New version of Wfuzz!

I don’t like automatic tools. Full stop. Well… not full… I like some semi-automatic tools. One of these tools is wfuzz. I love this python script to perform a quick look over all the directories in a website and sometimes to test against some basic authorization bypass fuzzing a numeric parameter. The use of this tool is very easy and I’m not going to explain here, you can read the…

Process command line enumeration using LFI

This week during a pentest I discovered a website vulnerable to Local File Inclusion vulnerability. As I wanted to discover the most information possible about the system I decided to retrieve the running process and the command line used to execute these programs. With this I pretended to discover more services and paths in the system. I wrote a very simple Perl program that can be modified very easily to…

WeFeTe

I’m proud to announce the release of WeFeTe. WeFeTe is a very simple tool to test against common configurations in web frameworks. It can be use as a first approach to detect the programming framework without missing any of the default behaviours that frameworks include in their websites. This first release try to detect the following frameworks: CakePHP CodeIgniter FUSE Kohana TYPO3 Zend Zope It’s very buggy and all the…