Dradis is a tool to help in the process of penetration testing. Penetration testing is about information:
Information discovery
Exploit useful information
Report the findings But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available
in an effective way will result in exploitation oportunities lost and the overlapping of efforts.
http://dradisframework.org
Sunday, 21 September 2014
Dradis
How to find out if the login site u just received is real or just a phishing site
step one look at the URL does it seem legit?
Step two look at the source code ,if the password u type in is set to get instead of post u might be worried
step three look the URL/
domain up on a website or use nslookup this is a great way if u get a link from an unknown source telling u to login somewhere
Monday, 15 September 2014
20 Hacking Forums !!!
1. Hack This Site!
-Provides realistic challenges which allow
you to practice your cracking skills in a safe,
legal environment.
2. Hack-tech
-Cover hacking, infosec and network security.
-Topics like firewalls, encryption and
malicious software are also available.
3. Hack Hound
-Learn about programming, malware
analysis, windows security and server
security.
4. Binary Revolution Forums
-Offers gallery, blog, download on hacking
resources.
find
-Learn about exploits, Shellcode,
vulnerability reports, 0days, remote exploits,
local exploits, security articles, tutorials and
more.
6. Blackhat Forums - Underground Hacking
and Security Community
-Claims to be the best IT Security/Hacking
community on the Internet.
7. InterN0T - Underground Security Training
-Free Community on hacking, exploiting,
security, pentesting, programming Languages
etc.
8. Crackmes.de
-Claims to be the most complete Crackmes
web page on the internet.
9. h4cky0u.org
-Cover every possible aspect of hacking and
network, information security.
10. Darknet
-Learn about eEthical hacking, penetration
testing and computer security.
11. CrackingForum
-Latest cracking programs and crack tutorials
are available here.
12. r00tsecurity
-Topics like hacking, infosec and network
security are discussed in detail.
-A huge collection of tutorials, articles,
books, guides and tools make it a worthy try.
13. The Ethical Hacker Network
-Free online magazine for the security
professional.
14. CyberTerrorists
-Discussions on latest exploits, scripts, latest
softwares, music , movies , and other
neccesary things.
15. LeetCoders
-Organisation of programmers and IT
enthusiasts who want to learn programming.
16. rohitab.com
-Programming, security, reverse enginnering,
viruses, web development etc are discussed.
17. DragonSoft Vulnerability DataBase
-It's one of the top global information
security expert organisations.
18. AV Hackers
-Rapidly growing hacking forum.
19. PAK Bugs
-Learn about bugs, security, scripts, shells,
shell codes, hackers, programming, graphics,
msn hacking, hacking software,warez,hacking
tools,yahoo! hacking and more.
20. Uber Forums
-Download hacking tools, cracks and
exploits.
Sunday, 14 September 2014
Becoming a software developer,
Becoming a software developer, also known as
a computer programmer, you'll be playing a
key role in the design, installation, testing and
maintenance of software systems. The
programs you create are likely to help
businesses be more efficient and provide a
better service.
Based on your company’s particular
requirements, you might be responsible for
writing and coding individual programmes or
providing an entirely new software resource.
The specifications you’ll work on will often
come from IT analysts.
Software developers are employed across
virtually all industry sectors, from finance and
retail to engineering, transport and public
organisations, so the projects you work on can
be highly varied.
Sometimes you may also use ‘off the shelf’
software. Requiring you to modify and
integrate this into an existing network to meet
the needs of the business.
As a software developer, your list of tasks can
include:
• Reviewing current systems
• Presenting ideas for system improvements,
including cost proposals
• Working closely with analysts, designers and
staff
• Producing detailed specifications and writing
the program codes
• Testing the product in controlled, real
situations before going live
• Preparation of training manuals for users
• Maintaining the systems once they are up
and running
Opportunities
Currently, about a third of IT jobs are in
development and programming and you can
become a software developer across virtually
all industry sectors. So if you have a particular
area of interest, there's a chance you can work
in a suitable industry.
In a typical progression path, you could be
promoted to senior or principal developer and
from there to project manager. Alternatively,
you could chose to move into a related field of
technology, like systems design, IT architecture
and business systems analysis.
If you’re keen to work for yourself, there is a
chance you could work as a freelancer or
consultant, giving you increased working
flexibility. Overseas work is also available for
those interested in seeing more of the world
and working in a range of locations.
Required skills
Knowledge of programming skills is a
prerequisite. However, the particular language
will depend on the requirements of the specific
company. Becoming a software developer, also known as
a computer programmer, you'll be playing a
key role in the design, installation, testing and
maintenance of software systems. The
programs you create are likely to help
businesses be more efficient and provide a
better service.
Based on your company’s particular
requirements, you might be responsible for
writing and coding individual programmes or
providing an entirely new software resource.
The specifications you’ll work on will often
come from IT analysts.
Software developers are employed across
virtually all industry sectors, from finance and
retail to engineering, transport and public
organisations, so the projects you work on can
be highly varied.
Sometimes you may also use ‘off the shelf’
software. Requiring you to modify and
integrate this into an existing network to meet
the needs of the business.
As a software developer, your list of tasks can
include:
• Reviewing current systems
• Presenting ideas for system improvements,
including cost proposals
• Working closely with analysts, designers and
staff
• Producing detailed specifications and writing
the program codes
• Testing the product in controlled, real
situations before going live
• Preparation of training manuals for users
• Maintaining the systems once they are up
and running
Opportunities
Currently, about a third of IT jobs are in
development and programming and you can
become a software developer across virtually
all industry sectors. So if you have a particular
area of interest, there's a chance you can work
in a suitable industry.
In a typical progression path, you could be
promoted to senior or principal developer and
from there to project manager. Alternatively,
you could chose to move into a related field of
technology, like systems design, IT architecture
and business systems analysis.
If you’re keen to work for yourself, there is a
chance you could work as a freelancer or
consultant, giving you increased working
flexibility. Overseas work is also available for
those interested in seeing more of the world
and working in a range of locations.
Required skills
Knowledge of programming skills is a
prerequisite. However, the particular language
will depend on the requirements of the specific
company. Among the skills employers will look
for are:
Knowledge of programming skills are a given if
you want to get into software development.
You'll need to be comfortable with web-based
programs, as well as traditional programs like
Java and Visual Basic.
The key skills to play up when you're looking
for a job as a software developer are as
follows:
• Expertise in current computer hardware and
software
• Ability to use one or more development
language (C++, PHP, HTML, etc.)
• Strong communication skills
• Ability to work in a team
• Eye for detail and identifying problems
• An understanding of business
• Analytical and commercial experience
Entry requirements
Most employers will expect you have to have a
relevant computing qualification or degree,
however there are companies that run trainee
programmes for those with AS levels.
If you have a degree, but it’s not related to IT,
you could apply for a graduate trainee scheme,
or take a postgraduate conversion course to
build up the relevant skills.
Some of the most sought after skills by
employers include Java, C++, Smalltalk, Visual
Basic, Oracle, Linux and .NET. PHP are also
becoming increasingly in demand.
Training
It’s essential that you stay up to date with the
fast paced IT industry as new developments are
always appearing. Many organisations may
offer a training programme to keep you
updates on the latest movements within the
industry, particularly relating to the business’
requirements and resources.
At a junior level, you could learn many skills
from more senior programmers and/or go on
external courses to boost your personal skills.
Much of this training will be focused on
programming, systems analysis and software
from recognised providers including the
British Computer Society, e-skills, the Institute
of Analysts and Programmers and the Institute
for the Management of Information Systems.
All the software vendors, including Microsoft
and Sun run accredited training too.
Hours and environment
In most cases you’ll be working 37 to 40 hours
a week, but when deadlines have to be met,
you can be required to working longer and
later hours or at weekend.
Traveling may be involved, depending whether
you work in house or for a range of clients. If
you do work for clients, it’s likely you’ll have
to visit their sites and spend the majority of
your time on their premises. If they're far
away, it may be necessary to work away from
home for a period of time. Thanks to various
technological advances, there’s also the
possibility of working remotely from home if
you’re self-employed or your company allows
it.
Average salary
As a graduate you'll probably start earning
around £20,830 to £25,770. At management
level, your pay is likely to increase to £26,000
to £70,000, or even higher with bonuses.
Many of the roles are positioned in London
and tend to offer higher salaries.
Knowledge of programming skills are a given if
you want to get into software development.
You'll need to be comfortable with web-based
programs, as well as traditional programs like
Java and Visual Basic.
The key skills to play up when you're looking
for a job as a software developer are as
follows:
• Expertise in current computer hardware and
software
• Ability to use one or more development
language (C++, PHP, HTML, etc.)
• Strong communication skills
• Ability to work in a team
• Eye for detail and identifying problems
• An understanding of business
• Analytical and commercial experience
Entry requirements
Most employers will expect you have to have a
relevant computing qualification or degree,
however there are companies that run trainee
programmes for those with AS levels.
If you have a degree, but it’s not related to IT,
you could apply for a graduate trainee scheme,
or take a postgraduate conversion course to
build up the relevant skills.
Some of the most sought after skills by
employers include Java, C++, Smalltalk, Visual
Basic, Oracle, Linux and .NET. PHP are also
becoming increasingly in demand.
