Jump to content
Nytro

WAppEx 2.0!

Recommended Posts

Posted

[h=1]WAppEx 2.0![/h]by Mayuresh on February 6, 2013

Our first post about WAppEx can be found here. Recently, an update – WAppEx 2.0 was made available! This release is a huge leap from the previous one (version 1.0) and as such has been given a major version increment. It is nothing short of a total remake of the whole software! In favour of greater extensibility and flexibility WAppEx 2.0 has all the exploitation logic moved to a core exploit database. The full-fledged exploit database not only provides the good old exploits with a lot of new features, but also stands for sharing, updating, extending and more. The database is rich with new payloads, and major improvements have been made to the existing payloads and exploits. Now you can unleash massive security tests by executing a batch test of multiple exploits against multiple targets; all in one single action. The Test-on-Targets feature automates much of the tasks you would have to do manually in the previous version. Still in addition to all this, a shining toolbox of new tools has been added to the suite. Some of the new tools added are Manual Request, Dork Finder, Exploit Editor, Hidden File Checker, and Neighbor Site Finder!

“WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.”

[h=2]Changes made to WAppEx 2.0:[/h]

  • Auto-detect feature deleted from exploits
  • Browser tool deleted
  • Exploits and payloads view changed
  • Exploit Database with the following features added:
    • New script syntax and structure
    • Searching, selecting, and executing of exploits.
    • Add/remove database entries (exploits or payloads)
    • Add exploits or payloads to the database using either the Exploit Wizard or the script file
    • Batch testing of multiple targets against multiple exploits
    • Execute multiple instances of one or more payloads (for every running exploit) simultaneously.

  • Following tools added:
    • Manual Request
    • Dork Finder
    • Exploit Editor
    • Hidden File Checker
    • Neighbor Site Finder

    [*]Local File Inclusion analyzer script updated

    [*]24 new payloads for LFI, RFI, and PHP Code Execution vulnerabilities added:

    • Directory Explorer
    • CodeExec Bind
    • 3 connect-back shells
    • Code Execution
    • MySQL Dump
    • ServerInfo
    • 4 command execution payloads

    [*]Bug-fixes:

    • Find Login Page crashed on start
    • Problem with software registration
    • Stop button did not work when retrieving data from SQL server
    • Problem with saving SQL results
    • Crashed when closing Find Login Page
    • Status icons were not displayed properly in exploit tabs

[h=3]Download WAppEx:[/h] WAppEX 2.0WAppEx2.0.exe

Sursa: WAppEx version 2.0! — PenTestIT

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...