Wednesday, August 24, 2011

An Online Advanced PenTesting Framework Soon

I really been busy lately. Been collecting articles, researching some topics, learning new tricks in this security field, doing business, taking care my family, Solving Cyber crime cases, Coding things, Monitoring some websites , maintaining my websites, travelling, teaching.... this list goes on..

I am into programming these days, and i was coding some Online Pentesting Modules (As you can see the PenTesting Tools on Home Page). I want to combine everything till now i made and make one biggest ONLINE Advanced Pen Testing Framework.

So what's the IDEA ?

Well it would be a simple website. Just Add your Site in it it automatically crawls your site and tries to find the Vulnerabilities in it.
Vulnerabilities here covers most important ones and even low level one's.
This might include

SQL Injection Attacks includes Cookie injections(MSSQL MYSQL POSTGRES DB2 ORACLE ...)
XSS Attacks ( Both Persistant and non Persistant )
LFI and RFI Attacks
SSI Request Forgery
SSL Request Forgery
Auth Bypass
Header Injection
Cookie Injection
Reverse IP

I want to implement most of my knowledge in to this. This could be 70% automated which makes a Pen tester Life EASIER.
There would auto report generation like

MS Word Report Generation
PDF Report Generation
YAML Report
Excel Report
Text Report
Email Report
Online Report

There will be seperate Section for Code analysis ( Dunno if i should make it Online of Offline )
What does Code Analysis Does ?
Analyse the Source Code and Find the possible Vulnerabilities in the Source code and Report them in the report.

Well i want to make this kind of live , Once if some vulnerability is found this Online Pentesting Frameword Automatically try to Penetrate into the server and try to install a backdoor inside the server.(in Hacker Words it is SHELL)

The SQLI includes the Advanced WAF Bypass ( ALL PRIVATE METHODS ).

For all this to Happen
I would require a work place where i don't get disturbed by all the EMOTIONAL ATYACHAAR.
I would require CALL FREE WEEK ( although i would require my phones to be with me )
I would require Time Less Days.
I would require some movies to watch.
I would require a Soft bed with a Pillow.
I would require a Pet who would give me a break.
I would require a tension less days
I would require a regular Health Checkups

Well i never get any of those soon as i am just a money making machine now. No one take's me as a HUMAN.

I made some of the above modules bit by bits i need to combine them to make them one and add something more like report generation etc.

PS: even i want to Make some thing for CMS, Like Wordpress, Joomla etc ( Brute Forcer and Public and private Exploits )

I would use both Bing and Google for entasking this project.

|Here soon doesn't mean actual soon, it depends upon the time i get to do things .

I have a lot to sort out at my current situation.

PS:PS: I would use multiple Languages here like

PHP, Perl , Python , VB , VB .NET, MYSQL , Ajax

Please do not ask me how i learnt these languages etc, its all interest which made me to do this.

Subhash Dasyam
A LONE PenTester

1 comment for "An Online Advanced PenTesting Framework Soon"