WPScan WordPress Vulnerability Scanner | WPScan is a nifty WordPress vulnerability scanner. It can do things such as scan for installed plugins and provide vulnerability information based on results. It is part of Backtrack, which is handy as well! Here’s how wpscan looks checking scottlinux.com: root@bt:/pentest/web/wpscan# ruby wpscan.rb –url scottlinux.com –enumerate p
ufw Allow From Specific IP on Specific Port
ufw Allow From Specific IP on Specific Port | ufw is the friendly command line firewall utility in Debian and Ubuntu. I’ll show you how to create a specific rule syntax for allowing traffic in from a specific ip on a specific port. Say for example you want to allow traffic from 192.168.1.215 on udp port 88. Here is the command: $ sudo ufw
Use nmap to Identify MAC and IP of Machines on LAN
Use nmap to Identify MAC and IP of Machines on LAN | Instead of pinging the broadcast which may or may not work for various reasons, use namp to identify MAC addresses and ips of computers or devices on your LAN. Here is how it works! The nmap option is tack sP along with the ip range desired to scan. If you use a 192.168 range at
Quick nmap How-To
Quick nmap How-To | nmap or network mapper is an open source command line program for security auditing. Here is a basic intro! As always, only scan your own hosts or hosts that you have permission to scan! To do a simple check of open ports or port filtering, issue: $ sudo nmap host stmiller@brahms:~$ sudo nmap scottlinux.com Starting
Fetch HTTP headers with curl
Fetch HTTP headers with curl | A simple curl command can fetch HTTP headers from a website. Here’s how it works! The command is: $ curl -I domain.com Example: stmiller@brahms:~$ curl -I http://scottlinux.com HTTP/1.1 200 OK Date: Sat, 24 Sep 2011 02:53:17 GMT Server: Apache Strict-Transport-Security: max-age=43200; includeSubDomains Set-Cookie: bb2_screener_=1316832797+; path=/ X-Pingback: http://scottlinux.com/xmlrpc.php Set-Cookie: PHPSESSID=erh3jr41d1idkaifote48urph4; path=/ X-Hello: Hello There Vary: Accept-Encoding
Enable HTTP Strict Transport Security on Debian / Ubuntu
Enable HTTP Strict Transport Security on Debian / Ubuntu | HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how! Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks. First, enable mod_headers: $ sudo a2enmod headers
Install latest Iceweasel in Linux Mint Debian Edition
Install latest Iceweasel in Linux Mint Debian Edition | Linux Mint Debian Edition currently rolls its own Firefox, which can take time to get packaged to the latest version. And being based on Debian Testing, the Testing version of Iceweasel is often not the latest and greatest version for those looking at upstream alternatives. That is where the Debian Mozilla team steps in! To
ClamAV On-Access Scanning For Samba Shares
ClamAV On-Access Scanning For Samba Shares | Your Linux-based samba file server can automatically scan for Windows viruses with clamav and svs.I’ll show you some tips on getting this running with Debian 6! 1. Install clamav In Debian 6, install clamav-daemon which will also pull in the other required clamav packages. sudo apt-get install clamav-daemon The on-access samba anti-virus scanner svs is
Apache Block By User Agent
Apache Block By User Agent | Though this is trivial to circumvent, an easy way to block by User Agent with Apache is to use mod_rewrite. This is rather more useful to deny spam bots, scammers, and other automated tools from poking at your website! The following rewrite rule gives a 403 Forbidden for example: RewriteEngine On RewriteCond %{HTTP_USER_AGENT} HTTrack RewriteRule
Test Your Server for MySQL Injection
Test Your Server for MySQL Injection | Q: What tools are used for testing for MySQL and other database injection vulnerabilities? The following are often used to automate testing for SQL injections by network and security admins: sqlmap – automatic SQL injection and database takeover tool Havij – automated SQL injection tool metasploit – security framework (Metasploit as you may be aware
