Identifying and exploiting IBM WebSphere Application Server

IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic. Therefore, it should be interesting to any penetration tester doing enterprise scale work where Websphere might be present. It should be also interesting to anyone who is working on securing enterprise environment since Websphere allows deploying own (malicious or not) code to the server.

I have written NSE scripts to identify IBM Websphere consoles of application servers and to brute force any usernames and passwords. I will also demonstrate basics of WebSphere exploitation.

Read more of this post

Atom package to support Nmap Scripting Engine (NSE) files

Sometimes I use Atom as my secondary editor. I’ve made atom package to support Nmap Scripting Engine (NSE) files. In short, it adds syntax highlighting and snippets to NSE and Lua files in Atom. It is specifically written for writing NSE scripts which are compatible according to Nmap coding style (indentation, soft tabs, etc).

Package is available from the following URL:
https://atom.io/packages/language-nse

Source is available at the following URL:
https://github.com/kost/language-nse

Atom language-nse package

Atom language-nse package

Read more of this post