GreaseMonkey Web Security Toolkit - Revision history

D0ubl3 h3lix: /* Current Scripts */

2008-09-29T15:41:04Z

‎Current Scripts

D0ubl3 h3lix at 15:40, 29 September 2008

2008-09-29T15:40:23Z

D0ubl3 h3lix at 15:38, 29 September 2008

2008-09-29T15:38:22Z

D0ubl3 h3lix: New page: '''Description''' A collection of Greasemonkey scripts written by Aung Khant from http://yehg.net that aim to provide security for you and your site. We love to write Greasemonkey scripts...

2008-09-28T15:49:28Z

New page: '''Description''' A collection of Greasemonkey scripts written by Aung Khant from http://yehg.net that aim to provide security for you and your site. We love to write Greasemonkey scripts...

New page

'''Description'''

A collection of Greasemonkey scripts written by Aung Khant from http://yehg.net that aim to provide security for you and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility. Send suggestions and bugs via our contact form at our home page. Feel free to modify codes to adapt your need.

'''Requirements'''

Gecko Browser Family (Firefox/Flock/..etc)

Greasemoney Addon
http://www.greasespot.net/

'''Current Scripts'''

* phpinfo() Security Checker
Description: Whenver the script detects a phpinfo() page, it fingerprints it for how much secure that phpinfo page. It's a combination of my security thoughts and phpinfosec.com's project. Use it for security and performance issues. Ideal for web masters and web server admins who are a bit confused with phpinfo() page's numberous configuration items.
Date: July 2008

* WebPageFingerPrint (aka. Hacking Script)
Description: Although the initial release v.01 was for fingerprinting web page, this v0.2 version is integrated with JS-file fingerprinting, fuzzing, bruteforcing [version 0.1] WebPageFingerPrinting script without having to view html source. Sometimes, clicking each in WebDeveloper Toolbar is tedious.I'd like to read a summerized view of current web page first. Here this script comes in.
Resource: Be sure to see its movies
Warning: Use it only for lawful purposes as the script has vulnerability scanning which invokes IDS detection.
Date: July, 2008

* Malware Script Detector v2
Description: The version 2 is similar to XSS warning addon. Look for URL string for XSS payloads. Detect and stop XSS attacks from evil bad guys to you in addition to detection of Malicious JavaScript embedded in malicious sites. This script has been tested for false positives thoroughly. False positives may occur at those sites which use crypto strings like order.php?token={a:xC2;id:ac3f52233;[]} and Squirrel mail sites which use URL strings like compose.php?to=John<joh@abc.net>. We can't fix it for the sake of security. If you know this one, you can feel assured this is safe to accept and go on.
Available also: Standlone version for webmasters.
Resource: Introducing MSD
Date: March 2008

* Malware Script Detector v1
Description: Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as obfuscation but I'm sure it protects you from casual attackers.
Date: Feb 2008

'''Download'''

http://yehg.net/lab/#tools.greasemonkey

[[Category:Non-OWASP_Open_Tool]]

@@ Line 33: / Line 33: @@
 Available also: Standlone version for webmasters.
 Resource: [http://yehg.net/lab/pr0js/presentation/IntroducingMSD.pps Introducing MSD]
 Date: March 2008
@@ Line 39: / Line 40: @@
 Description: Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as obfuscation but I'm sure it protects you from casual attackers.
 Date: Feb 2008
 ==Download==

@@ Line 1: / Line 1: @@
-'''Description'''
+==Description==
 A collection of Greasemonkey scripts written by Aung Khant from http://yehg.net that aim to provide security for you and your site. We love to write Greasemonkey scripts than Browser Addons because Greasemonkey is more flexible. Any one can view and edit source codes with ease. They will forever be compatible with any versions of Gecko browsers while most security addons are no longer compatible with new versions unless their authors take pains to modify codes for compatibility. Send suggestions and bugs via our contact form at our home page. Feel free to modify codes to adapt your need.
+==Requirements==
 Gecko Browser Family (Firefox/Flock/..etc)
@@ Line 13: / Line 12: @@
-'''Current Scripts'''
+==Current Scripts==
-* phpinfo() Security Checker
+* '''phpinfo() Security Checker'''
 Description: Whenver the script detects a phpinfo() page, it fingerprints it for how much secure that phpinfo page. It's a combination of my security thoughts and phpinfosec.com's project. Use it for security and performance issues. Ideal for web masters and web server admins who are a bit confused with phpinfo() page's numberous configuration items.
 Date: July 2008
-* WebPageFingerPrint (aka. Hacking Script)
+* '''WebPageFingerPrint (aka. Hacking Script)'''
 Description: Although the initial release v.01 was for fingerprinting web page, this v0.2 version is integrated with JS-file fingerprinting, fuzzing, bruteforcing [version 0.1] WebPageFingerPrinting script without having to view html source. Sometimes, clicking each in WebDeveloper Toolbar is tedious.I'd like to read a summerized view of current web page first. Here this script comes in.
 Resource: Be sure to see its movies
 Warning: Use it only for lawful purposes as the script has vulnerability scanning which invokes IDS detection.
 Date: July, 2008
-* Malware Script Detector v2
+* '''Malware Script Detector v2'''
 Description: The version 2 is similar to XSS warning addon. Look for URL string for XSS payloads. Detect and stop XSS attacks from evil bad guys to you in addition to detection of Malicious JavaScript embedded in malicious sites. This script has been tested for false positives thoroughly. False positives may occur at those sites which use crypto strings like order.php?token={a:xC2;id:ac3f52233;[]} and Squirrel mail sites which use URL strings like compose.php?to=John<joh@abc.net>. We can't fix it for the sake of security. If you know this one, you can feel assured this is safe to accept and go on.
 Available also: Standlone version for webmasters.
@@ Line 35: / Line 36: @@
-* Malware Script Detector v1
+* '''Malware Script Detector v1'''
 Description: Detect & Alert Malicious JavaScript : XSSProxy, XSS-Shell, AttackAPI, Beef. But No guarantee for full prevention of XSS-Injection threats. Many ways to bypass it such as obfuscation but I'm sure it protects you from casual attackers.
 Date: Feb 2008
-'''Download'''
+==Download==
 http://yehg.net/lab/#tools.greasemonkey