vulnerability

صفحه در حال به روز رسانی می باشد

Security Vulnerabilities ===>>> 🕷️ XSS 💉 SQL Injection 🔁 CSRF 🔑 Insecure Direct Object Reference ❌ Broken Authentication 👁️ Sensitive Data Exposure 🚫 Missing Function Level Access Control ✉️ XXE ⚙️ Security Misconfiguration 🔒 Broken Access Control ⚠️ Insufficient Logging ➡️ Unvalidated Redirects 💣 Use of Components with Known Vulnerabilities 📡 Server-Side Request Forgery (SSRF) 🧩 Business Logic Errors 🔐 Cryptographic Failures 🌐 Insufficient Transport Layer Protection 🖱️ Clickjacking ⚠️ Unvalidated Data 📁 Directory Traversal 🚫 Denial of Service (DoS) 📧 Email Header Injection 💦 HTTP Parameter Pollution 🔗 Remote File Inclusion (RFI) 🗺️ Path Traversal 🔄 Session Fixation 🔗 URL Manipulation 💻 Command Injection 🐘 LDAP Injection 🏷️ XSLT Injection 🔍 XPath Injection 📝 Server-Side Template Injection (SSTI) 📦 Deserialization of Untrusted Data 🛠️ Improper Asset Management 🔑 Use of Hardcoded Credentials 🔒 Insufficient TLS Configuration 💾 Improper Cryptographic Storage ✉️ External Entity Injection ⚠️ Improper Input Validation 🚫 Improper Authorization ❌ Missing or Weak Authentication ⚠️ Improper Resource Handling 🔄 Insufficient Session Management ➡️ Uncontrolled Redirects and Forwards

==================================================================

اسکنر آسیب پذیری ها :

🛠️ Vulnerability Scanners

===>>> nuclei - A fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

===>>> Sn1per - Automated pentest framework for offensive security experts.

===>>> metasploit-framework - Metasploit Framework.

===>>> nikto - Nikto web server scanner.

===>>> arachni - Web Application Security Scanner Framework.

===>>> jaeles - The Swiss Army knife for automated Web Application Testing.

===>>> retire.js - Scanner detecting the use of JavaScript libraries with known vulnerabilities.

===>>> Osmedeus - Fully automated offensive security framework for reconnaissance and vulnerability scanning.

===>>> getsploit - Command line utility for searching and downloading exploits.

===>>> flan - A pretty sweet vulnerability scanner.

===>>> Findsploit - Find exploits in local and online databases instantly.

===>>> BlackWidow - A Python-based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

===>>> backslash-powered-scanner - Finds unknown classes of injection vulnerabilities.

===>>> Eagle - Multithreaded plugin-based vulnerability scanner for mass detection of web-based application vulnerabilities.

===>>> cariddi - Takes a list of domains, crawls URLs, and scans for endpoints, secrets, API keys, file extensions, tokens, and more.

===>>> OWASP ZAP - World’s most popular free web security tool, actively maintained by a dedicated international team of volunteers.

===>>> SSTImap - Penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, providing access to the operating system itself.

===========================================================================

نکته مهم: فضای امنیت بسته است!!! بودجه کم و امنیت، دغدغه آخر برای هر سازمان و هر شرکتی است.

ساده‌ترین راه حمایت از من کلیک کردن روی ستاره (⭐) بالای همین صفحه است.