Vulnerability Details – Vulnorator

Github Link For Tool : https://github.com/vaibhavpareek/vulnorator.git

Categorically all vulnerabilities are distributed to allow the user to read and understand about it very well. With best resources to practice and learn about that vulnerability in a single platform, Vulnorator helps you to be better and smarter.

There are in total we have 22 Categories in all vulnerabilities has been divided with the help of bugcrowd taxonomy in mind. Each category has vulnerabilities from informational to a critical level. It took months for me to gather all the best resources for each vulnerability to one platform. I would also request other developers and cybersecurity professionals to contribute in this project by mentioning or providing the best available resource for that vulnerability on Github.

My aim is to make this tool to be available on every penetretion tester’s lab to understand and learn each day something new about a new vulnerability.

Categories of Vulnerability :

[1]  Server Security Misconfiguration
[2]  Server-Side Injection
[3]  Broken Authentication and Session Management
[4]  Sensitive Data Exposure
[5]  Cross-Site Scripting (XSS)
[6]  Broken Access Control (BAC)
[7]  Cross-Site Request Forgery (CSRF)
[8]  Application-Level Denial-of-Service (DoS)
[9]  Unvalidated Redirects and Forwards
[10] External Behavior
[11] Insufficient Security Configurability
[12] Using Components with Known Vulnerabilities
[13] Insecure Data Storage
[14] Lack of Binary Hardening
[15] Insecure Data Transport
[16] Insecure OS/Firmware
[17] Broken Cryptography
[18] Privacy Concerns
[19] Network Security Misconfiguration
[20] Mobile Security Misconfiguration
[21] Client-Side Injection
[22] Automotive Security Misconfiguration

Some categories are defined in greater detail. for others very soon I will release the resources information. I would request all the developer also to mention about the best resources, they know about the particular category.

To see the detailed information of each category ,download the tool or read from the file in the project Vulnorator on Github.

Thanks for reading this ,please contribute to make it a best tool to learn and understand about vulnerability.

Vaibhav Pareek – (Developer Vulnorator)

Threat Meter – Vulnorator

Github Link For Tool : https://github.com/vaibhavpareek/vulnorator.git

Threat Rator is used to explain the criticality of each vulnerability category.it means how many vulnerabilities of level critical, high, medium, low and information that exists in that particular category like server misconfiguration. It is very useful in making an approach towards bug hunting and vulnerability assessment.

[P1] CRITICAL | [P2] HIGH | [P3] MEDIUM | [P4] LOW | [P5] INFORMATIONAL

[1]  Server Security Misconfiguration                        
| P1 : 1 | P2 : 2 | P3 : 2 | P4 : 15 | P5 : 38 |   
[2]  Server-Side Injection                                   
| P1 : 4 | P2 : 0 | P3 : 2 | P4 : 2  | P5 : 6  |  
[3]  Broken Authentication and Session Management            
| P1 : 1 | P2 : 0 | P3 : 3 | P4 : 7  | P5 : 7  |    
[4]  Sensitive Data Exposure                                 
| P1 : 2 | P2 : 1 | P3 : 1 | P4 : 6  | P5 : 12 |    
[5]  Cross-Site Scripting (XSS)                              
| P1 : 0 | P2 : 1 | P3 : 3 | P4 : 6  | P5 : 6  |    
[6]  Broken Access Control (BAC)                             
| P1 : 0 | P2 : 1 | P3 : 1 | P4 : 2  | P5 : 1  |    
[7]  Cross-Site Request Forgery (CSRF)                       
| P1 : 0 | P2 : 1 | P3 : 0 | P4 : 0  | P5 : 2  |    
[8]  Application-Level Denial-of-Service (DoS)               
| P1 : 0 | P2 : 1 | P3 : 1 | P4 : 0  | P5 : 2  |    
[9]  Unvalidated Redirects and Forwards                      
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 1  | P5 : 5  |
[10] External Behavior                                       
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 0  | P5 : 9  |    
[11] Insufficient Security Configurability                   
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 4  | P5 : 7  |    
[12] Using Components with Known Vulnerabilities             
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 1  | P5 : 2  |    
[13] Insecure Data Storage                                   
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 2  | P5 : 3  |    
[14] Lack of Binary Hardening                                
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 0  | P5 : 4  |    
[15] Insecure Data Transport                                 
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 1  | P5 : 1  |    
[16] Insecure OS/Firmware                                    
| P1 : 2 | P2 : 1 | P3 : 0 | P4 : 0  | P5 : 0  |    
[17] Broken Cryptography                                     
| P1 : 1 | P2 : 0 | P3 : 0 | P4 : 0  | P5 : 0  |    
[18] Privacy Concerns                                        
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 1  | P5 : 0  |    
[19] Network Security Misconfiguration                       
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 0  | P5 : 1  |
[20] Mobile Security Misconfiguration                        
| P1 : 0 | P2 : 0 | P3 : 0 | P4 : 1  | P5 : 4  |    
[21] Client-Side Injection                                   
| P1 : 0 | P2 : 0 | P3 : 1 | P4 : 0  | P5 : 2  |    
[22] Automotive Security Misconfiguration                    
| P1 : 2 | P2 : 2 | P3 : 3 | P4 : 6  | P5 : 3  |

Github Link for Vulnorator :

REFRENCE :: https://bugcrowd.com/vulnerability-rating-taxonomy

Thanks for reading about Vulnorator’s Threat Rator mode ,if you want the full list then please download the tool from the Github link and could use it find valuable and some good bugs.

