Aug 10, 2013

Tools: Pyew - Python Tool To Analyse malware

Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool.  

Source: https://code.google.com/p/pyew/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Aug 9, 2013

Tools: Nmap Script Detect DOM-XSS Vulnerability


DOM-based XSS occur in client-side JavaScript so this script basically greps
every page for common traces. You can read more about DOM-based XSS here
 
The script, by default, will crawl the target website. Otherwise, you can limit
the pages to grep with the singlepages option. 
 
./nmap -p80 -n -Pn --script http-dombased-xss.nse --script-args 'http-dombased-xss.singlepages={/foo}' 
some-very-random-page.com -d1


Source: http://seclists.org/nmap-dev/2013/q3/125

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Aug 8, 2013

Tools: RIPS - PHP Script to find vulnerability in PHP Application

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

Source: http://rips-scanner.sourceforge.net/ 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

OS: Linux Distro for mobile forensics, malware analysis, and security testing (Santoku)

Santoku, made by mobile forensics experts viaForensics, has three purposes (or perhaps we could call them pillars), which are Mobile Forensics, Mobile Forensics and Mobile Security

Source: http://www.concise-courses.com/security/linux-distro-for-mobile-forensics/ 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

PHP Application Security Checklist





Source: http://www.sk89q.com/content/2010/04/phpsec_cheatsheet.pdf

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |