Help
RSS
API
Feed
Maltego
Contact
Domain > barrage.uhandisihub.com
×
More information on this domain is in
AlienVault OTX
Is this malicious?
Yes
No
DNS Resolutions
Date
IP Address
2025-10-18
104.21.35.116
(
ClassC
)
Port 80
HTTP/1.1 301 Moved PermanentlyDate: Sat, 18 Oct 2025 20:50:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveReport-To: {group:cf-nel,max_age:604800,endpoints:{url:https://a.nel.cloudflare.com/report/v4?sVSzkM7eW%2Fg3sbfKO%2FyzDstNr6hZKU9hCHf8HRNi1OUQC7wLAbPhW7TbdzlDnxrAwngtp4d5KmZqepdGqqTVJoEvONpv1%2FpSLuqZtMdeMDwnk8YVi6A2A}}cf-cache-status: DYNAMICCache-Control: max-age3600Expires: Sat, 18 Oct 2025 21:50:11 GMTLocation: https://barrage.uhandisihub.com/Nel: {report_to:cf-nel,success_fraction:0.0,max_age:604800}Vary: Accept-EncodingServer: cloudflareSet-Cookie: __cf_bmOl6EtADr9Nm_BU7kyaCM6J6yP1WtT0M8sH_OxOs50EI-1760820611-1.0.1.1-5m4FjhHd5_wIoQOIsBzvi3PaGJVPHNzP96tzhMtNydxWsEU0KsUCqfIljUWtKGRTwyEJsd2ZaeScnCAeSO3nLIVb6ef9ogSVFQX682WC6s4; HttpOnly; Path/; Domainuhandisihub.com; ExpiresSat, 18 Oct 2025 21:20:11 GMTCF-RAY: 990ae8162a8c147f-PDX html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>cloudflare/center>/body>/html>
Port 443
HTTP/1.1 200 OKDate: Sat, 18 Oct 2025 20:50:11 GMTContent-Type: text/html; charsetutf-8Transfer-Encoding: chunkedConnection: keep-aliveReport-To: {group:cf-nel,max_age:604800,endpoints:{url:https://a.nel.cloudflare.com/report/v4?se0uapewfdAufo4bBU1LciPGrH6NtLU8ZWJHk2HxZbFw%2BirWeohFYuo%2Forfr4p0S%2B%2FZI%2Fy2CT1cOCRflLUWvyj5kBV8%2BtbgkUgUDW7gfLFkBOxo3SVw%3D%3D}}Server: cloudflareVary: Accept-Encodinglast-modified: Wed, 17 Sep 2025 20:35:31 GMTx-rgw-object-type: Normalx-amz-request-id: tx000000a2b47c3163bd372-0068f316c1-1fad5ee7-syd1aCache-Control: public,max-age10,s-maxage86400Age: 59073x-do-app-origin: 7bc05567-2e6a-4cad-b012-8cffc453c1c4x-do-orig-status: 200cf-cache-status: DYNAMICNel: {report_to:cf-nel,success_fraction:0.0,max_age:604800}Set-Cookie: __cf_bmypgERosskm2.iKTm3k_ha8UIlwR8r8TH6yIET9Of.rM-1760820611-1.0.1.1-I3VMlnehT9yEuWfvMOA14uE8S_RpYRXLffUSnaG9j.AB3D2Rq9v.I.zYtEuWQ_AVs_pALkCYhz8OsGmuihehzEvMPnur7b4OQMdwTjtfpAE; HttpOnly; Secure; Path/; Domainuhandisihub.com; ExpiresSat, 18 Oct 2025 21:20:11 GMTCF-RAY: 990ae8169edaa32d-PDX !DOCTYPE html>html langen>head> meta charsetUTF-8> meta nameviewport contentwidthdevice-width, initial-scale1.0> title>Barrage - Comprehensive Vulnerability Scanner/title> !-- Essential Open Graph Tags for WhatsApp --> meta propertyog:title contentBarrage - Comprehensive Vulnerability Scanner /> meta propertyog:description contentSecurity assessment platform for cybersecurity professionals and software engineers. Combines directory enumeration, SQL injection detection, credential harvesting, XSS scanning, and vulnerability assessment capabilities. /> meta propertyog:url contenthttps://barrage.uhandisihub.com/ /> meta propertyog:type contentwebsite /> meta propertyog:image contenthttps://barrage.uhandisihub.com/logo.png /> meta propertyog:image:alt contentBarrage Directory Enumeration Tool /> !-- Twitter Card Tags (bonus) --> meta nametwitter:card contentsummary_large_image /> meta nametwitter:title contentBarrage - Comprehensive Vulnerability Scanner /> meta nametwitter:description contentSecurity assessment platform for professionals with SQL injection detection, credential harvesting, XSS scanning, and comprehensive vulnerability assessment capabilities. /> meta nametwitter:image contenthttps://barrage.uhandisihub.com/logo.png /> !-- Regular meta description --> meta namedescription contentSecurity assessment platform for cybersecurity professionals and software engineers. Combines directory enumeration, SQL injection detection, credential harvesting, XSS scanning, and vulnerability assessment capabilities.> !