a4apphack

There are various harddisk space analyzers which gives us a graphical representation of the files/folders which eats up our harddisk. These tools even provide options to visually navigate through the folders to view the space occupied by its subfolders. Here, we talk about few popular disk analyzers which are portable and worth giving a shot.

Comparison of all those are presented in a table at the end of this post.

Security Perspective: If you are an info sec guy, esp. in forensics, you can utilize the features of the these tools to identify the presence of hidden large files/archives which might possibly contain some sensitive data in it. Most of the time secret truecrypt files are hidden inside some OS folders to make it look genuine.

Note: Most of the apps mentioned here can be downloaded in a portable format. The others can be made portable using the method mentioned here

Comparison Table – here.

Read the rest of this entry »

Skipfish is an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Installation on Ubuntu/BackTrack (via Redspin)

Use the following commands in the terminal windows to install and run Skipfish. Replace OUTPUT_FOLDER and TARGETSITE with the domain name and the target’s URL respectively. Also change the wget URL to the URL of the latest version of Skipfish download available.

wget http://skipfish.googlecode.com/files/skipfish-1.29b.tgz
tar zxvf skipfish-1.01b.tgz
sudo apt-get install libidn11-dev
cd skipfish
make
cp dictionaries/default.wl skipfish.wl
./skipfish -o OUTPUT_FOLDER http://www.TARGETSITE.com

Trial Run

Installed SkipFish and ran on the target site, specs below.

Guest OS : BackTrack4 VM

Host OS : Windows Vista

RAM : 512MB

Application Size : Medium ( < 1000 Unique Pages )

Internet Speed : 1 MBPS

Skipfish Verbose

Skipfish displays the scan run statistics continuously during the run. Once the scan run is complete, we get to see the scan summary (shown in the below screenshot).

Skipfish Console (Click to Enlarge)

Read the rest of this entry »

ZeroDayScan is an online web application scanner which crawls through the app and discovers the vulnerabilities in the application. It attempts to find out the common web vulnerabilities like XSS, SQL Injection and all the way down to web app fingerprinting.

As per their FAQ it takes around half an hour to scan normal sized websites, but as soon as I initiated scan for my website, I got a notification mail saying that it takes around 72 hours to complete the scan but I got the results emailed in about 5 hours.

Read the rest of this entry »

Its very rare to find out a good n effective web application security assessment tool and would make it almost impossible if you want it for free. After a long time of hunt, I found one; CAT – Context App Tool. Although its free, it offers a good GUI and powerful features along with the basic ones which comes with a every proxy available.

Features

There are a number of features which CAT has to enable a wide variety of testing to be conducted:

• Request Repeater – Used for repeating a single request
• Proxy – Classic Inline proxy
• Fuzzer – Allows for batch of tests to be sent to a server for brute forcing, parameter fuzzing, forced browsing etc.
• Log – View a list of requests to sort, search repeat etc. Allows for a sequence of requests to be repeated and modified.
• Authentication Checker – Two synchronised proxies which can be used to check authentication and authorisation controls.
• SSL Checker – Request a specific page with various SSL ciphers and versions.
• Notepad – A text/RTF editor which can be used as a scratch pad for conversions etc.
• Web Browser – An integrated web browser with proxy pre-configured based on the Internet Explorer’s rendering engine.

Reasons to use CAT

There are a number of differences between CAT and currently available web proxies. Some key differences are:

• Uses Internet Explorer’s rendering engine for accurate HTML representation
• Supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no Quotes
• Integrated SQL Injection and XSS Detection
• Synchronised Proxies for Authentication and Authorisation checking
• Faster due to HTTP connection caching
• SSL Version and Cipher checker using OpenSSL
• Greater flexibility for importing/exporting logs and saving projects
• Tabbed Interface allowing for multiple tools at once e.g. multiple repeaters and different logs
• The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
• Free!

Read the rest of this entry »

Mozilla Firefox considerably a fast browser but the more we use it the more slower it will become, this includes a great reduction in the start time. The reason is fragmentation of profile databases. A free tool SpeedyFox is designed specially to resolve that problem.

Using Speedyfox is easy.

1. Download SpeedyFox
2. Run the program and click on ‘Speed Up My Firefox’ button, thats it!

TIP! : For Portable Firefox Users

1. Choose Custom from the Profile dropdown.
2. Browse to ‘PortableFirefox\Data\profiledir’ on your portable drive
3. Now Click on the ‘Speed Up My Firefox’ button

Download SpeedyFox :

Go To SpeedyFox Homepage

Previously mentioned, free file sharing and syncing application Dropbox is now available in portable version (Only for windows). So no more installation required to sync our files across PC’s, just run Dropbox from your thumb drive…

This attracts more people to try and test dropbox. Nice move…

Download Dropbox Portable : (Size : ~15MB)

More Info at Dropbox Home

After uninstalling any software which had temporarily installed for testing purpose, will leave some traces in our PC as registry modifications or in the form of flat files in the OS folders. These unwanted files consumes disk space and might ultimately slow down our PC. WhatChanged is a tiny tool which is a must have for people who install and uninstall softwares frequently.

Read the rest of this entry »

Optimizing images would always be a tedious task if you are not utilizing a good image processing tool. Certain resizing tools promise that the output images to be optimized, but what they really do is to reduce the clarity of the image and hence its size. But there are certain tools like RIOT, which goes into depths of resampling to perform the actual image optimization.

Read the rest of this entry »

I was hunting badly for the best screenmockup or prototyping softwares available for several years. A tool which has tons of drag-n-droppable UI components, categorized, easy to use, light weight, are the features I was looking for.

Balsamiq Mockups is a rich mockscreen creator app which has tons and tons of UI components available (If you still want more, there are options import components! ). This app is available in Online(free!) as well as in Desktop version(79$), and other versions for Confluence, JIRA, XWiki.

I had previously reviewed a portable screen mockup software, Pencil, but Balsamiq Mockups definitely stands out as it is powerful and fully loaded compared to its alternatives. This app is loaded heavily with 75 built-in UI controls and more than 100 icons. Additional controls can be downloaded from MockUpsToGo Site which has many user contributed controls which can be imported to our editor and reused.

MockScreen Controls

Read the rest of this entry »

I always hate to use the stock defrag tool which comes bundled with windows, due to couple of reasons 1. It takes hell lot of time to complete the process and 2. It eats up all of my RAM that my PC will be dead for sometime. I’m sure that many would have faced the same problem and one good solution that I can suggest is to use a third party, free defragmentation tool. After a long search I found out one and that is SmartDefrag.

SmartDefrag is one of the best free and award winning defrag tools available in the market.

SmartDefrag Screenshot

Read the rest of this entry »