web-scanners – Page 2 – WindowsTechs.com

Dealing with an independent security researcher [closed]

Posted on July 1, 2021 by Hashim Aziz

I recently received several emails from a security researcher, one for each "vulnerability" that he had discovered on my website. These alleged vulnerabilities were respectively: a missing certificate authority, no valid SPF, and… Continue reading Dealing with an independent security researcher [closed]→

unable to pass recaptcha test using burpsuite proxy

Posted on January 29, 2021 by bang_jagoet

when I open the burpsuite proxy, it kept hit me with recaptcha , after I click submit, another one pop up, and another, and another, and so on what is wrong?

Continue reading unable to pass recaptcha test using burpsuite proxy→

Web path scanner evaluation criteria [closed]

Posted on January 12, 2021 by frenkie

I recently find out that when selecting a web path scanner, the following features should be considered, in order of importance.
Functionality
If you can’t get it to run on your system, it’s no good to you.
Dictionaries
The larger the dict… Continue reading Web path scanner evaluation criteria [closed]→

How to choose a web path scanner?

Posted on January 11, 2021 by frenkie

There are many tools designed to brute force directories and files in webservers, for example:

https://tools.kali.org/web-applications/dirbuster
https://github.com/maurosoria/dirsearch
https://github.com/pyno/dirfy
https://github.com/OJ/g… Continue reading How to choose a web path scanner?→

Which is the fastest web path scanner? [closed]

Posted on January 11, 2021 by frenkie

There are many tools designed to brute force directories and files in webservers, for example:

A single IP address hosts multiple domain at the same time. How do I scan a single domain using nmap or other tools?

Posted on December 24, 2020 by bang_jagoet

Let’s say an IP address hosts multiple domains, (example.com, example.net, example.org, etc.). How do I port scan a specific domain?

Continue reading A single IP address hosts multiple domain at the same time. How do I scan a single domain using nmap or other tools?→

How can you fingerprint a Django web app?

Posted on October 6, 2020 by Kyle Fennell

In order to better protect my Django web app, I want to reduce the leakage of information that could help an attacker profile my application. If you were an attacker, what would you look at to identify a Django web app?
From OWASP, I know … Continue reading How can you fingerprint a Django web app?→

What is the best way to mass scan the country without the ISP noticing? [closed]

Posted on September 15, 2020 by mina nageh

Just as the title says. Not shodan. I want 98% live hosts. I know about zenmap and proxychains but using that would make it take forever.
What do you think?

Continue reading What is the best way to mass scan the country without the ISP noticing? [closed]→

Doesn’t seem to change _csrf token

Posted on August 28, 2020 by William

I recently saw a very interesting post from a person describing all the steps he would take before running a scan (https://groups.google.com/g/zaproxy-users/c/SMd9OmcVWbE). It caught my attention because I do exactly the same thing he does… Continue reading Doesn’t seem to change _csrf token→

Can a web crawler still see files in a directory even with an index file? [closed]

Posted on August 20, 2020 by IMB

Say you have the following files/folder in your webserver:

public_html/index.html
public_html/test/index.html
public_html/test/foo-randomString.jpg

For an average user, foo-randomString.jpg can’t be seen unless they know the exact filena… Continue reading Can a web crawler still see files in a directory even with an index file? [closed]→