-- Existing favicon and other meta tags --> link relicon typeimage/x-icon hreffavicon.ico> link relicon typeimage/png sizes32x32 hreffavicon-32x32.png> link relicon typeimage/png sizes16x16 hreffavicon-16x16.png> link relapple-touch-icon sizes180x180 hrefapple-touch-icon.png> link relstylesheet hrefstyle.css?v6.2> link relpreconnect hrefhttps://fonts.googleapis.com> link relpreconnect hrefhttps://fonts.gstatic.com crossorigin> link hrefhttps://fonts.googleapis.com/css2?familyInter:wght@300;400;500;600;700&displayswap relstylesheet>/head>body> nav classnavbar> div classnav-container> div classnav-logo> img srclogo.png altBarrage Logo classlogo-icon> h2>Barrage/h2> /div> ul classnav-menu> li>a href#features>Features/a>/li> li>a href#showcase>Demo/a>/li> li>a href#installation>Install/a>/li> li>a href#contact>Contact/a>/li> li>a hrefhttps://uhandisihub.com/ target_blank classcompany-link>UhandisiHub/a>/li> /ul> div classhamburger> span classbar>/span> span classbar>/span> span classbar>/span> /div> /div> /nav> section classhero> div classhero-container> div classhero-content> h1>Barrage/h1> p classhero-subtitle>Comprehensive Vulnerability Scanner/p> p classhero-description>Advanced security assessment platform for cybersecurity professionals and software engineers. Features SQL injection detection, credential harvesting, XSS scanning, file inclusion testing, and comprehensive vulnerability assessment. Perfect for penetration testing, security audits, and application security validation./p> div classhero-buttons> a href#installation classbtn btn-primary>Get Started/a> a href#features classbtn btn-secondary>Learn More/a> /div> /div> div classhero-demo> div classterminal> div classterminal-header> div classterminal-buttons> span classbtn-close>/span> span classbtn-minimize>/span> span classbtn-maximize>/span> /div> span classterminal-title>Terminal/span> /div> div classterminal-body> pre>code classdemo-code>/code>/pre> /div> /div> /div> /div> /section> section classlegal-notice> div classcontainer> div classnotice-content> h3>βοΈ Legal Notice/h3> p>strong>For authorized security testing and educational purposes ONLY./strong> This tool must be used with explicit permission on systems you own or have written authorization to test. Unauthorized scanning may violate cybersecurity laws./p> /div> /div> /section> section classwhy-barrage> div classcontainer> h2>Why Cybersecurity & Software Engineers Choose Barrage/h2> div classwhy-grid> div classwhy-card> div classwhy-number>01/div> h3>Multi-Vector Attack Platform/h3> p>Beyond directory enumeration - actively tests for SQL injection, XSS, file inclusion, command injection, and authentication bypasses. One tool, comprehensive coverage./p> /div> div classwhy-card> div classwhy-number>02/div> h3>Advanced Credential Harvesting/h3> p>Automatically fetches and analyzes exposed files like .env, wp-config.php, database.yml. Extracts real credentials, API keys, and connection strings with risk assessment./p> /div> div classwhy-card> div classwhy-number>03/div> h3>Enterprise-Grade Performance/h3> p>Built on Elixir - the same technology powering Discord and WhatsApp. Handle 100,000+ concurrent requests with fault tolerance and 53.5% test coverage./p> /div> div classwhy-card> div classwhy-number>04/div> h3>Intelligent Vulnerability Assessment/h3> p>CVSS scoring, severity classification, detailed remediation guidance, and comprehensive security header analysis. Professional-grade vulnerability intelligence./p> /div> /div> /div> /section> section classflowchart-section> div classcontainer> h2>How Barrage Works/h2> p classsection-subtitle>Advanced multi-stage vulnerability assessment process/p> div classflowchart-container> div classflowchart-step idstep1> div classstep-icon>π―/div> h3>Target Input/h3> p>Enter target URLbr>Validate permissions/p> /div> div classflowchart-arrow idarrow1>β/div> div classflowchart-step idstep2> div classstep-icon>π/div> h3>Technology Detection/h3> p>Fingerprint frameworksbr>Load specialized wordlists/p> /div> div classflowchart-arrow idarrow2>β/div> div classflowchart-step idstep3> div classstep-icon>π/div> h3>Concurrent Scanning/h3> p>Directory