Category Archives: Security Tools & Scripts

Various scripts, programs and software used for vulnerability scanning, probing, forensic analysis, exploitation testing, and other security needs.

How to use WPScan WordPress Scan Kali Linux Vulnerability Scan + Snort Rule Example

Running a wordpress site means that you have to always be on the ball when it comes to updating your plugins, themes and wordpress itself. It is a good idea to scan yourself on a regular basis using simple Kali built in tools such as wpscan and sqlmap. You don’t have to be too intrusive… Read More »

Share Button

PHP MySQL Webshell Backdoor File Sample

So, owning close to a 100 websites occasionally one gets hacked, and it just so happened that one of them was compromised the other day. The backdoor that I found on the server was a MySQL one. Here is a sample of the default MySQL webshell backdoor I found on my server. I take no… Read More »

Share Button

Syhunt Web Backdoor Scanner .LUA or .EXE – Easy Customization and Configuration

So I found this neat little script laying around, it makes looking for backdoors and webshells on webservers a cake walk. Backdoors are always changing and different hacker groups rename common backdoors so you can update this script with new intel in two seconds. To add a new filename to search simple add /newfilename in… Read More »

Share Button

Simple Python List that checks a file list to see if a webserver HTTP is running

#!/usr/bin/python import sys, httplib def main(host, path): try:# make a http HEAD request h = httplib.HTTP(host) h.putrequest(“HEAD”, “/”+path.strip(“n”)) h.putheader(“Host”, host) h.endheaders() status, reason, headers = h.getreply() print “[+]”,host+”/”+path.strip(“n”),”:”,status, reason except: print “[-] Error Occurred” pass if len(sys.argv) != 2: print “Usage: ./ <list of sites>” sys.exit(1) print “n d3hydr8[at]gmail[dot]com getResp v1.0” print “———————————————-” try: list1… Read More »

Share Button

Python Script to scan for vulnerable servers allowing SQL Injection

#!/usr/bin/python import sys, httplib def main(host, path): try: conn = httplib.HTTPConnection(host) conn.request(“GET”, path) r1 = conn.getresponse() print “[+]”,host+path,”:”,r1.status, r1.reason except: print “[-] Error Occurred” pass if len(sys.argv) != 3: print “nUsage: ./ <site> <list of injections>” print “Example: ./ injections.txtn” sys.exit(1) print “n d3hydr8[at]gmail[dot]com sqlResp v1.0” print “———————————————-” try: injects = open(sys.argv[2], “r”).readlines() except(IOError):… Read More »

Share Button