WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services.
The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant to [...]
I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a [...]
Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that [...]
httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.
Besides the discussion [...]
This is another selection from the Old Skool Philes, I like these as they tend to generate some good discussion and they are a good introduction to newcomers to hacking on the mindset and workflow of getting access to a box. The exact methods may not work, but we aren’t here to train script kiddies, [...]
Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.
The Exploit-Me series was [...]
This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode - not just what it needs to function - so you can read from anything stored in memory [...]
This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs [...]
It seems like security/pen-testing software can be quite lucrative - especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).
They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have [...]
For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
It’s becoming a mature and useful package! I’m glad to see continued developing and [...]
Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.
Nipper currently supports the following device types:
Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls [...]
cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.
Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.
If one searches the Web, one will find multiple collections of dorks, and also some applications - standalone and Web-based - [...]
This is pretty interesting - US, UK, Canada, Australia and New Zealand are taking part in a fictitious cyberwar as an exercise to prepare and plan for sustained cyber attacks including some of which have actually caused power outages.
I personally think it’s a great idea, I must have missed Cyber Storm I as this is [...]
Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as:
Create a process
Compile a C program
Watch a process
Watch syslog and so on
Fusil uses small “agents” which exchange messages to launch actions. e.g. MangleFile injects errors into [...]
It seems the VX groups are all destined to die out slowly, viruses for fun, learning and definitely not profit are on the way out. Like many other things its become a commercial market.
The top infector this month being Adware for the first time ever, not a virus. 29A is one of the old skool [...]
Ferret works on the concept of “data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).
Examples of data seepage are what happens when you power-on your computer. It will broadcast to the world the list of WiFi access-points [...]
Competition time again!
As you know we started the Darknet Commenter of the Month Competition on June 1st and it ran for the whole of June and July. We have just finished the ninth month of the competition in February and are now in the tenth, starting a few days ago on March 1st - Sponsored [...]
It seems like most countries are getting more serious about the illegal downloading and the protection of intellectual property, after the UK recently proposed disconnecting ‘pirates’ from the Internet - Australia is now considering following suit.
I guess this is just the start, laws will become more heavy handed and draconian as most of it is [...]
One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]
It seems like botnets are getting more sophisticated - we thought the Storm Worm was pretty hot, but some of these new contenders are showing the guys on the dark side has some advanced understanding of technology and the architecture many companies use…this enables them to get deeper inside and remain undetected
Researchers have unearthed two [...]