enumerationbr>100k+ concurrent requests/p> /div> div classflowchart-arrow idarrow3>β/div> div classflowchart-step idstep4> div classstep-icon>π/div> h3>SQL Injection Testing/h3> p>Union, Boolean, Time-basedbr>Error pattern detection/p> /div> div classflowchart-arrow idarrow4>β/div> div classflowchart-step idstep5> div classstep-icon>π/div> h3>Credential Harvesting/h3> p>Fetch .env, configsbr>Extract real secrets/p> /div> div classflowchart-arrow idarrow5>β/div> div classflowchart-step idstep6> div classstep-icon>π‘οΈ/div> h3>Security Analysis/h3> p>Header validationbr>XSS & CSRF detection/p> /div> div classflowchart-arrow idarrow6>β/div> div classflowchart-step idstep7> div classstep-icon>π/div> h3>Vulnerability Report/h3> p>CVSS scoringbr>Detailed remediation/p> /div> /div> div classflowchart-stats> div classstat-item> span classstat-number>257/span> span classstat-label>SQL Injections Found/span> /div> div classstat-item> span classstat-number>25+/span> span classstat-label>Credential File Types/span> /div> div classstat-item> span classstat-number>9.8/span> span classstat-label>Max CVSS Score/span> /div> /div> /div> /section> section idfeatures classfeatures> div classcontainer> h2>Advanced Security Testing Capabilities/h2> p classsection-subtitle>Complete vulnerability assessment platform with active exploitation testing/p> div classfeatures-grid> div classfeature-card> div classfeature-icon>π/div> h3>SQL Injection Scanner/h3> p>Advanced payload library with time-based, boolean-based, union-based, and error-based injection testing. Supports MySQL, PostgreSQL, Oracle, SQL Server, and SQLite with intelligent error pattern detection./p> /div> div classfeature-card> div classfeature-icon>π/div> h3>Credential Harvesting/h3> p>Fetches and analyzes 25+ credential file types (.env, wp-config.php, database.yml). Extracts real passwords, API keys, AWS credentials, connection strings with automated risk assessment./p> /div> div classfeature-card> div classfeature-icon>π¨/div> h3>XSS & CSRF Detection/h3> p>Comprehensive XSS testing with script tags, event handlers, SVG vectors, and encoded payloads. CSRF vulnerability detection and session security analysis with cookie flag validation./p> /div> div classfeature-card> div classfeature-icon>π/div> h3>File Inclusion Testing/h3> p>Local/Remote file inclusion detection with system file indicators. Path traversal testing, directory listing identification, and backup file exposure analysis with protection status verification./p> /div> div classfeature-card> div classfeature-icon>π‘οΈ/div> h3>Security Header Analysis/h3> p>Missing security headers detection (HSTS, CSP, X-Frame-Options). Version disclosure analysis, debug information exposure, and configuration security assessment with detailed remediation guidance./p> /div> div classfeature-card> div classfeature-icon>π/div> h3>Vulnerability Intelligence/h3> p>CVSS scoring (0.0-10.0), severity classification (Critical/High/Medium/Low), color-coded output with emoji indicators, and comprehensive evidence extraction with professional reporting./p> /div> /div> /div> /section> section idshowcase classshowcase> div classcontainer> h2>See Barrage in Action/h2> p classsection-subtitle>Real-world examples showcasing advanced vulnerability scanning and exploitation testing/p> div classshowcase-grid> div classshowcase-card> h3>π SQL Injection Detection/h3> div classdemo-output> pre>code>π΄ HIGH - SQL injection vulnerability detected (union_based)Type: SQL InjectionURL: http://localhost:8080/webapp/favicon.ico?commenttestMethod: GETCVSS: 8.1/10.0Confidence: highPayload: UNION SELECT schema_name FROM information_schema.schemata--Evidence: <!DOCTYPE html><html langen-GB><head><meta http-equivContent-Type...