Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82815
Newest Member: medjiking
Latest Articles

Cum Security Toolkit

Arrow Image The cum security toolkit (cst) contains a cgi vulnerability scanner and a port scanner, and can be used as a hacking tool, or as a security vulnerability assesment tool.



The Cum Security Toolkit(CST) is a great tool to use. I have used this once or twice for puposes that will stay unknown. This is fast and easy to break into ports that are open, send a string to the open ports (user specified), and show their reply. It is more an enumeration / stress tool. You can scan seperate ports and/or portranges, and you can scan a single host, or supply a list with servers for bulk scanning. Thats the Port scanner.

Also the CGI Scanner, web vulnerability scanner, that scans using a database of scripts, files and directories (user editable). The sample databases included contain +2200 possibly vulnerable scripts/dirs. You can scan with or without using (multiple) proxy servers. The cgi scanner has +11 different anti-IDS tactics (hex-values, double slashes, self-reference directories, session splicing, parameter hiding, http misformatting, dos/win directory syntax, case sensitivity, null method processing, long urls, premature request ending and http 0.9 scans), and sends fake \"X-Forwarded-For:\", \"Referer:\" and \"User-Agent:\" headers to hide your scans even more.

You can also specify a waittime between 2 script fetches. The cgi scanner uses HEAD requests for faster scanning (you can scan using GET by providing an extra flag), and supports scanning virtual hosts. You can also specify another port to scan instead of the standard port 80, or another directory than the standard cgi-bin or scripts. The scanner outputs the scripts and/or directories that return a 200, 201, 202, 204, 403 or 401 HTTP code (you can specify other codes too using an extra flag) and outputs the target webserver software. You can scan single hosts, or supply a file with a list with targets for bulk scanning.

The CST security scanners are all in JAVA and to run them you need a Java runtime environment.

Sounds like fun? Want a CST?

Download here
http://www.blackhat.be/cst/cst1_41.tar.gz

Comments

metsoc30on April 25 2005 - 18:04:02
Couldn't they come up with a better name for their Security Toolkit? Cum? That's just sick.
hack4uon April 25 2005 - 23:26:14
yeah, but it works. If you dont think of it like that. But it does sound like it. First it goes and finds the open "ports" and then it leaves "residue" behind.
metsoc30on April 26 2005 - 00:17:35
Hey, I don't know about you, but I always know which ports I want to use and when Smile
hack4uon April 26 2005 - 16:57:40
I know which ports i want as well. But its how you get in the ports is what counts. Pfft
Darth_Pengoon September 22 2005 - 16:00:55
I saw this title and said "Oh no now hack4u is writing Sex Protection articles
sharpskater80on November 18 2007 - 00:18:40
I had to view this
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.