Stack Overflow
Stack Overflow

Questions tagged [penetration-tools]

for questions that involve penetration testing tools of all major platforms.

54 questions
1
vote
0 answers

OWASP ZAP - wrong NTLM challenge order - Out of sequence NTLM response message

I need help with NTLM authentication configuration. I am currently testing an AJAX web application using OWASP ZAP. The application is reachable via HTTPS and has NTLM auth enabled. When I run the scan, ZAP does not keep the proper sequence of NTLM…
avolna
  • 21
  • 1
1
vote
1 answer

How to Stop automated scanners from scanning the website Leaving the robots.txt Any other way Configuration can be made?

Do anyone knows how to stop Automated Scanners from Scanning the Web Application or website ? Leaving the robots.txt Any other way Configuration can be made? Any server side modification?
Rohit Sharma
  • 21
  • 1
  • 3
1
vote
1 answer

ZAP Report is saying SQL injection

I performed a scan through ZAP, it is showing SQL injection in report, However I am not able to regenerate it manually. Can someone guide me ? I tried to post the same request in "Postman" but its saying "Please provide token". Click here to see…
Dhaval Dosi
  • 25
  • 5
1
vote
2 answers

Web Pen Testing Recomendations - Tools & External Contractor Recommendations

I'm not sure if this is even an appropriate question for SO but I'll go ahead anyway as I'm not sure. I've been looking at Pen Testing tools for my current project and have found a number of them but ultimately there is no getting away from taking…
Jammer
  • 9,969
  • 11
  • 68
  • 115
0
votes
0 answers

How to delete PentextBox with Metasploit 2.3.exe

I have downloaded PentestBox with Metasploit 2.3.exe on my VM, this VM is important for testing so I cannot delete it all together, how can I delete the file. Any manipulation attempt towards the file is just not working (this includes copying, cut,…
Sagnik Das
  • 9
  • 2
0
votes
0 answers

Make HTTP requests with not matching Content-Length and body length for testing purposes

For testing purposes I want to make some invalid HTTP requests, e.g. Content-Length header smaller than the real body size and also the other way (Content-Length header larger than the real body size). I tried with the .NET HttpClient, but the…
stefan.at.kotlin
  • 15,347
  • 38
  • 147
  • 270
0
votes
0 answers

Burp proxy not intercepting modified apk requests

Burp suite - Mobile apk request intercepting issues I modified the apk manually using apk editor and also using a tool mitm-apk to intercept it's all traffic. During the process of modifying apk , tool did not returned any error as well. But when I…
John
  • 1
  • 2
0
votes
1 answer

Sudomy doesn't see api keys

After installation Sudomy i add my API's to "sudomy_api_dist" file. But sudomy still doesn't see api keys. While I wait for Sudomy to see the API keys and scan accordingly, it continues to scan without looking at other search engines as if I did not…
user21352463
0
votes
0 answers

How to forge a CIFS Silver Ticket correctly in my home lab? or how to make it vulnerable?

I have a question regarding some issue i've been facing for almost 2 weeks now. I'm doing a research on issuing and detecting silver tickets within a network, and in order to acheive that i've created a home lab which consist of the…
tifa
  • 1
  • 1
0
votes
0 answers

config payload usage in SQLmap

I have target after manual testing, I have found the target response to sleep time but the response after 3 multiply the number I put. for example when I put the payload: 'select (sleep (1))' the read response will be 3 when i put the…
mo.eng
  • 1
  • 1
0
votes
0 answers

Trying to exploit SQL injection

I am trying to exploit a SQLI and I don't understand why my "group_concat" doesn't work. I managed to extract the name of the database ("games") : enter image description here But when I try to extract the tables from this database, I have a syntax…
Druide Funkyy
  • 1
  • 1
0
votes
1 answer

Burp Suite Logger++ Extension Show Only in-Scope items

Logger++ is a great extension to Burp Suite. However, I cannot find a basic solution to my problem. I just want to add a filter to see only in-scope items like in the burp's own logger itself. Is there anyone who has a solution for that? Thanks...
Aiden Pearce
  • 243
  • 2
  • 13
0
votes
1 answer

Why I have 403 error ONLY when I am using BurpSuite?

during pentesting SOME site I have faced with file upload errors. It is 403 error Forbidden but the most interesting thing lies in the fact it is happening ONLY when I use burp proxy. When I am uploading passport/id document as a usual way(withou…
imortal dude
  • 5
  • 1
0
votes
2 answers

How to set a BeEF hook to a page

I need to know how to set a BeEF hook to a page of my liking(an existing web page or a new custom page). I tried sharing the demo page but only works on the hosting machine only. I've looked for tutorials but couldn't find any. Please help!
Sathika Hettiarachchi
  • 31
  • 7
0
votes
1 answer

Cannot import ctypes for checking admin privileges on Windows platform

Hello Programmers of Stack overflow, I am trying to import I library for my code, but whenever I execute my code on PyCharm, i get an error: File "C:\Users\USER\projectextinguish\venv\lib\site-packages\command_runner\elevate.py", line 49, in…
Tom Ellwood
  • 13
  • 6
1
2
3 4