Highest Voted 'penetration-tools' Questions

0

votes

1 answer

On-prem to cloud vulnerability scanning

We have vulnerability scanning software in a shared subnet our on-prem network. We are now adding VMs hosted on the public cloud and need to perform vulnerability scanning on them. One option is to open one-way traffic from on-prem to public cloud…

asked Nov 19 '21 at 17:28

Rich750

17
5

0

votes

1 answer

How to reproduce XSS attack #javascript:alert(1)?

I have been given permission to run OWASP Zap on a web application. I don't have a lot of experience of pen testing so it's all a bit new to me. I ran Zap on the application and it came up with a High severity alert relating to DOM based XSS. The…

javascript xss owasp penetration-testing penetration-tools

asked Jun 10 '21 at 19:28

Umbungu

945
3
10
30

0

votes

1 answer

Owasp Zap and Amazon

I don't have much experience of penetration testing, but I am currently looking at OWASP Zap. The website I am going to pentest runs on an Amazon EC2 instance. Amazon seems to have certain requirements when it comes to security…

amazon-web-services amazon-ec2 owasp penetration-testing penetration-tools

asked Jun 09 '21 at 21:14

Umbungu

945
3
10
30

0

votes

0 answers

incorrect status code displayed in password guessing attack using burp suite

would anyone please take a look at the image of my burp suite result. I am learning how to brute force password guessing attack for penetration testing subject. Assuming test and test is the correct username and password, but as attacker they do not…

penetration-testing burp penetration-tools

asked Apr 07 '21 at 11:42

Skyb

11
5

0

votes

1 answer

masscan with docker unable to detect file

i am running masscan in docker with alias when i typed masscan -iL ips.txt -p80,443 ips.txt: No such file or directory but the ips.txt exist on same folder

penetration-testing penetration-tools

asked Jan 19 '21 at 12:42

Ravindra Prajapati

80
1
8

0

votes

1 answer

gobuster fills screen with html code and blanks

learning CTF games, I made gobuster from git. Using it by ./gobuster dir -u http://10.10.19.14:3333 -w ~/HTools/lists/gobuster_big.txt brings following output: =============================================================== Gobuster v3.1.0 by OJ…

linux http webserver penetration-tools

asked Nov 20 '20 at 13:04

Jens Redlin

19
4

0

votes

0 answers

How can I highlight text in Mitmproxy?

Is there a way for searching plain text in Mitmproxy views (Flow list, Flow view, Keybindings, Commands)? I can filter the flows by pressing f but I'm really missing feature like / in Vim. It would be faster to navigate to the right flow and in the…

python proxy mitmproxy penetration-tools

asked Sep 10 '20 at 19:02

Lajos

2,549
6
31
38

0

votes

1 answer

Qark returns error when I scan an APK files

I installed Qark successfully by following the guidance from github.com/linkedin/qark but when I run a scan it returns the error below. Another thing is when I run the scan for a java file everything works well. I'm really confused as to what is…

python android security pip penetration-tools

asked Feb 20 '20 at 19:46

CYNTHIA Blessing

71
7

0

votes

3 answers

Variable changes type when passed in argument?

I am patching a tool that works on the NTLM network protocol, I have a structure object where I index a string and pass to a function, inside the scope of the function the variable changes from a to . function call: #…

python protocols penetration-testing penetration-tools

asked Feb 01 '20 at 14:28

rooter

99
2
8

0

votes

2 answers

SQLMap takes long time, when i choose level=5 and risk=3

When I set risk=3 and level=5, sqlmap takes a long time and about 1 hour to finish the task, its really tedious, I am a newbie to Penetration Testing, kindly help me. python sqlmap.py -u "Application url" --dbms=MySQL --threads=10 -time-sec=10…

sql-injection penetration-testing sqlmap penetration-tools

asked Aug 29 '19 at 09:54

Groot51

1
1
1
3

0

votes

1 answer

OWASP | ZAP | SQL Injection | Scan Report

When SQL injection is executed through FUZZ along with the inbuilt payload. The scan result shows multiple column along Code, Reason, State, and Payloads. How do i analyse this columns (Code, Reason, State, and Payloads) for the posted request

owasp zap penetration-testing penetration-tools

asked Apr 25 '19 at 13:15

Prashant Sah

93
1
8

0

votes

1 answer

how to set http version to 1.1 only in wildfly server?

A Issue raised to change HTTP version 1.1 only in web server configuration. I am using wildfly 10 as my server. I have tried using connector varible but it is not allowed in wildfly 10 so help me out with this.

wildfly wildfly-10 penetration-testing penetration-tools

asked Jul 24 '18 at 08:46

Karthik P

21
2
12

0

votes

1 answer

Which exploit and which payload use?

Hi everyone and sorry for my bad English. I'm learning penetration testing. After reconnaissance and scanning of my target, I have enough information to pass to next phase. Some info I have is open ports with related running services, names of the…

exploit payload penetration-testing penetration-tools

asked May 11 '18 at 13:29

user7657641

0

votes

1 answer

Authentication issue in Burp suite

I am getting alerts for authentication in Burp Suite. I have already followed the suggestion given in burp suite support site but it seems not working. How to resolve this ? How to see the request which is passing and not getting authenticated.…

security penetration-testing burp penetration-tools

asked Feb 23 '18 at 08:21

Dhaval Dosi

25
5

0

votes

1 answer

Penetration testing of Angular JS application in ZAP or Burp Suite

I am struggling to test Angular JS application, Can someone provide me reference to learn that, Couldnt find any. I want to attack the application but it seems not all links are being visited by Crawler.

testing penetration-testing zap burp penetration-tools

asked Feb 09 '18 at 12:27

Dhaval Dosi

25
5

Questions tagged [penetration-tools]