Dear Readers: PWNSCAR is planning to publish a monthly Tech Magazine along with some other blogs. To Contribute CHECK DETAILS

ABOUT ME

1 Oct 2012

Web Application Exploiter (WAppEx)

10:39  ,  No comments

Hey all today i will be telling you all about WAppEx which is an integrated platform for performing penetration testing and exploiting of web applications.




What Is WAppEx ?


 WAppEx (Web Application Exploiter) is an integrated platform for performing penetration testing and exploiting of web applications it can be download and used on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability. 
 
WAppEx is a multi platform application and it is executable in Linux and Windows.

Features Of WAppEx


WAppEx can exploit the following web application vulnerabilities:
  • SQL Injection
The most dangerous vulnerability in web applications. WAppEx uses Havij - Advanced SQL Injection Tool engine to find and exploit this vulnerability.
  • Remote File Inclusion:
It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.
  • Local File Inclusion
It allows an attacker to include a local file. Just like RFI. WAppEx tests and exploits this vulnerability.
  • OS Commanding:
It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.
  • Script injection:
It can be used by an attacker to introduce (or "inject") script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.
  • Local File Disclosure
as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.


WAppEx contains the following tools to help you in penetration testing and exploiting web apps.
  • Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
  • Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
  • Find Login Page: It looks for login pages on a target.
  • Browser: A small browser you can use to view source code and HTTP headers. 

 Hope you all enjoyed this tutorial and if you have any  problem or question then you may ask in comments
                                        



 

0 comments:

Post a Comment

Got any doubts or feedbacks ?
Feel free to comment !

Subscribe to: Post Comments (Atom)