How does it work?
ScanFactory combines 15 pentest solutions in one cloud platform.
We agree on scope
You provide *.domain.com and IP range. That’s all we need to do the job!
Deep-deep scan goes 24x7
Platform maps attack surface:
- Discovers domains and ports
- Crawls websites and removes duplicate pages
- Finds hidden parameters on forms
- Launches web and infra scanners
Web application testing software. Includes 12 plugins.
#1 infrastructure vulnerability assessment solution.
Discovers subdomains. Includes 6 paid APIs.
WordPress security scanner.
Subdomain permutation generation tool.
Discovers URLs on websites.
Web path scanner.
Discovers hidden http parameters on URLs.
Bruteforces passwords on remote services.
Custom CVE scanner.
Detects technologies used on websites.
Fetches known URLs from Wayback Machine.
BurpSuite Extensions List:
Backslash powered scanner
Error message checks
PHP Object Injection Check
Freddy, Deserialization Bug Finder
Nginx alias traversal (“off-by-slash”)
Java Deserialization Scanner
J2EE Security Scanner
Situation in which an attacker is able to claim a subdomain on behalf of the main and real site. In a nutshell, this type of vulnerability involves a site creating a DNS record for a subdomain, such as Heroku (hosting company), and never claims to be a subdomain of that site.
One of the most affordable ways to hack a website. The essence of such injections is the injection of arbitrary SQL code into data (transmitted via GET, POST requests or Cookie values). If the site is vulnerable and performs such injections, then in fact it is possible to do anything with the database.
Brute force cryptographic attacks are the most versatile, but also the slowest. Used primarily by beginner hackers. Effective for simple encryption algorithms and keys up to 64 bits. For modern keys with a length of 128 bits (sometimes a large number of 200 digits is factored for a key) are ineffective.
Remote command execution
Remote command execution is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.