Website Hacker Hitman – Vulnerability Scanner I made for you all!Offensive Cyber Security

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Security Offensive Cyber Security Website Hacker Hitman – Vulnerability Scanner I made for you all!

This topic contains 4 replies, has 2 voices, and was last updated by  Chin_Diesel 2 years, 8 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #106918



    This software is aimed at systems/web administrators/IT professionals who want to use this tool in order
    to help better secure their site/system(s). The software will scan a website first blueprinting to help identify the server and technologies used on it,then test for potentially revealing and/or exploitable URL’s, checking for potential SQL Injection,information, password files, directories, login pages and much more. It will also do a fast multi-threaded port scan checking for common ports 1-1024 along with a few additional ones to see what services/protocols are running.


    • This topic was modified 2 years, 9 months ago by  . Reason: updating screen / links


    Note this has also just been reviewed, approved and dedicated hosted by softpedia



    Judging from your screenshot, this appears to do roughly the same thing that nmap does. Not going to download it, but do you check for SSL ciphers? Test for the authentication method used? I have a few things I look for when testing websites, and if you are sticking to the first 1024 ports, youre going to be missing out on plenty of other things, in particular SQL databases that could be hosted, especially if an administrator decided to change the default port.



    TLS Ciphers- no, but it does check for SSL validity in certificates.

    Yes it also tests for authentication methods used, (web forms, HTTP Basic auth etc).

    Also, it for checks between 1 – 1024 ports, but then after that it checks for the other ports you mentioned (such as SQL server, remote desktop etc).



    Not trying to nitpick, just offering my honest opinion here. Scanning for only the common/default ports will not help you find services people have hidden, or anyone that does not use the default values. I work in environments where certificates are issued from internal CAs, so your certificate validation may not take that into consideration (don’t know, didnt look at your app). With all the attacks that can be made against weak SSL ciphers, I am far more interested in that, but again, I already have scripts Ive made to run through initial assessments, as well as a couple nmap profiles for quick scans for what Im looking for.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?