Wednesday, January 20, 2016
PHP Vulnerability - Hunter
This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.
PHP Vulnerability Hunter is aware of many different types of vulnerabilities found in PHP applications, from the most common such as cross-site scripting and local file inclusion to the lesser known, such as user controlled function invocation and class instantiation.
PHP Vulnerability Hunter
ºArbitrary command execution
ºArbitrary file read/write/change/rename/delete
ºLocal file inclusion
ºArbitrary PHP execution
ºSQL injection
ºUser controlled function invocatino
ºUser controlled class instantiation
ºReflected cross-site scripting (XSS)
ºOpen redirect
ºFull path disclosure
Scan Phases
1. Initialization Phase
During this phase, interesting function calls within each code file are hooked, and if code coverage is enabled the code is annotated. Static analysis is performed on the code to detect inputs.
2. Scan Phase
This is where the bugs are uncovered. PHP Vulnerability Hunter iterates through its different scan plugins and plugin modes, scanning every file within the targeted application. Each time a page is requested, dynamic analysis is performed to discover new inputs and bugs.
3. Uninitialization
Once the scan phase is complete, all of the application files are restored from backups made during the initialization phase.
Search
Categories
Popular Posts
-
dotenv loads .env files into process.env for Node.js projects, making it useful for configuration hygiene checks, secret-handling review...
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
New bug bounty(vulnerabilities) collector Requirements Chrome with GUI (If you encounter trouble with script execution, check the stat...
-
x64dbg is a Windows user-mode debugger for controlled runtime inspection, breakpoint logic, trace collection and patch validation in autho...
-
As cyber threats evolve, so must our strategies to combat them. The deepdarkCTI project serves as a crucial resource, offering access to a c...
-
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in mis...
-
As mobile applications become more integral to our daily lives, ensuring their security is paramount. Vulnerabilities in mobile apps can exp...
-
social-analyzer provides API, CLI, and web interfaces for finding and analyzing public profiles across more than 1000 social media and web...
-
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and sc...
-
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomai...
Blog Archive
-
►
2026
(3)
- ► 05/24 - 05/31 (3)
-
►
2024
(42)
- ► 05/26 - 06/02 (1)
- ► 05/12 - 05/19 (1)
- ► 05/05 - 05/12 (5)
- ► 03/10 - 03/17 (3)
- ► 02/18 - 02/25 (32)
-
►
2022
(20)
- ► 02/06 - 02/13 (18)
- ► 01/30 - 02/06 (2)
-
►
2018
(69)
- ► 10/14 - 10/21 (4)
- ► 08/26 - 09/02 (7)
- ► 08/12 - 08/19 (4)
- ► 07/15 - 07/22 (2)
- ► 07/08 - 07/15 (6)
- ► 07/01 - 07/08 (3)
- ► 06/17 - 06/24 (2)
- ► 03/04 - 03/11 (2)
- ► 02/18 - 02/25 (1)
- ► 02/04 - 02/11 (3)
- ► 01/28 - 02/04 (7)
- ► 01/21 - 01/28 (6)
- ► 01/14 - 01/21 (12)
- ► 01/07 - 01/14 (10)
-
►
2017
(72)
- ► 12/31 - 01/07 (2)
- ► 12/03 - 12/10 (1)
- ► 11/19 - 11/26 (1)
- ► 11/12 - 11/19 (1)
- ► 10/22 - 10/29 (3)
- ► 10/01 - 10/08 (2)
- ► 09/17 - 09/24 (6)
- ► 09/10 - 09/17 (2)
- ► 09/03 - 09/10 (2)
- ► 08/27 - 09/03 (4)
- ► 07/23 - 07/30 (5)
- ► 07/16 - 07/23 (3)
- ► 06/25 - 07/02 (1)
- ► 06/18 - 06/25 (4)
- ► 05/21 - 05/28 (7)
- ► 05/14 - 05/21 (1)
- ► 05/07 - 05/14 (2)
- ► 04/30 - 05/07 (2)
- ► 04/23 - 04/30 (2)
- ► 04/16 - 04/23 (2)
- ► 03/19 - 03/26 (4)
