Stack Overflow
Stack Overflow

Questions tagged [penetration-tools]

for questions that involve penetration testing tools of all major platforms.

54 questions
4
votes
4 answers

Is Python or Ruby good for penetration testing?

I hear Python is very good for pentesting. It has got good modules for that. But it's not a good framework, like Metasploit.
Sriram
  • 1,180
  • 2
  • 15
  • 27
3
votes
2 answers

Utilizing ZAP for RESTAPI testing

I'm curious as to how ZAP can be used to test RESTAPIs in the context of API security. Is it just the OpenAPI add on that can be used or are there other(more effective) methods?
vuln3x
  • 41
  • 3
3
votes
1 answer

test the web application of jsf2.2 using owasp

We are going to test a JSF 2.2 application using OWASP ZAP. But, it can not be performed well: the test can't understand how the takeover of id of javax.faces.ViewState. Is it possible to take over the ViewState ID like a JMeter? We see in JMeter:…
rootman
  • 43
  • 6
2
votes
0 answers

SQLMap not matching string in response

I'm using SQLMap for test SQL Injections on a login form, when the server validates credentials it returns an HTTP 200 Status Code and in the response body: {"code":1} (on valid credentials) or {"code":0} (on invalid credentials). Since the status…
JonasK89874
  • 21
  • 1
2
votes
2 answers

How can I let multiple Java scripts to run concurrently in Frida?

I want to bypass root detection, certificate pinning, and a crc integrity check for an android app using Frida. I can't run more than 1 script at once, is there any solution?
raghad
  • 21
  • 1
  • 5
2
votes
3 answers

Falcon sensor fails to start the agent

I am trying to install falcon-sensor(version:4.16.0) on a Debian machine. When I try to start the agent it doesn't start up. I checked the logs of falcon-sensor and here is what it says : 2019 unable to initialize dynamic libraries. (2309)…
Surendra Deshpande
  • 328
  • 1
  • 3
  • 14
2
votes
2 answers

Testing of Web Security

In your experience, what have you found, worked on, or encountered in terms of site vulnerabilities? And what actions did you take to mitigate these issues? This may include XSS (cross site scripting), SQL Injection attacks, plain old DDOS or…
Mark Mayo
  • 12,230
  • 12
  • 54
  • 85
1
vote
1 answer

Measure other users download speed in the same wifi network?

I currently share wireless network with other users Is there any tools to measure the internet consumption by each user ? like get beacons or something? I'd like to know who is the annoying person keep downloading. Thanks geekers !
CodeFarmer
  • 2,644
  • 1
  • 23
  • 32
1
vote
0 answers

How do I filter/fix nmap NSE http-enum?

I am running various nmap scripts against my servers and the http-enum often flags directories like /css/ /error/ /images/ /js/ /xml/ If I try to navigate to the IP + folder my browser times out. Yet somehow nmap is reaching these folders. How can…
Bix
  • 760
  • 8
  • 22
1
vote
1 answer

SQLMap host does not seem to be injectable, does this mean there are no vulnerabilities?

python sqlmap.py -u "https://localhost:8080" --level=5 --risk=5 [15:13:30] [WARNING] parameter 'Host' does not seem to be injectable [15:13:30] [CRITICAL] all tested parameters do not appear to be injectable SQLMap outputted this after many…
devo9191
  • 219
  • 3
  • 13
1
vote
1 answer

OWASP ZAP, how to authenticate using Form-based Auth Login context and POST request

I am currently trying to scan our web application with OWASP ZAP but I am facing an Issue which I can not seem to solve. The problem is, that in order to scan the application I need to sign in, I followed multiple online tutorials and also…
Raymond_90
  • 383
  • 5
  • 15
1
vote
1 answer

OWASP Zap scan option is grayed-out for multi-selected URLs

I have manually gone through all the URLs (GET/POST requests) I need the ZAP to scan. However the session always got lost during the full site scan. When I tried to scan only some URLs listed on the site panel (where you can see a list of URL), I…
Cal
  • 747
  • 1
  • 13
  • 30
1
vote
0 answers

How to mount /system or / in a rooted device

How to mount the read only file system folder in Andorid 10 devices ? I am trying to move some necessary files to /system but i am getting allways an error . when i run mv myfile/path /system i get the following error : mv: /system is read-only…
almosaiki
  • 71
  • 5
1
vote
0 answers

What is an alternate way to crawl through a domain to get parameters? (since burp 2.1 does not allow spider in community edition)

I'm using Burp Suite Community Edition v2.1.07. But it does not allow me to spider a website without pro version. I've used Screaming Frog SEO Spider. It does the crawling upto 500 websites in the free edition. But it doesn't give parameters as…
Sunil Singh
  • 56
  • 1
  • 5
1
vote
2 answers

Web applications to use burp suite on

I am new to web pentesting and I want to know what web applications can I use burp suite on. As far as I know, A damn vulnerable web application is one of them. I don't want to get in any trouble by doing random tests.
shade1337
  • 83
  • 1
  • 2
  • 9
1
2 3 4