diff options
Diffstat (limited to 'hw7/index.php@page=pen-test-tool-lookup.php.8')
| -rw-r--r-- | hw7/index.php@page=pen-test-tool-lookup.php.8 | 700 |
1 files changed, 700 insertions, 0 deletions
diff --git a/hw7/index.php@page=pen-test-tool-lookup.php.8 b/hw7/index.php@page=pen-test-tool-lookup.php.8 new file mode 100644 index 0000000..2f5e7c2 --- /dev/null +++ b/hw7/index.php@page=pen-test-tool-lookup.php.8 @@ -0,0 +1,700 @@ + + <!-- I think the database password is set to blank or perhaps samurai. + It depends on whether you installed this web app from irongeeks site or + are using it inside Kevin Johnsons Samurai web testing framework. + It is ok to put the password in HTML comments because no user will ever see + this comment. I remember that security instructor saying we should use the + framework comment symbols (ASP.NET, JAVA, PHP, Etc.) + rather than HTML comments, but we all know those + security instructors are just making all this up. --> +<!-- Bubble hints code --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> +<html> +<head> + <meta content="text/html; charset=us-ascii" http-equiv="content-type"> + + <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> + <link rel="stylesheet" type="text/css" href="./styles/global-styles.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" /> + <link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" /> + + <script type="text/javascript" src="./javascript/bookmark-site.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script> + <script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js"> + /*********************************************** + * Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com) + * This notice MUST stay intact for legal use + * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code + ***********************************************/ + </script> + <script type="text/javascript"> + ddsmoothmenu.init({ + mainmenuid: "smoothmenu1", //menu DIV id + orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v" + classname: 'ddsmoothmenu', //class added to menu's outer DIV + //customtheme: ["#cccc44", "#cccccc"], + contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"] + }); + </script> + <script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + $('[CookieTamperingAffectedArea]').attr("title", "Cookies may store system state information"); + $('[CookieTamperingAffectedArea]').balloon(); + }); + </script> +</head> +<body onload="onLoadOfBody(this);"> +<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px"> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <table width="100%"> + <tr> + <td style="text-align:center;"> + <span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;"> + <img style="vertical-align: middle; margin-right: 10px;" border="0px" width="50px" height="40px" align="top" src="./images/coykillericon.png"/> + NOWASP (Mutillidae): Hack Like You Mean It + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td bgcolor="#ccccff" align="center" colspan="7"> + <span class="version-header">Version: 2.3.10</span> + <span id="idSecurityLevelHeading" class="version-header" style="margin-left: 40px;">Security Level: 0 (Hosed)</span> + <span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 40px;">Hints: Disabled (0 - I try harder)</span> + <span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 40px;">Not Logged In</span> + </td> + </tr> + <tr> + <td colspan="2" class="header-menu-table"> + <table class="header-menu-table"> + <tr> + <td><a href="index.php?page=home.php">Home</a></td> + <td>|</td> + <td> + <a href="./index.php?page=login.php">Login/Register</a> + </td> + <td>|</td> + <td><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></td><td>|</td> <td><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></td> + <td>|</td> + <td><a href="set-up-database.php">Reset DB</a></td> + <td>|</td> + <td><a href="./index.php?page=show-log.php">View Log</a></td> + <td>|</td> + <td><a href="./index.php?page=captured-data.php">View Captured Data</a></td> + <td>|</td> + <td><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="vertical-align:top;text-align:left;background-color:#ccccff;width:10%"> + <div id="smoothmenu1" class="ddsmoothmenu"> + <ul> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Core Controls</a> + <ul> + <li><a href="index.php?page=home.php">Home</a></li> + <li> + <a href="./index.php?page=login.php">Login/Register</a> </li> + <li><a href="./index.php?do=toggle-hints&page=pen-test-tool-lookup.php">Toggle Hints</a></li> <li><a href="./index.php?do=toggle-security&page=pen-test-tool-lookup.php">Toggle Security</a></li> + <li><a href="set-up-database.php">Setup/Reset the DB</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a></li> + <li><a href="./index.php?page=credits.php">Credits</a></li> + <li><a href="./index.php?do=toggle-bubble-hints&page=pen-test-tool-lookup.php">Hide Popup Hints</a></li> + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">OWASP Top 10</a> + <ul> + <li> + <a href="">A1 - SQL Injection</a> + <ul> + <li> + <a href="">SQLi - Extract Data</a> + <ul> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Bypass Authentication</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + </ul> + </li> + <li> + <a href="">SQLi - Insert Injection</a> + <ul> + <li><a href="./index.php?page=register.php">Register</a></li> + </ul> + </li> + <li> + <a href="">Blind SQL via Timing</a> + <ul> + <li><a href="./index.php?page=login.php">Login</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">SQLMAP Practice Target</a> + <ul> + <li><a href="./index.php?page=view-someones-blog.php">View Someones Blog</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">Via JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A1 - Other Injection</a> + <ul> + <li> + <a href="">HTML Injection (HTMLi)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + </ul> + </li> + <li> + <a href="">HTMLi via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">HTMLi Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + <li> + <a href="">Frame Source Injection</a> + <ul> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Injection</a> + <ul> + <li><a href="./index.php">Those "Back" Buttons</a></li> + <li> + <a href="./index.php?page=password-generator.php&username=anonymous"> + Password Generator + </a> + </li> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + </ul> + </li> + <li> + <a href="">HTTP Parameter Pollution</a> + <ul> + <li><a href="./index.php?page=user-poll.php">Poll Question</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Cascading Style Injection</a> + <ul> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON) Injection</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Buffer Overflow</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + <li> + <a href="">Parameter Addition</a> + <ul> + <li><a href="./index.php?page=repeater.php">Repeater</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href="">A2 - Cross Site Scripting (XSS)</a> + <ul> + <li> + <a href="">Reflected (First Order)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=user-info.php">User Info</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=html5-storage.php">HTML5 Storage</a></li> + <li><a href="./index.php?page=capture-data.php">Capture Data Page</a></li> + <li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/vulnerabilities.php">Document Viewer</a></li> + </ul> + </li> + <li> + <a href="">Persistent (Second Order)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + </ul> + </li> + <li> + <a href="">DOM Injection</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Via "Input" (GET/POST)</a> + <ul> + <li><a href="?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="?page=view-someones-blog.php">View someone's blog</a></li> + <li><a href="?page=show-log.php">Show Log</a><li> + <li><a href="?page=user-info.php">User Info</a></li> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + <li><a href="./index.php?page=set-background-color.php">Set Background Color</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via HTTP Headers</a> + <ul> + <li><a href="./index.php?page=browser-info.php">Browser Info</a></li> + <li><a href="./index.php?page=show-log.php">Show Log</a><li> + <li><a href="./index.php?page=site-footer-xss-discussion.php">Site Footer</a><li> + <li><a href="./index.php?page=html5-storage.php">Those "BACK" Buttons</a></li> + </ul> + </li> + <li> + <a href="">Via Misconfiguration</a> + <ul> + <li><a href="./index.php">Missing HTTPOnly Attribute</a></li> + </ul> + </li> + <li> + <a href="">Against HTML 5 Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Against JSON</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + </ul> + </li> + <li> + <a href="">Via Cookie Injection</a> + <ul> + <li><a href="index.php?page=capture-data.php">Capture Data Page</a></li> + </ul> + </li> + </ul> + </li> + <li> + <a href=""> + A3 - Broken Authentication and Session Management + </a> + <ul> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li> + </ul> + </li> + <li> + <a href="">A4 - Insecure Direct Object References</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=credits.php">Credits</a></li> + <li><a href="index.php">Cookies</a></li> + <li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li> + </ul> + </li> + <li> + <a href="">A5 - Cross Site Request Forgery (CSRF)</a> + <ul> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="./index.php?page=register.php">Register User</a></li> + </ul> + </li> + <li> + <a href="">A6 - Security Misconfiguration</a> + <ul> + <li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li> + <li><a href="./index.php?page=user-info.php">Method Tampering (GET for POST)</a></li> + </ul> + </li> + <li> + <a href="">A7 - Insecure Cryptographic Storage</a> + <ul> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">A8 - Failure to Restrict URL Access</a> + <ul> + <li><a href="index.php?page=source-viewer.php">Source Viewer</a></li> + <li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li> + <li><a