WAppEx v2.0 : Web Application exploitation Tool
Tuesday, May 7, 2013
0
comments
WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.
The Exploit Database contains the all the logic associated with trivial fingerprinting, exploitation techniques, and payloads that address a wide range of web application vulnerabilities with the emphasis being on high-risk and zero-day vulnerabilities.
Some of the vulnerabilities already bundled within the Exploit Database include Local File Disclosure (LFD), Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx can detect these vulnerabilities in a target, take full advantage of it, and through neatly designed payload codes get as much access to the exploited target as possible in as short a time as possible. Some of the payloads included within the database are various reverse shells, arbitrary code execution, command execution, arbitrary file upload…
The full list features is as below:
- An exploit database covering a wide range of vulnerabilities.
- A set of tools useful for penetration testing:
- Manual Request
- Dork Finder
- Exploit Editor
- Hidden File Checker
- Neighbor Site Finder
- Find Login Page
- Online Hash Cracker
- Encoder/Decoder
- Execute multiple instances of one or more exploits simultaneously.
- Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
- Test a list of target URL’s against a number of selected exploits.
- Allows you to create your own exploits and payloads and share them online.
- A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
- Testing and exploiting of Local File Inclusion vulnerabilities
- Testing and exploiting of Local File Disclosure vulnerabilities
- Testing and exploiting of Remote File Inclusion vulnerabilities
- Testing and exploiting of SQL Injection vulnerabilities
- Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
- Testing and exploiting of Server-side Code Injection vulnerabilities
Categories:
Web Scanners
0 comments:
Post a Comment