Vaibhav Pareek (Developer – Vulnorator)

Enumeration – Vulnorator

Github Link For Project : https://github.com/vaibhavpareek/vulnorator.git

Enumeration is defined as the process of extracting user names, os, network resources, shares and services from a system. The gathered information is used to identify the vulnerabilities or weak points in system security and tries to exploit the System gaining phase.For the enumeration phase with extracting more information, we can exploit as well to get access to the target resources.

what does this tool do for enumeration and exploitation?

Here in this tool, we have 4 options to play around with enumeration and exploitation.

  1. SQLMAP: it is an inbuilt tool reside in Kali Linux, but in Vulnorator we have given you interface to deal with SQLMAP in a user-driven menu with options. Here you can just confirm your choice and the attack will begin on that target link,that you have mentioned.
    1. List DB: To list all the databases existing in the server of the target.
    2. List Tables: To list all the tables of a selected database by you.
    3. List Columns: To list all the columns of that particular table of a particular database.
    4. Dump DB: Dump the database content and save it tot a folder.
  2. METASPLOIT: It is the most popular tool used by penetration testers and hackers to exploit the vulnerabilities. It also helps you to find exploits as well as for scanning the target for a particular vulnerability using inbuilt scanners.
    1. Here in vulnorator , you have been provided with a quite Metasploit shell with all services running implicitly. You just need to through the command to exploit the target.
    2. [+]To See Requirements: show options
    3. [+]To Set the environment: set RHOSTS
    4. [+]To See Payload: show payloads
    5. [+]To Use the payload: set PAYLOAD
    6. [+]To Exploit: exploit or run
  3. Search the exploit: SearchSploit or ExploitDB
    1. Here in vulnorator , you have been provided with an option to search for a particular exploit that exists in the system via exploitdb by just entering the keyword. By that keyword, you will get a list of exploits with their compatibility with the target to get exploited or not.
    2. You can just copy the suitable exploit and copy it. Now you use the option 3 for METASPLOIT shell, where using the command “use <exploit >” you can run the exploit.
    3. It contains all known exploits for different-different vulnerabilities.
  4. How to exploit: This feature of Vulnorator helps you to learn about the tactics of exploitation and to know about the best material provided on the internet to study vulnerabilities and their exploitation.

Thanks for reading about this tool ,if you want to download vulnorator then click on this link to Github project of vulnorator which is given above.

Vaibhav Pareek (Developer – Vulnorator)

Scanning – Vulnorator

Scanning is done to examine the system for ports and services running on it.

Github Link For Tool : https://github.com/vaibhavpareek/vulnorator.git

Scanning is another phase of hacking, which is also coming under reconnaissance, it has been used to map the network or system thoroughly and to get detail of every end-point of the system. It refers to the scanning of the servers or systems by knowing the ports which are open, filtered or closed. To know about the services running, which version of these services are used by the target. Scanning helps to find the proper exploit to exploit the target or helps in making the strategy to reach out to the loophole by analyzing the inner architecture very well. Scanning also helps to determine the strength of the target. Multiple options are available to do scanning among which Nmap and burp suite are the best. In this tool we have used Nmap to scan the target thoroughly. Burpuite can be used to understand the requests as it intercepts all the requests and also the responses . then it can be used to find loopholes in the target via their http headers and methods also.

In this tool by PRESSING 2 you can perform this step of hacking in a very well structured manner.

What does this tool do for Scanning?

  1. Here in this tool, we have used Nmap for scanning the target for vulnerable things.
  2. Nmap is an open-source widely used by penetration testers and hackers to gather information about the system and network. It has many options with it to scan the target thoroughly.
  3. Vulnorator will do a heavy scan on target for finding all the services running on which ports. To find the ports which are open, closed or filtered.
  4. It searches for both TCP as well as UDP Ports.It will scan all the necessary ports like 21,22,23,80,53,135,139,445,443,1024,6544 and much more.
  5. It also tries to gather information about Operating System running on the target server.
  6. All this information will be saved in a text file named scanning.txt in the sub-directory named Scanning inside the directory named on target name.
  7. This file can be collected and analyzed patiently to understand the target’s system and configurations.
  8. It also asks to download the cheat sheet for Nmap scan for future aspect or to learn more about Nmap capabilities.

Thanks for reading about this mode of vulnorator,if you like it please have hands on this tool practicaly also by downloading it from Github account .

Vaibhav Pareek – (Developer Vulnorator)

Information Gathering – Vulnorator

It has been used for gathering information about the target using this tool.