href="index.php?page=robots-txt.php">Robots.txt</a></li> + </ul> + </li> + <li> + <a href="">A9 - Insufficient Transport Layer Protection</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + </ul> + </li> + <li> + <a href="">A10 - Unvalidated Redirects and Forwards</a> + <ul> + <li><a href="?page=credits.php">Credits</a></li> + <a href="#">Setup/reset the DB (Disabled: Not Admin)</a></li> + + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">HTML 5</a> + <ul> + <li> + <a href="">HTML 5 Web Storage</a> + <ul> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">JavaScript Object Notation (JSON)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + <li> + <a href="">Asyncronous JavaScript and XML (AJAX)</a> + <ul> + <li><a href="./index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li> + </ul> + </li> + </ul> + </li> + <li style="border-color: #ffffff; border-style: solid;border-width: 1px"> + <a href="#">Others</a> + <ul> + <li> + <a href="">OWASP 2007 A3 - Malicious File Execution</a> + <ul> + <li><a href="?page=source-viewer.php">Source Viewer</a></li> + </ul> + </li> + <li> + <a href="">OWASP 2007 A6 - Information Leakage and Improper Error Handling</a> + <ul> + <li><a href="index.php">Cache Control</a></li> + <li><a href="index.php">X-Powered-By HTTP Header</a></li> + <li><a href="index.php">HTML/JavaScript Comments</a></li> + <li><a href="index.php?page=framing.php">Click-Jacking</a></li> + <li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="">Denial of Service</a> + <ul> + <li><a href="?page=show-log.php">Show Web Log</a><li> + </ul> + </li> + <li> + <a href="">JavaScript "Security"</a> + <ul> + <li><a href="index.php?page=login.php">Login</a></li> + <li><a href="index.php?page=user-info.php">User Info</a></li> + <li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li> + <li><a href="index.php?page=html5-storage.php">HTML5 Storage</a></li> + </ul> + </li> + <li> + <a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a> + </li> + <li> + <a href="">Data Capture Pages</a> + <ul> + <li><a href="index.php?page=capture-data.php">Data Capture</a></li> + <li><a href="index.php?page=captured-data.php">View Captured Data</a></li> + </ul> + </li> + + </ul> + </li> + <li style="border-color: #ffffff;border-style: solid;border-width: 1px"> + <a href="#">Documentation</a> + <ul> + <li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li> + </ul> + </li> + </ul> + <br style="clear: left" /> + </div> + + <div class="label" style="text-align: center;">Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin</div> + </td> + +<td valign="top"> + <blockquote> + <!-- Begin Content --> + + +<script type="text/javascript"> + $(function() { + $('[JSONInjectionPoint]').attr("title", "User input is incorporated into the JSON returned from the server"); + $('[JSONInjectionPoint]').balloon(); + }); +</script> + +<div class="page-title">Pen Test Tool Lookup</div> + + + +<script type="text/javascript"> + $(function() { + $('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[HTMLEventReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div style="margin: 5px;"> + <span style="font-weight: bold;" HTMLEventReflectedXSSExecutionPoint="1"> + <a onclick="document.location.href='';" + style="cursor:pointer;"> + <img src="./images/back-button-128px-by-128px.png" + alt="Back" + width="64px" + height="64px" + align="middle" + /> + + Back + </a> + </span> +</div> +<!-- BEGIN HTML OUTPUT --> +<script type="text/javascript"> + + var gUseJavaScriptValidation = "FALSE"; +var gDisplayError = "FALSE"; +try{ + var gPenTestToolsJSON = ( {"query": {"toolIDRequested": "3"}});alert("xss");//", "penTestTools": [{"tool_id":"3","tool_name":"Skipfish","phase_to_use":"Discovery","tool_type":"Scanner","comment":"Agressive. Fast. Uses wordlists to brute force directories."}]}} ); + }catch(e){ + alert("Error trying to evaluate JSON: " + e.message); + }; + + + var addRow = function(pRowOfData){ + try{ + var lDocRoot = window.document; + var lTBody = lDocRoot.getElementById("idDisplayTableBody"); + var lTR = lDocRoot.createElement("tr"); + + //tool_id, tool_name, phase_to_use, tool_type, comment + + var lToolIDTD = lDocRoot.createElement("td"); + var lToolNameTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); + var lToolTypeTD = lDocRoot.createElement("td"); + var lCommentTD = lDocRoot.createElement("td"); + + //lKeyTD.addAttribute("class", "label"); + lToolIDTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("class","sub-body"); + lToolNameTD.setAttribute("style","color:#770000"); + lPhaseTD.setAttribute("class","sub-body"); + lToolTypeTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("class","sub-body"); + lCommentTD.setAttribute("style","font-weight: normal"); + + lToolIDTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_id)); + lToolNameTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_name)); + lPhaseTD.appendChild(lDocRoot.createTextNode(pRowOfData.phase_to_use)); + lToolTypeTD.appendChild(lDocRoot.createTextNode(pRowOfData.tool_type)); + lCommentTD.appendChild(lDocRoot.createTextNode(pRowOfData.comment)); + + lTR.appendChild(lToolIDTD); + lTR.appendChild(lToolNameTD); + lTR.appendChild(lPhaseTD); + lTR.appendChild(lToolTypeTD); + lTR.appendChild(lCommentTD); + + lTBody.appendChild(lTR); + }catch(/*Exception*/ e){ + alert("Error trying to add row in function addRow(): " + e.name + "-" + e.message); + }// end try + };//end JavaScript function addRow + + var initializePage = function(){ + try{ + document.getElementById("idToolSelect").focus(); + }catch(/*Exception*/ e){ + alert("Error trying to initialize page: " + e.message); + }// end try + };// end function + + var displayError = function(){ + try{ + if(gDisplayError == "TRUE"){ + document.getElementById("id-invalid-input-tr").style.display=""; + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to display error: " + e.message); + }// end try + };// end function + + var displayPenTestTools = function(){ + try{ + var laTools = gPenTestToolsJSON.query.penTestTools; + if(laTools && laTools.length > 0){ + document.getElementById("idDisplayTable").style.display=""; + for (var i=0; i<laTools.length; i++){ + addRow(laTools[i]); + }//end for i + }// end if + }catch(/*Exception*/ e){ + alert("Error trying to parse JSON: " + e.message); + }// end try + };// end function +</script> +<span> + <a style="text-decoration: none; cursor: pointer;" href="http://localhost/mutillidae/index.php?page=pen-test-tool-lookup-ajax.php"> + <img style="vertical-align: middle;" src="./images/ajax_logo-285x300.jpg" height="75px" width="78px" /> + <span style="font-weight:bold;">Switch to AJAX Version of page</span> + </a> +</span> +<fieldset style="width: 500px;"> + <legend>Pen Test Tools</legend> + <form action="index.php?page=pen-test-tool-lookup.php" + method="post" + enctype="application/x-www-form-urlencoded" + onsubmit="" + id="idForm"> + <table> + <tr id="id-invalid-input-tr" style="display: none;"> + <td class="error-message" colspan="2"> + Error: Invalid Input - Please choose a tool to lookup. + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="form-header" colspan="2">Select Pen Test Tool</td> + </tr> + <tr><td> </td></tr> + <tr> + <td class="label" style="text-align: right;">Pen Test Tool</td> + <td> + <select id="idToolSelect" JSONInjectionPoint="1" name="ToolID"> + <option value="0923ac83-8b50-4eda-ad81-f1aac6168c5c" selected="selected">Please Choose Tool</option> + <option value="c84326e4-7487-41d3-91fd-88280828c756">Show All</option> + <option value="1">WebSecurify</option> +<option value="2">Grendel-Scan</option> +<option value="3">Skipfish</option> +<option value="4">w3af</option> +<option value="5">Burp-Suite</option> +<option value="6">Netsparker Community Edition</option> +<option value="7">NeXpose</option> +<option value="8">Hailstorm</option> +<option value="9">Tamper Data</option> +<option value="10">DirBuster</option> +<option value="11">SQL Inject Me</option> +<option value="12">XSS Me</option> +<option value="13">GreaseMonkey</option> +<option value="14">NSLookup</option> +<option value="15">Whois</option> +<option value="16">Dig</option> +<option value="17">Fierce Domain Scanner</option> +<option value="18">host</option> +<option value="19">zaproxy</option> +<option value="20">Google intitle</option> + </select> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td colspan="2" style="text-align: center;"> + <input name="pen-test-tool-lookup-php-submit-button" type="submit" value="Lookup Tool" class="button" /> + </td> + </tr> + </table> + </form> +</fieldset> + +<table id="idDisplayTable" style="display:none;"> + <tr><td> </td></tr> + <tr> + <td class="sub-header" colspan="5">Pen Testing Tools</td> + <td> </td> + </tr> + <tr> + <td class="sub-header">Tool ID</td> + <td class="sub-header">Tool Name</td> + <td class="sub-header">Tool Type</td> + <td class="sub-header">Phase Used</td> + <td class="sub-header">Comments</td> + </tr> + <tbody id="idDisplayTableBody" style="font-weight:bold;"></tbody> + <tr><td> </td></tr> +</table> + +<script type="text/javascript"> +<!-- + initializePage(); + displayError(); + displayPenTestTools(); +//--> +</script> + + <!-- End Content --> + </blockquote> + </td> + </tr> + </table> + + +<!-- Bubble hints code --> + +<script type="text/javascript"> + $(function() { + $('[ReflectedXSSExecutionPoint]').attr("title", "This location contains dynamic output"); + $('[ReflectedXSSExecutionPoint]').balloon(); + }); +</script> + +<div ReflectedXSSExecutionPoint=\"1\" class="footer">Browser: Wget/1.20.3 (msys)</div><div class="footer">PHP Version: 5.3.28</div></body> +</html><script type="text/javascript"> + try{ + window.localStorage.setItem("LocalStorageTarget","This is set by the index.php page"); + window.sessionStorage.setItem("SessionStorageTarget","This is set by the index.php page"); + }catch(e){ + alert(e); + }; + </script><script type="text/javascript" src="./javascript/jQuery/jquery-1.7.2.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script>
\ No newline at end of file |