SiteBroker – Website Penetration Testing Framework
Information gathering and penetration testing is becoming more and more automated using a predefined scripts and tools. If you are looking to test web application you can check SiteBroker.
This tool is a framework with several module to run security assessment against online resources. at the moment the tool allow to make the following tests:
- Cloudflare Bypass.
- Website Crawler.
|____ Google Based Crawling
|____ Bing Based Crawling
|____ Manually Crawling - Reverse IP.
|____ YouGetSignal Based
|____ HackerTarget’s API Based - Information Gathering.
|____ Whois Lookup
|____ BrowserSpy Report - Nameservers.
- WebSite Speed.
- Subdomains Scanner
- Shell Finder.
- Admin Panel Finder.
- Grab Banner.
- All Things.
All the listed options are general module that allow to just initiate the testing so will not run a deep scan or vulnerability scanning. Once the user have the different finding he will be able to make further testing against the target subdomains , IP addresses and identified services.
The good addition on SiteBroker is collecting the information from Google, Bing or YouGetSignal which will make a reverse IP lookup to find all associated hostname/IP. This will be useful on the shared hostage for example when the user purchased a shared IP and on the same IP several services. With this option any unpatched vulnerability on the remote service will allow attacker to have a full access to the target.
You can read more and download the tool over here: https://github.com/Anon-Exploiter/
