PWEB SUITE – Perl based web app penetration test tools

pWeb Suite (formerly known as pCrack Suite) is a set of Perl based penetration testing tools for web application vulnerability testing. This tool is brought to you by Douglas Berdeaux a.k.a Trevelyn who is the founder of WeakNet Laboratories and the developer of WEAKERTH4N Linux, a penetration testing distro aimed for wireless penetration testing and web pentesting. At first, pWeb Suite is only available for WEAKERTH4N Linux but then he decided to release it to the public for other pentesting distros, this happened when I sent him a message that I would like to try out the tools he just made for web pentesting which was featured in the SOLDIERX HDB. pWeb Suite version 1.0 can be downloaded at Google Code.

web_pentesting

What’s inside?

Web Application Vuln Finding:
LFI / RFI
-HelLFiRE –  LFI Automation Tool
-LogInject0r – Code Injection Tool for Web Server Logs (LFi Attack)

SQLI

-SMSI (SimplyMySQLi) – Simple Mysql Injector

XSS
-StrEncode – XSS String Encoding Tool

Mathematics / Hashes / Passwords:
Fibonacci
Primes
Online Resources:
-md5Online
-HavijMD5BF
-pBinCracker
-Ripemd160Online
-SHA1Online
-SHA256Online
EtsyShadow

Reconnaissance:
FileScope – Server Files Recon Tool

Wordlist Utilities:
RePsychoLoop

The suite also includes a vulnerable code for Local File Inclusion =)

localfile_inclusion

 

Next up, I will doing some tutorials for pWeb Suite. It will be available soon =)

Credit: Jay Turla is a Filipino security researcher, programming student, infosec enthusiast, open source advocate, and the blog manager of PenTest Laboratory. He is interested in Linux, OpenVMS, penetration testing and vulnerability assessment. He is one of the core team members of The ProjectX Blog and one of the bloggers and goons of ROOTCON (Philippine Hackers Conference).You can follow his tweets

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s