- ► 01/22 - 01/29 (2)
- ► 01/15 - 01/22 (1)
- ► 01/08 - 01/15 (8)
- ► 01/01 - 01/08 (4)
-
▼
2016
(648)
- ► 12/25 - 01/01 (1)
- ► 12/18 - 12/25 (2)
- ► 12/11 - 12/18 (6)
- ► 12/04 - 12/11 (4)
- ► 11/27 - 12/04 (5)
- ► 11/13 - 11/20 (1)
- ► 11/06 - 11/13 (1)
- ► 10/30 - 11/06 (5)
- ► 10/23 - 10/30 (1)
- ► 10/16 - 10/23 (2)
- ► 10/09 - 10/16 (5)
- ► 10/02 - 10/09 (3)
- ► 09/25 - 10/02 (2)
- ► 09/18 - 09/25 (6)
- ► 09/11 - 09/18 (6)
- ► 09/04 - 09/11 (4)
- ► 08/28 - 09/04 (7)
- ► 08/21 - 08/28 (5)
- ► 08/14 - 08/21 (4)
- ► 08/07 - 08/14 (2)
- ► 07/31 - 08/07 (2)
- ► 07/24 - 07/31 (5)
- ► 07/17 - 07/24 (2)
- ► 07/10 - 07/17 (3)
- ► 07/03 - 07/10 (6)
- ► 06/26 - 07/03 (11)
- ► 06/12 - 06/19 (4)
- ► 06/05 - 06/12 (1)
- ► 05/29 - 06/05 (1)
- ► 05/08 - 05/15 (4)
- ► 04/24 - 05/01 (8)
- ► 04/17 - 04/24 (5)
- ► 04/10 - 04/17 (1)
- ► 04/03 - 04/10 (8)
- ► 03/27 - 04/03 (1)
- ► 03/20 - 03/27 (5)
- ► 03/13 - 03/20 (1)
- ► 03/06 - 03/13 (12)
- ► 02/28 - 03/06 (14)
- ► 02/21 - 02/28 (11)
- ► 02/14 - 02/21 (12)
- ► 02/07 - 02/14 (13)
- ► 01/31 - 02/07 (121)
- ► 01/24 - 01/31 (34)
-
▼
01/17 - 01/24
(58)
- Open Source Vulnerability Scanner - OpenVAS
- Passive DNS Network Mapper - dnsmap
- Admin Page Finder Script
- TrueCrypt brute-force password cracker - TrueCrack
- Automatic Database Dump - sqlcake
- Open Source Intelligence - Maltego
- Mobile Terminal Application for Intermittent Conne...
- Joomla Security Scanner - Joomscan
- Post Exploitation Framework - Intersect
- Exploring Android Platform - Mercury
- Python Script Searching - Dark D0rk3r
- SQLi and Web Attack Framework - Enema SQLi
- Linux Live USB Creator - LiLi
- Backup and Recovery - ReDo
- Yet Another Man in The Middle Automation Script -...
- Wi-Fi network scanner - inSSIDer
- Open Source MySQL Injection - sqlsus
- Extreme GPU - Bruteforcer
- Passive Traffic Fingerprinting - p0f
- Rainbow Tables Hash Cracker - RainbowCrack
- Web Application Testing - Vega
- PDF Analysis Tool - peepdf
- PHP Vulnerability - Hunter
- O Programa da Matrix Está Falhando - ''O Que Você ...
- Automatic Bluetooth Spoofing - Spooftooph
- Wireless Network Monitoring Tool - Kismet
- Pentest - Security Cheatsheets
- Antivirus Evasion - foolav
- Razorback
- LAMP/LEMP Secure Deployment - JShielder
- Wordlist Generator - Crunch
- SIP Witch
- Injecting Fake Updates - Evilgrade
- Tiny Core Linux
- MD5 Online Password Cracking - md5cracker
- Writing Your Own Exploits
- Encrypt Your Network Traffic - Tcpcrypt
- Passive Network Monitoring - lanmap2
- Wireless and Wired Network Interceptor - the Inter...
- Encrypted UDP based FTP - UFTP
- IDS evasion - Inundator
- Standardized Security - OpenSCAP
- Web Application Security Scanner - w3af
- Log Monitoring Daemon - agentsmith
- Blind SQL Injections - BSQL Hacker
- Final Released - Bruter v1.0
- V For Vendetta
- AfterGlow
- Network Forensics - Xplico
- Digital Forensics Framework - DFF
- Digital Forensics - Autopsy
- Volatility 2.5 - Memory Forensics
- Credit Card Magstripe Spoofer - MagSpoof
- Privilege Escalation - Potato
- Cross Platform ELF Analysis - ELF Parser
- Pentest Distro - Web Testing Framework Samurai
- 10 Estratégias de Manipulação da Mídia
- Project Arsenal X - As HackTheGame But Real
- ► 01/10 - 01/17 (59)
- ► 01/03 - 01/10 (174)
-
►
2015
(26)
- ► 12/27 - 01/03 (1)
- ► 08/30 - 09/06 (8)
- ► 08/23 - 08/30 (16)
- ► 08/16 - 08/23 (1)
Home
Privacy Center
Data Protection
Community
Digital Policy
Security Tools
Online Utilities
Resources
Search Operators
Library


0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.