Training
It’s essential that you stay up to date with the
fast paced IT industry as new developments are
always appearing. Many organisations may
offer a training programme to keep you
updates on the latest movements within the
industry, particularly relating to the business’
requirements and resources.
At a junior level, you could learn many skills
from more senior programmers and/or go on
external courses to boost your personal skills.
Much of this training will be focused on
programming, systems analysis and software
from recognised providers including the
British Computer Society, e-skills, the Institute
of Analysts and Programmers and the Institute
for the Management of Information Systems.
All the software vendors, including Microsoft
and Sun run accredited training too.
Hours and environment
In most cases you’ll be working 37 to 40 hours
a week, but when deadlines have to be met,
you can be required to working longer and
later hours or at weekend.
Traveling may be involved, depending whether
you work in house or for a range of clients. If
you do work for clients, it’s likely you’ll have
to visit their sites and spend the majority of
your time on their premises. If they're far
away, it may be necessary to work away from
home for a period of time. Thanks to various
technological advances, there’s also the
possibility of working remotely from home if
you’re self-employed or your company allows
it.
Average salary
As a graduate you'll probably start earning
around £20,830 to £25,770. At management
level, your pay is likely to increase to £26,000
to £70,000, or even higher with bonuses.
Many of the roles are positioned in London
and tend to offer higher salaries.
Saturday, 13 September 2014
Web Application Penetration Testing Tool 2
OWASP Zed Attack Proxy Project
The Zed Attack Proxy (ZAP) is an easy to use
integrated penetration testing tool for
finding vulnerabilities in web applications.
It is designed to be used by people with a
wide range of security experience and as
such is ideal for developers and functional
testers who are new to penetration testing.
ZAP provides automated scanners as well as a
set of tools that allow you to find security
vulnerabilities manually
Some of ZAP’s features:
Intercepting Proxy
Automated scanner
Passive scanner
Brute Force scanner
Spider
Fuzzer
Port scanner
Dynamic SSL certificates
API
Beanshell integration
Some of ZAP’s characteristics:
Easy to install (just requires java 1.6)
Ease of use a priority
Comprehensive help pages
Fully internationalized
Under active development
Open source
Free (no paid for ‘Pro’ version)
Cross platform
Involvement actively encouraged
Web Application Penetration Testing Tool 1
Arachni
Arachni is a feature-full, modular, high-
performance Ruby framework aimed towards
helping penetration testers and
administrators evaluate the security of web
applications.
Arachni is smart, it trains itself by learning
from the HTTP responses it receives during
the audit process.
Unlike other scanners, Arachni takes into
account the dynamic nature of web
applications and can detect changes caused
while travelling
through the paths of a web application’s
cyclomatic complexity.
This way attack/input vectors that would
otherwise be undetectable by non-humans
are seamlessly handled by Arachni.
Finally, Arachni yields great performance due
to its asynchronous HTTP model (courtesy of
Typhoeus).
Thus, you’ll only be limited by the
responsiveness of the server under audit and
your available bandwidth.
Note: Despite the fact that Arachni is mostly
targeted towards web application security, it
can easily be used for general purpose
scraping, data-mining, etc with the addition
of custom modules.
Sounds cool, right?
Features:
Helper audit methods:
For forms, links and cookies auditing.
A wide range of injection strings/input
combinations.
Writing RFI, SQL injection, XSS etc modules
is a matter of minutes if not seconds.
Currently available modules:
Audit:
SQL injection
Blind SQL injection using rDiff analysis
Blind SQL injection using timing attacks
CSRF detection
Code injection (PHP, Ruby, Python, JSP,
ASP.NET)
Blind code injection using timing attacks
(PHP, Ruby, Python, JSP, ASP.NET)
LDAP injection
Path traversal
Response splitting
OS command injection (*nix, Windows)
Blind OS command injection using timing
attacks (*nix, Windows)
Remote file inclusion
Unvalidated redirects
XPath injection
Path XSS
URI XSS
XSS
XSS in event attributes of HTML elements
XSS in HTML tags
XSS in HTML ‘script’ tags
Recon:
Allowed HTTP methods
Back-up files
Common directories
Common files
HTTP PUT
Insufficient Transport Layer Protection for
password forms
WebDAV detection
HTTP TRACE detection
Credit Card number disclosure
CVS/SVN user disclosure
Private IP address disclosure
Common backdoors
.htaccess LIMIT misconfiguration
Interesting responses
HTML object grepper
E-mail address disclosure
US Social Security Number disclosure
Forceful directory listing
http://www.arachni-scanner.com/