thread: [HC Official]Vulnerability Scanner (/Thread-HC-Official-Vulnerability-Scanner)
RE: [HC Official]Vulnerability Scanner - Psycho_Coder - 04-08-2013
Great tool bro, Does it checks vulnerability for xss too. If it can be upgraded for xss then it would be great tool.
RE: [HC Official]Vulnerability Scanner - The Alchemist - 04-08-2013
Yes, it checks for XSS too.
RE: [HC Official]Vulnerability Scanner - Uisu - 05-01-2013
Looks good, I want to try this tool.
RE: [HC Official]Vulnerability Scanner - 1llusion - 06-27-2013
Just came to my mind, why not upgrade the XSS detection level by using Rsnakes XSS cheat sheet? A lot of scanners do that (and euh... well.. I look for help there too...)
Here are the vectors with explanation: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
I think OWASP could help you with other vulnerabilities too
RE: [HC Official]Vulnerability Scanner - The Alchemist - 06-28-2013
(06-27-2013, 11:13 PM)1llusion Wrote: Just came to my mind, why not upgrade the XSS detection level by using Rsnakes XSS cheat sheet? A lot of scanners do that (and euh... well.. I look for help there too...)I'll try implementing it after learning...
Here are the vectors with explanation: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
I think OWASP could help you with other vulnerabilities too
Thanks.
RE: [HC Official]Vulnerability Scanner - hackarchives - 06-28-2013
False negatives will be encountered in websites which have any error code as a default content like some programming forums.
I suggest you take initial page content and page content after adding apostrophe(final page) and then compare. Approach can be like counting number of errors in initial page and final page and if number of errors encountered are more in final page than in initial page then , it is vulnerable.
PM me if you want my help and we can make a better version
RE: [HC Official]Vulnerability Scanner - The Alchemist - 06-28-2013
(06-28-2013, 10:49 AM)hackarchives Wrote: False negatives will be encountered in websites which have any error code as a default content like some programming forums.I'll keep this in mind too while making a later version of this Vulnerability Scanner.
I suggest you take initial page content and page content after adding apostrophe(final page) and then compare. Approach can be like counting number of errors in initial page and final page and if number of errors encountered are more in final page than in initial page then , it is vulnerable.
PM me if you want my help and we can make a better version
Thanks.
RE: [HC Official]Vulnerability Scanner - The Alchemist - 07-10-2013
(07-10-2013, 05:40 PM)kevin_n Wrote: i scanned my target with this script and also acunetix, but nothing foundedMaybe your target is very secure and bots are unable to find vulnerabilities.
any body can help me find a bug on the target?
i really need help cuz it's been 4month that i've been searchin arround but nothing i find up to now.
if anybody would like to help please pm me i'll send the my target.
thanks all you guys
RE: [HC Official]Vulnerability Scanner - The Alchemist - 07-10-2013
(07-10-2013, 05:40 PM)kevin_n Wrote: i scanned my target with this script and also acunetix, but nothing foundedMaybe your target is very secure and bots are unable to find vulnerabilities.
any body can help me find a bug on the target?
i really need help cuz it's been 4month that i've been searchin arround but nothing i find up to now.
if anybody would like to help please pm me i'll send the my target.
thanks all you guys
RE: [HC Official]Vulnerability Scanner - The Alchemist - 07-12-2013
(07-11-2013, 07:14 AM)Eks0 Wrote: Didn't think there was much of a market for things like this, but I may bring my automated XSS crawler over to this section.Sure, we'd be interested to see that too.