El año pasado tuve el agrado de estar en las “VI Jornadas de Software Libre” en Junín, provincia de Buenos Aires. Para esta conferencia preparé una charla interesante y divertida sobre como “Vulnerar Sistemas con Herramientas Open Source“. Gracias a los organizadores de la conferencia, tenemos el video disponible aquí mismo, enjoy!
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
The motivation for creating this tool came after reading “anantasec-report.pdf” which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools. For almost every web application vulnerability in existance, there is a test script available in moth.
Other tools like this are available but they lack one very important feature: a list of vulnerabilities included in the Web Applications! In our case, we used the results gathered in the anantasec report to solve this issue without any extra work.
There are three different ways to access the web applications and vulnerable scripts:
Both mod_security and PHP-IDS have their default configurations and they show a log of the offending request when one is found. This is very useful for testing web application scanners, and teaching students how web application firewalls work. The beauty is that a user may access the same vulnerable script using the three methods; which helps a lot in the learning process.
Click here to download moth from sourceforge.
This saturday (April 25th) I’m going to be delivering a small presentation about w3af at FLISOL. The presentation is going to be a project introduction, and will contain a lot of demos.
FLISOL is the acronym of the Latin American Festival of Installation of Free Software is the largest event of diffusion of free software that is made since 2005 in different countries simultaneously. In 2008 involved more than 200 cities in 18 countries of Latin America.
It is an opportunity for all those interested in learning more about the operating system GNU / Linux and free software. Participating is possible to contact the world of free software, meet others, to resolve doubts and questions, share opinions and experiences, to attend lectures and other activities.
Once again, Bonsai is supporting the Open Source initiative!