1. “Get from all domains”, included in the app is domain.txt w/c contains common domains, if you want to search for all domains just check this and click scan sites, it will give a lot more results than before, included also is domain2.txt if you want to use all domains, just rename to domain.txt
2. SQLi extensive - will add more parameter comma, parenthesis, double qoute, qoute, to generate errors, it will make scanning longer
3. SQLi cond - its page comparison, program will get results from “and 1=0″ and “and 1=1″ compares them if there are changes, also for strings “‘ and 1=0/*” and “‘ and 1=1/*”, its not accurate 50/50 because of sites with ad’s w/c changes html source everytime you visit the page
4. XSS checking - now this is 98% accurate, its a wrapper of internet explorer, eliminating false positives, its slow so i recommend you set a timeout in ie http://www.google.com/search?q=timeo...ient=firefox-a <– some guides, if you dont it sometimes stops at the middle (default timeout in ie is 10min lol), also disable IE images at advanced options, this will make checking faster.
5. LFI scan - added sa simple lfi scan, its error based, if it detects an file inclusion error, its added to the list, it appends “/etc/passwd″ at the end, its not the correct path but a sample, you can use lfi fuzzer to check directories (im planning making one as perl avaiable fuzzer dont ~censored~ work)
6. RFI scan - will included a simple textfile and check contents, RFI is very few right now but with good dork you will find em, its 98% accurate, 2% is false positives…the file is included but not parsed
Download
http://www.mediafire.com/?2yywjmmlykt
DEMO:
| YouTube - Using SQLi/XSS/LFI/RFI Exploit Scanner | |
Tidak ada komentar:
Posting Komentar