security scanning tools

Fiddler plug-in, used to detect the existence of XSS vulnerability, in the Web page provided to the user input of the filter 9.exploit-me (Windows, Linux, Mac OS X)This is the Firefox plug-in, by Xss-me,sql Inject Me and Access-me These 3 components, when browsing the web will start detection, can detect XSS vulnerability, SQL injection vulnerability.10.WebScarab (Windows, Linux, Mac OS X)This is actually a proxy software, there are many functions, you can detect XSS cross-site scripting vulner

Powerful cryptographic tools in Spring Security 3.1 passwordencoderBlog Category: Security Spring SpringsecurityOK, this encryption mechanism is very complex, or to see better understanding:New Passwordencoder inheritance relationship in 3.1.0 versionAfter the Spring-security 3.1.0 release, the passwor

(in)-DLL injection and uninstallation, and then use this software to view and uninstall it: Figure 4 View and uninstall the DLL After practical tests, the program is feasible, which is also a powerful tool against malicious programs. VIII. Summary Two articles are discussed to complete a simple process manager. Although simple, it can also play a great role in many cases. Through the discussion in these articles, I believe that everyone has a certain understanding of the preparation of

Fiddler plug-in, used to detect the existence of XSS vulnerability, in the Web page provided to the user input of the filter 9.exploit-me (Windows, Linux, Mac OS X)This is the Firefox plug-in, by Xss-me,sql Inject Me and Access-me These 3 components, when browsing the web will start detection, can detect XSS vulnerability, SQL injection vulnerability.10.WebScarab (Windows, Linux, Mac OS X)This is actually a proxy software, there are many features, you can detect XSS cross-site scripting vulnera

all the tools are preinstalled in a Linux system. Among them, the typical operating system. Is the Kali Linux used in this book.The system is mainly used for penetrant testing.It comes preloaded with a number of penetration testing software, including the Nmapport scanner, Wireshark (Packet Analyzer), and John the Ripper (password hack). and Aircrack-ng (a set of software for penetration testing of wireless LANs). Users can perform Kali Linux with ha

Tcpdump for Linux system security tools 1. Install the built-in tcpdump tool. Yum install tcpdump-y 2. Monitor host data packets [Root @ CentOS179min ~] # Tcpdump-I eth0 -- monitor the eth0 Nic of the Local Machine [Root @ centos179min ~] # Tcpdump host 192.168.1.250 and \ (192.168.1.20.or 192.168.1.252 \) -- intercepts packets from multiple IP addresses [Root @ centos179min ~] # Tcpdump-I eth0 dst host 192

This is a set of scripts that can help analysts analyze the security of the app and develop it in the Perl language. Because it's just a few scripts, it may not be as smart to use, no GUI interface, no "elegant" analysis results. So basically, it's a script like "aapt-enhanced". With the added ability to analyze Android and analyze iphone apps, there are some useful words. Project address [Googlecode] https://code.google.com/p/smartphonesdumbapps/If y

2ban.pid-xroot 1558 0.0 0.1 103248 868 pts/0 s+ 06:37 0:00 grep fail2banNext you can see that there are fail2ban processes that we test.[[Email protected]129-slave fail2ban-0.8. -]#SSH 192.168.182.129The authenticity of host'192.168.182.129 (192.168.182.129)'Can't be established.RSA Key fingerprint is in: -: the: 7b:a0: to: About: AF: -: the: 0e:ed: the: AD:CF: the. Is you sure want to continue connecting (yes/no)?Yeswarning:permanently added'192.168.182.129'(RSA) to the list of known hosts. [E

1, we open 360 security guards in the computer after the entry we then click on the "main" and then find the interface of "more options" to see my tools 2, as shown below is not the default so many Ah, this is a small series of 360 security guards installed tools 3. I'm cleaning up the unused

Second, the war on the love of Cats ★ War Dialing Machine The principle of war dialers is simple, first of all, it uses ascending or random way to dial a series of phone numbers, once found hidden modem can dial into the system, and can crack easy to guess password. War dialer for PCs with no password and remote control software. This is often the case with the connection between a company's staff's computer and its corporate system. There are a lot of hackers who like to start from the staff'

for different users and groups.R=4,w=2,x=1R is read permission, W is write permission, X is execute permission4+2+1=7 to rwx property; readable writable executablerw-property is 4+2=6; readable writable non-executableTo r-x the property, 4+1=5. Readable executable not writableChown modifying the owner and group of files and directoriesChown User1:tomcat/home/testChown user2:tomcat/home/test/-R recursive subdirectory modified together (-R)This article is from the "Practical Linux knowledge and S

1. InstallationYum Install tcpdump-y2. Monitoring Packetstcpdump-i eth0--Monitor the ETH0 network card of this machine tcpdump host 192.168.1.120 and \ (192.168.1.121 or 192.168.1.122\)--intercepts multiple IP packetstcpdump-i eth0 DST host 192.168.1.120--monitors all packets sent to the host to the machine3. Monitoring the port of the hosttcpdump TCP Port 22--monitors the TCP22 port of this machinetcpdump UDP port 123--Listen for udp123 ports on this machine4. Parameters C:Tcpdump will exit aft

print timestamps in each line of output-TT does not format the time per row of output (NT: This format may not see its meaning at one glance, such as a timestamp printed as 1261798315)-TTT tcpdump output, a period of time (in milliseconds) is delayed between each two lines of printing-TTTT printing of a date before the timestamp of each row is printed-V generates detailed output when parsing and printingDST host host if the destination domain of the IPV4/V6 packet is host, the corresponding con

Burpsuite 1.7.32 original + registration machine downloadLink: https://pan.baidu.com/s/1LFpXn2ulTLlcYZHG5jEjyw Password: mie3Note No backdoor file integrity: Burp-loader-keygen.jar md5:a4a02e374695234412e2c66b0649b757 Burpsuite_pro_v1.7.31.jar md5:f29ae39fd23f98f3008db26974ab0d0a Burpsuite_pro_v1.7.32.jar md5:d4d43e44769b121cfd930a13a2b06b4c Decode Password: www.cnblogs.com/xiaoyehack/How to use the registration machineActually very simple, just the first time you need to r

://127.0.0.1/sqlinject.php?id=1"--is-dba determine if the injection point has administrator rights　　　　Sqlmap.py-u "Http://127.0.0.1/sqlinject.php?id=1"-D "test"--tables guess table name　　　　Sqlmap.py-u "Http://127.0.0.1/sqlinject.php?id=1"-D "test"-t "test"--columns guess field name　　　　Sqlmap.py-u "Http://127.0.0.1/sqlinject.php?id=1"-D "test"-T "test"-C "Id,name"--dump guess the value of ID and name　　　　　　　　On the internet, the pants that are circulating are the following sentence.Sqlmap.py-u "Ht