Jovius Academy

What Is WebInspect ?

WebInspect is a web application security scanning tool offered by HP. It helps the security professionals to assess the potential security flaws in the web application. WebInspect is basically a dynamic black box testing tool which detects the vulnerabilities by actually performing the attack. After initiating the scan on a web application, there are assessment agents that work on different areas of the application. They report their results to security engine which evaluates the results. It uses Audit engines to attack the application and determine the vulnerabilities. At the end of the scan you can generate a report called ‘Vulnerability Assessment Report’ which would list the security issues in desired format. Using this report, client can fix the issues and then go for validation scanning to confirm the same. HP WebInspect is a commercial tool and you need license to scan a web site. With the trail version you will be permitted to scan only zero.webappsecurity.com (HP demo site). So WebInspect basically comes into picture when the application is hosted in some environment (test/QA/production). As with every other tool there are both advantages and disadvantages associated with using WebInspect.

Advantages:

Saves time when dealing with large enterprise applications
Simulates the attack, shows the results and presents you with a comprehensive view.
It is not dependent on the underlying language.

Disadvantages:

It’s hard for any tool to find logical flaws, weak cryptographic storage, severity of the disclosed information etc.
It has a list of payloads that it uses on every web application. It does not use any wisdom in generating payloads depending on the type of application.
There could be false positives among the listed vulnerabilities.

Having said that, WebInspect scores high on many features and helps a great deal in providing scanning solutions.

What is OpenVAS?
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

OpenVAS has been developed and driven forward by the company Greenbone since 2006. As part of the commercial vulnerability management product family Greenbone Enterprise Appliance, the scanner forms the Greenbone Community Edition together with other open-source modules.

what is RainbowCrack?
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker tries all possible plaintexts one by one in cracking time. It is time-consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”.

What is L0phtcrack?
L0phtCrack, now known as L0phtCrack 6, is a password auditing and recovery tool designed to test password strength. It is sometimes used to retrieve lost Unix and Microsoft Windows passwords through brute-force, dictionary, rainbow tables and hybrid attacks. L0phtCrack 6 includes support for upgraded rainbow tables and 64-bit Windows platforms.

𝗠𝗮𝘆 𝘁𝗵𝗲 𝗯𝗹𝗲𝘀𝘀𝗶𝗻𝗴𝘀 𝗼𝗳 𝗘𝗶𝗱 𝗳𝗶𝗹𝗹 𝘆𝗼𝘂𝗿 𝗹𝗶𝗳𝗲 𝘄𝗶𝘁𝗵 𝗵𝗮𝗽𝗽𝗶𝗻𝗲𝘀𝘀, 𝗽𝗲𝗮𝗰𝗲, 𝗮𝗻𝗱 𝗽𝗿𝗼𝘀𝗽𝗲𝗿𝗶𝘁𝘆.😊😊

What is QualysGuard?
QualysGuard is the Qualys Cloud Platform. It integrates four key elements cloud agents, virtual scanners, and network analysis (passive scanning) capabilities into a single application.

It enables organizations to automatically discover every asset in their environment which includes unmanaged assets, inventory of all hardware and software, classify and tag critical assets. It continuously assesses assets for the latest vulnerabilities and prioritize actively exploitable vulnerabilities.

Once QualysGuard is configured to deliver events to Netsurion Manager; alerts, dashboards and reports can be configured into Netsurion.

What is Sboxr?
Sboxr is a tool for testing and debugging web applications, especially JavaScript heavy apps. Sboxr works by sitting in between the browser and the server and injecting it’s own JS code (called DOM sensor) that monitors the JS usage, sources, sinks, variable assignments, function calls etc. when the site is being used. It then presents, via its web console, a view of the various flows that user controlled data took in case the data ends up in an ex*****on sink.

Setting up Sboxr and Chrome
We used a Ubuntu 18.04 to setup our attack toolchain along with Chrome 72. The following steps will get you setup:

Obtain a licensed copy of Sboxr from the vendor website — https://sboxr.com/
Sboxr requires the .NET Core SDK to run which can be installed on Linux by following the instructions at https://dotnet.microsoft.com/download/linux-package-manager/ubuntu18-04/sdk-current. For Windows, follow the instructions at https://dotnet.microsoft.com/download
Once installed, start Sboxr by running dotnet Sboxr.dll
This will start the Sboxr web interface on port 3333 (for management and analysing discovered issues) and port 3331 will be the proxy port.
If you wish to chain Burp or other interception proxies, browse to http://localhost:3333/console and click on HTTP Sensor to set the IP address and port for an upstream proxy (Burp or OWASP ZAP for example).

What is Hashcat?
Hashcat is a popular and effective password cracker widely used by both pe*******on testers and sysadmins as well as criminals and spies.

Cracking passwords is different from guessing a web login password, which typically only allows a small number of guesses before locking your account. Instead, someone who has gained access to a system with encrypted passwords ("hashes") will often try to crack those hashes to recover those passwords.

Passwords are no longer stored in plaintext (or shouldn't be, anyway). Instead, passwords are encrypted using a one-way function called a hash. Calculating a password like "Password1" into a hash is lightning quick. What if all you've got is the hash? A brute-force attack to reverse the hash function and recover the password could be computationally infeasible. Like, until the heat death of the universe infeasible.

Luckily, or unluckily depending on your point of view, none of us is likely to live that long, but there are many ways to reverse a hash to recover the original password without resorting to a probably fruitless brute-force attack.

Enter hashcat.

It turns out humans are so predictable in their password choices that hashcat can often recover a password.

what is Angry IP Scanner?
Angry IP scanner is a very fast IP address and port scanner.

It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.

It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.

Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.

Subh Noboborsho! Wish you a contentful and prosperous year filled with love, peace, hope and joy. May the coming year usher all these goodies on you.

what is Zenmap?
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

What is Traceroute NG?
Traceroute NG, a standalone free tool that finds network paths and measures their performance. The original traceroute is one of the world's most popular network troubleshooting tools but it works poorly in today's networks.