π΄ HIGH - SQL injection vulnerability detected (union_based)URL: http://localhost:8080/webapp/login.php?idtestPayload: OR 11 union select null, version()--Remediation: Use parameterized queries and input validation/code>/pre> /div> p>Real union-based SQL injection detection with database schema enumeration/p> /div> div classshowcase-card> h3>π‘οΈ Security Analysis Summary/h3> div classdemo-output> pre>code>π΄ SECURITY FINDINGS SUMMARYπ‘ MEDIUM: 1436 findings β’ Debug Information: 710 instance(s) β’ Missing Security Headers: 721 instance(s) β’ Session Security Issues: 4 instance(s) β’ Directory Listing: 1 instance(s)π΅ LOW: 721 findings β’ Version Information Disclosure: 721 instance(s)βΉοΈ INFO: 1 findings β’ Protected Configuration: 1 instance(s)π¨ ACTIVE VULNERABILITY SUMMARYπ΄ Vulnerability Types Found: β’ Session Security Issue: 2 instance(s) β’ Command Injection: 216 instance(s) β’ SQL Injection: 257 instance(s)/code>/pre> /div> p>Comprehensive security findings with detailed vulnerability classification/p> /div> div classshowcase-card> h3>β‘ Performance & Results/h3> div classdemo-output> pre>code>SCAN COMPLETETotal requests: 721Status 200: 6 responsesStatus 301: 4 responsesStatus 302: 3 responsesStatus 403: 1 responsesStatus 404: 707 responsesπ¨ Highest Risk Vulnerabilities: β’ Command Injection (CVSS: 9.8) http://localhost:8080/webapp/Dockerfile?iptest β’ Command Injection (CVSS: 9.8) http://localhost:8080/webapp/Dockerfile?iptest β’ SQL Injection (CVSS: 8.1) http://localhost:8080/webapp/login.php?idtestβοΈ LEGAL DISCLAIMER:Results above are for authorized security testing only./code>/pre> /div> p>High-performance scanning with comprehensive vulnerability reporting and legal compliance/p> /div> /div> /div> /section> section idusage classusage> div classcontainer> h2>Usage Examples/h2> div classusage-examples> div classexample> h3>Full Vulnerability Assessment/h3> div classcode-block> pre>code>./barrage --sql-injection --xss --credentials https://target.local/code>/pre> /div> p>Complete security assessment with SQL injection, XSS, and credential harvesting/p> /div> div classexample> h3>Web Application Security Testing/h3> div classcode-block> pre>code>./barrage --comprehensive -t 30 http://webapp.local/code>/pre> /div> p>Comprehensive scanning for web applications with specialized payloads and wordlists/p> /div> div classexample> h3>Credential File Discovery/h3> div classcode-block> pre>code>./barrage --credentials-only --fetch-content https://target.local/code>/pre> /div> p>Focus on credential file discovery with content extraction and analysis/p> /div> div classexample> h3>High-Performance Security Scan/h3> div classcode-block> pre>code>./barrage --all-vulns -t 50 --timeout 30 https://target.local/code>/pre> /div> p>Maximum concurrency testing all vulnerability types with extended timeouts/p> /div> /div> /div> /section> section idinstallation classinstallation> div classcontainer> h2>Installation/h2> div classinstall-notice> h3>π Quick Start Guide/h3> p>strong>Get scanning in under 5 minutes!/strong> Barrage currently requires Erlang and Elixir - dont worry, its easier than it sounds. Standalone binaries coming soon for all platforms!/p> /div> div classinstall-methods> div classinstall-card> h3>Step 1: Install Erlang & Elixir/h3> div classcode-block> pre>code># Ubuntu/Debiansudo apt updatesudo apt install erlang elixir# macOS (using Homebrew)brew install elixir# Windows (using Chocolatey)choco install elixir# Or download from: https://elixir-lang.org/install.html/code>/pre> /div> p>Elixir installation automatically includes Erlang/OTP/p> /div> div classinstall-card> h3>Step 2A: Download Binary (Recommended)/h3> div classcode-block> pre>code># Download the binarywget https://github.com/gurupetach/barrage/releases/\download/v0.1.0/barrage# OR use curlcurl -L -o barrage https://github.com/gurupetach/barrage/\releases/download/v0.1.0/barrage# Make executable and runchmod +x barrage./barrage https://target.local/code>/pre> /div> p>Quick install - just download and run (requires Elixir on system)/p> /div> div classinstall-card> h3>Step 2B: Build from Source/h3> div classcode-block> pre>code># Clone the repositorygit clone https://github.com/gurupetach/barrage.gitcd barrage/barrage# Install dependencies and buildmix deps.getmix escript.build# Run barrage./barrage https://target.local/code>/pre> /div> p>Build from source - full control over the installation/p> /div> /div> div classsystem-requirements> h3>System Requirements/h3> ul> li>strong>Erlang/OTP 24+/strong> (required)/li> li>strong>Elixir 1.12+/strong> (required)/li> li>Linux, macOS, or Windows/li> li>Git for cloning the repository/li> /ul> /div> div classcoming-soon> h3>π Coming Soon/h3> p>Standalone executables for Windows, Linux, and macOS that require no runtime dependencies. Just download and run - no Elixir installation needed!/p> /div> /div> /section> section classperformance> div classcontainer> h2>Built for Scale & Reliability/h2> p classsection-subtitle>Enterprise-grade performance with comprehensive testing coverage/p> div classperf-stats> div classstat> h3>100k+/h3> p>Concurrent Requests/p> /div> div classstat> h3>25+/h3> p>Credential File Types/p> /div> div classstat> h3>100+/h3> p>SQL Injection Payloads/p> /div> div classstat> h3>9 Types/h3> p>Vulnerability Classes/p> /div> /div> div classtech-highlights> h3>Powered by Battle-Tested Technology/h3> div classtech-grid> div classtech-item> h4>Elixir/OTP/h4> p>Same tech stack as Discord, Pinterest, and WhatsApp/p> /div> div classtech-item> h4>Actor Model/h4> p>Isolated processes with automatic supervision and recovery/p> /div> div classtech-item> h4>Fault Tolerance/h4> p>Individual request failures dont crash the entire scan/p> /div> div classtech-item> h4>Hot Code Swapping/h4> p>Update scanning logic without stopping the process/p> /div> /div> /div> /div> /section> section idcontact classcontact> div classcontainer> h2>Built by Security Experts, For Security & Development Teams/h2> div classcontact-content> p>Barrage is crafted by strong>Peter Achieng/strong> and the team at strong>UhandisiHub/strong> - a cybersecurity company building next-generation security tools for cybersecurity professionals, software engineers, and development teams working on application security./p> div classcompany-highlights> div classhighlight-item> h4>π― Mission-Driven/h4> p>Building tools that security professionals and developers actually want to use/p> /div> div classhighlight-item> h4>π¬ Research-Backed/h4> p>Every feature is informed by real-world security testing and development experience/p> /div> div classhighlight-item> h4>π Innovation-First/h4> p>Leveraging cutting-edge technology to solve age-old security challenges/p> /div> /div> div classcontact-links> a hrefhttps://uhandisihub.com/ target_blank relnoopener classcontact-link primary> π Explore UhandisiHub /a> a hrefhttps://github.com/gurupetach/barrage/tree/main/barrage target_blank relnoopener classcontact-link> π View Source Code /a> /div> div classcompany-info> h3>UhandisiHub - Cybersecurity Innovation/h3> p>From advanced penetration testing tools to comprehensive security research, were building the infrastructure that powers tomorrows cybersecurity landscape. Join us in shaping the future of security testing./p> /div> /div> /div> /section> footer classfooter> div classcontainer> div classfooter-content> div classfooter-section> h4>Barrage/h4> p>Comprehensive security assessment platform for cybersecurity professionals and software engineers/p> /div> div classfooter-section> h4>Legal/h4> p>For authorized testing only. Users are responsible for compliance with all applicable laws./p> /div> div classfooter-section> h4>Company/h4> p>a hrefhttps://uhandisihub.com/ target_blank relnoopener>UhandisiHub/a>/p> p>Cybersecurity Solutions/p> /div> /div> div classfooter-bottom> p>© 2025 UhandisiHub. All rights reserved./p> /div> /div> /footer> script srcscript.js?v6.2>/script>/body>/html>
View on OTX
|
View on ThreatMiner
Please enable JavaScript to view the
comments powered by Disqus.
Data with thanks to
AlienVault OTX
,
VirusTotal
,
Malwr
and
others
. [
Sitemap
]