Archive | 2007


31 December 2007 | 9,815 views

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool and [...]

Continue Reading


28 December 2007 | 4,602 views

Storm Worm Spreading Some Holiday Cheer

Storm is back in the festive season spreading some xmas and new year love. They even have a new year greeting site ready for spreading New Year related Storm Worm variants. Social Engineering again, people are always more susceptible during holidays, I guess they are happy and less paranoid. The Storm Worm gang are spreading [...]

Continue Reading


27 December 2007 | 5,347 views

Whitetrash – Dynamic Web White-listing for Squid

This is a pretty neat tool for those using Squid Cache and looking for a pro-active tool for securing web acccess in their company (or house if you have a devious sibling). The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and [...]

Continue Reading


26 December 2007 | 3,738 views

Trojan Targets Google Text Based Adverts

It looks like the malware guys are indeed getting more tricky, and this time it has an effect on multiple parties. It deprives Google of the impressions from the adverts and potentially can infect surfers with some nasty malware. Again it’s using the hosts file, redirecting Google’s own ads to those from a nefarious source. [...]

Continue Reading


24 December 2007 | 3,143 views

Merry Xmas From Darknet

I’d just like to take this opportunity to wish you all a jolly and safe Christmas, enjoy some time with your families and friends. Relax, have some food, some drinks and some fun. I’d like to thank you all for your continued support, reading, rss subscriptions and especially to those who actively comment. I really [...]

Continue Reading


24 December 2007 | 9,450 views

Nikto 2 Released – Web Server Scanning Tool

Another one that has been a long time coming, but finally here it is! Nikto 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan [...]

Continue Reading


21 December 2007 | 5,406 views

Worm Spreading Fast on Google’s Orkut Social Network

A new worm has hit Google’s Orkut and it seems to be hitting it pretty hard, it’s infected via the scrapbook feature and is adding hundreds of thousands of users, similar to the Myspace worm (Samy) that hit in October 2005. It seems to be fairly unmalicious, more of a ‘look at me – see [...]

Continue Reading


19 December 2007 | 14,221 views

Inguma 0.0.6 Released for Download – Free Pen-testing Framework

Quite a few people seem to be interested in this tool, so here is the latest revision – Inguma 0.0.6. For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, [...]

Continue Reading


18 December 2007 | 19,819 views

Pcapy – Python Interface to LibPcap

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets. Advantages of Pcapy [...]

Continue Reading


17 December 2007 | 11,974 views

DNS Poisoning Getting Serious – Phishing from Open Recursive DNS Servers

A new generation of phishing attacks is being studied jointly by Google and Georgia Institute of Technology, it seems the bad guys are getting some smarter ideas. They are using Open Recursive DNS servers to poison DNS queries and return false information, thus luring consumers to even more realistic phishing domains. Researchers at Google and [...]

Continue Reading