Github Link : https://github.com/vaibhavpareek/vulnorator.git

Information gathering is an important phase of hacking, it means to gather information about the target as much as you can. The reconnaissance level of the target itself determines the success rate. Always pay your much effort and time towards gathering information about the target. If you know who runs your target application ,how does it work , where the request has been send, from where the response is coming, what services are running on target server, what version of these services are used by developer, what configuration has been used by default,are developers smart enough to change the default credentials,are devices using updated versions of software or not and much more. this is a really very important and crucial phase of hacking and penetration testing while searching for bugs. We should always spend much time sharpening the tool rather than on attacking.

  1. Information gathering is about collecting in and out information about the target from anywhere on the internet.
  2. Information gathering is divided into two parts one is passive or another is using tools knowns as active. Both techniques are used to gather as much information as we can about the target.

In this tool by PRESSING 1 you can perform this step of hacking in a very well structured manner.

What does this tool do for information gathering?

  1. Here in this tool, we have followed a proper sequence and record collection to gather the most suitable and important information regarding the target.
  2. It will open some links in the browser which can you to read about the target in detail and to get in-depth information about the target. The links will be related to the target like its website, its blog, its Linkedin Profile, its social media pages, its google information, or pages ranked as top by google according to the keyword you have entered for target.
  3. It will also open some links which can give the best information about the target. These websitesa are most commonly used for information gathering. the sites are Shodan , Whois, GHDB, DNSStuff , OSINT Framework and much more.
  4. It will save the results of whois information in the file name whois.txt inside the subdirectory Information gathering of directory named on target’s name for the future references.
  5. It will also the route to the servers of target from the device we are using in a file named traceroute.txt in the same sub directory.
  6. It will also save the links which it has opened in the browser in the file footprinting.txt for the future references.
  7. It also asks for downloading the hacker’s handbook for advance google searches to learn more about information gathering.
  8. It also asks for downloading the OWASP penetration testing guide to search for a vulnerability in a website.this can be very helpful to learn about the hacker’s methodology to find bugs in a website.

Thanks for reading about this tool,please have experience on the tool via downloading it from the Github.

Vaibhav Pareek (Developer of Vulnorator)

Vulnorator – Linux Based Tool!

Vulnorator is a Linux Based Tool which is written in python.

Github Link For Tool : https://github.com/vaibhavpareek/vulnorator.git

[+] Vulnorator is a Linux based tool written in python.
[+] It can be used to perform initial phases of hacking to compromise any web application.
[+] It helps you to perform methodologies of hacking very easily due to easy interactive user-driven mode.
[+] With the help of this tool you can do information gathering, scanning or enumeration of a target if it is vulnerable to any vulnerability.
[+] It can help you to understand or learn about various vulnerabilities that exist in web applications or websites. According to each category of vulnerability, subcategories are divided with detailed explanations provided by the links to the famous reports or blogs related to that vulnerability.
[+] One of the mode Threat Rator can be used to know about the criticality of each vulnerability as per its category.
[+] This tool is really helpful for the beginners in the cybersecurity to learn about the phases of hacking, to understand the various vulnerabilities and their exploitation.
[+] It can also be used to perform enumeration using some famous tools of Kali Linux like SQLMAP, METASPLOIT and much more.
[+] It has 7 modes where each does something related to hacking and penetration testing.
[+] One of the mode Threat Rator can be used to know about the criticality of each vulnerability as per its category.
[+] This tool is really helpful for the beginners in the cybersecurity to learn about the phases of hacking, to understand the various vulnerabilities and their exploitation.
[+] It can also be used to perform enumeration using some famous tools of Kali Linux like SQLMAP, METASPLOIT and much more.
[+] It has 7 modes where each does something related to hacking and penetration testing.

This tool is specially designed for beginner’s in cybersecurity to get to know about web application vulnerabilities, system hacking via their outdated software risks using tools.

Here in vulnorator in total 22 Categories of vulnerabilities are defined with the help of bugcrowd taxonomy and hackerone’s reports. Each Category is defined in detail with the best resources existing on the internet to master each category. The most difficult part while searching for vulnerability is lack of knowledge about different vulnerabilities except for some common like XSS or sqli. This major issue is resolved in this tool to get complete information about each category from what it is to how to exploit it.

It is a free open source tool designed in python to help each other to grow more as a penetration tester or ethical hacker. This tool guide is distributed in parts in various posts on this website only. The source code for the application would be available soon on the GitHub.

I want to thank all the resource owner’s which I have used in my tool, all my dear friends who have supported me to build something useful for the community.Please support this tool to become far better from what it is now.You are free to give suggestions ,please leave a comment down.If you are a developer or cybersecurity enthusiast then please contribute on these project on Github.

Also share this tool with everyone who asks you how to start in cyber-security.

For each phase, a new post has been created so that it would be easy to read the posts and to understand as well.

Vaibhav Pareek – ( Developer of Vulnorator)

www.000webhost.com