Pages: [1]   Go Down
Print
Author Topic: VBScan - vBulletin Vulnerability Scanner  (Read 7299 times)
r3z4
Newbie
*
Posts: 8


View Profile
« on: June 14, 2015, 11:03:06 PM »

Hi guys
this is my new project, i trying develop this around vbulletin vulnerability scan

description :
VBScan is a Black Box vBulletin Vulnerability Scanner
Written in Perl

vbscan project at sourceforge and github:

SourceForge :   https://sourceforge.net/projects/vbscan/
Github         :   https://github.com/rezasp/vbscan/


Demo on youtube :
https://www.youtube.com/watch?v=wjhrobz3W_4
https://www.youtube.com/watch?v=iiDh69lGZ78

screen shot:


please report any bug to : me@reza.es
thank you, best regards
« Last Edit: December 25, 2015, 02:16:39 PM by r3z4 » Logged
ZEROF
Hero Member
*****
Posts: 1177


View Profile WWW
« Reply #1 on: June 14, 2015, 11:36:41 PM »

Hi,

Thanks you for sharing with our community, we will check tool on our side.

Cheers!
Logged


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
ostendali
Global Moderator
Sr. Member
*****
Posts: 488


View Profile
« Reply #2 on: June 15, 2015, 08:38:53 PM »

that is very useful I suppose.

vBulletin scan is cool idea.

+1 Wink
Logged
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #3 on: July 04, 2015, 07:46:35 AM »

hello guys
thanks for this reports.
VBScan Version 0.1.2 Released <3

What's New in Version 0.1.2
  •   I new version I have added https support.
  •   Fixed Reported Bugs

SourceForge : https://sourceforge.net/projects/vbscan/
Github : https://github.com/rezasp/vbscan/
« Last Edit: July 04, 2015, 07:52:22 AM by r3z4 » Logged
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #4 on: July 06, 2015, 09:44:20 AM »

hello guys
thanks for this reports.
VBScan Version 0.1.3 Released <3

What's New in Version 0.1.3
  - Change Default UserAgent
  - Fixed admincp/modcp finder bug
  - Fixed Reported Bugs

SourceForge : https://sourceforge.net/projects/vbscan/
Github : https://github.com/rezasp/vbscan/
Logged
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #5 on: August 22, 2015, 08:18:20 PM »

hi
do you check this tool ?
« Last Edit: August 22, 2015, 08:21:45 PM by r3z4 » Logged
ZEROF
Hero Member
*****
Posts: 1177


View Profile WWW
« Reply #6 on: August 24, 2015, 11:08:32 PM »

Hi,

Sorry for late update. Tools for me looks ok, and I will see with other devs how things goes for the future release.

Anyway, thank you for sharing with community.

GJ
Logged


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #7 on: February 02, 2016, 02:03:02 AM »

hello guys
thanks for this reports.
VBScan Version 0.1.4 Released <3

VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .



Why VBScan ?

If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.



What's New in Version 0.1.4  [Dennis Ritchie]
 
VBScan 0.1.4
 * Changed vulnerability scanner engine
 * Changed default specified timeout to 180 seconds
 * Added VBulletin 5.x RCE Exploit
 * Added txt report output
 * Fixed YUI 2.9.0 XSS false positive
 * Fixed reported bugs

Codename :  [Dennis Ritchie]
SourceForge : https://sourceforge.net/projects/vbscan/
Github : https://github.com/rezasp/vbscan/
Logged
ostendali
Global Moderator
Sr. Member
*****
Posts: 488


View Profile
« Reply #8 on: February 04, 2016, 12:18:08 PM »

hello there,
sorry for the delay but we didn't have a chance to look into this tool....

we have checked recently and tried, it seems working well so we have decided to include into our BackBox repository.

We will be working on packaging unless the author himself would like to build the package on launchpad and let us know about it.
Logged
ZEROF
Hero Member
*****
Posts: 1177


View Profile WWW
« Reply #9 on: February 04, 2016, 03:28:05 PM »

I tested tool as well, and I was playing to build package, get some issue and contacted tool dev (send him PM). I'm not that good in packaging I know, but hope that we will find solution.

Edit: Beta package was good, dev fixed small coding issue and now we can move to real test state. Thanks r3z4 for your help.
« Last Edit: February 05, 2016, 01:59:42 AM by ZEROF » Logged


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #10 on: February 08, 2016, 12:07:50 AM »

Thank you for your responding.

VBScan Version 0.1.5 Released <3

VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .



Why VBScan ?

If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.



What's New in Version 0.1.5  [Dennis Ritchie]
 

VBScan 0.1.5 [Dennis Ritchie]
============
* Fixed html tags module bug
* Fixed issues #8 #9
* Fixed reported bugs
Logged
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #11 on: April 30, 2016, 04:01:15 AM »

OWASP VBScan Version 0.1.6 Released

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

Project Leader : Mohammad Reza Espargham
Github : https://github.com/rezasp/vbscan/
SourceForge : https://sourceforge.net/projects/vbscan/
OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project




What's New in Version 0.1.6  [Dennis Ritchie]
 

VBScan 0.1.6 [Dennis Ritchie]
============
* Project name has been changed to "OWASP VBScan"
* Added automatic vBulletin detection
* Added robots.txt analyzer module
* Added vbulletin LICENSE checker module
* Optimized backup finder module
* Optimized exploit check module
* Fixed YUI 2.9.0 XSS false positive
* Vbulletin version checker module bug fixed
* "-h" switch not exist anymore
« Last Edit: April 30, 2016, 04:38:47 AM by r3z4 » Logged
Shazgul
Newbie
*
Posts: 2


View Profile
« Reply #12 on: September 30, 2016, 04:59:41 AM »

Please Backbox Team, add this awesome tool <3
Logged
r3z4
Newbie
*
Posts: 8


View Profile
« Reply #13 on: October 15, 2016, 05:08:20 PM »




OWASP VBScan Version 0.1.7 Released

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

Project Leader : Mohammad Reza Espargham
Github : https://github.com/rezasp/vbscan/
SourceForge : https://sourceforge.net/projects/vbscan/
OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project




What's New in Version 0.1.7
 

OWASP VBScan 0.1.7 [Larry Wall]
============
* Updated exploit database
* Compatible With Windows [Linux,OSX,Windows]
* Added Full Path Disclosure (FPD) module
* Added firewall detect/bypass module
* Optimized version checker module engine [#12 issue]
* Upgrade config finder module
* Random user agent module set as default setting
* Added HTML Report


OWASP VBScan Teaser
https://www.youtube.com/watch?v=NGEtJoGL2yA

OWASP VBScan 0.1.7 introduction
https://www.youtube.com/watch?v=SirozqDYERA
Logged
ostendali
Global Moderator
Sr. Member
*****
Posts: 488


View Profile
« Reply #14 on: October 18, 2016, 12:44:45 PM »

I am glad to inform you that we have this tool added to our to-do list, to be integrated and released with BackBox 5!
Logged
Pages: [1]   Go Up
Print
Jump to: