Archive | Web Hacking

Advertisements


31 March 2015 | 1,999 views

Pentoo – Gentoo Based Penetration Testing Linux LiveCD

Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches Backported Wifi stack from latest stable kernel release Module loading support ala slax Changes saving on […]

Continue Reading


21 March 2015 | 1,607 views

XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool

We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]

Continue Reading


19 March 2015 | 563 views

Pinterest Bug Bounty Program Starts Paying

There’s been a fair bit of news about bug bounty programs in the past year or so, with Twitter officially starting to pay bug bounties at the end of 2014 and Google recently removing the caps from their program and making Pwnium all year round. The latest news is Pinterest bug bounty program has started […]

Continue Reading


14 March 2015 | 1,636 views

wig – CMS Identification & Information Gathering Tool

wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. It’s strength is CMS identification, it can also attempt to do OS fingerprinting. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score […]

Continue Reading


01 March 2015 | 2,398 views

CMSmap – Content Management System Security Scanner

CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. […]

Continue Reading


10 February 2015 | 1,693 views

Droopescan – Plugin Based CMS Security Scanner

Droopescan is a plugin-based CMS security scanner that that will help you with identifying issues with several CMSs, mainly Drupal & Silverstripe. Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests. Due to this, by default, a large number of requests will be made […]

Continue Reading


05 February 2015 | 1,929 views

Anthem Hacked – US Health Insurance Provider Leaks 70 Million Records

Anthem Hacked! Everyone is screaming, I was like WTF is Anthem? Turns out it’s part of the 2nd largest health insurance provider in the US (Wellpoint) after United Healthcare – so it’s a pretty big deal with an estimated 70 Million people on its books. Of course according to them, “Anthem was the target of […]

Continue Reading


09 December 2014 | 2,184 views

InsomniaShell – ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell. ASP.NET is an open source server-side Web application framework designed for […]

Continue Reading


06 December 2014 | 2,087 views

WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1500 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework […]

Continue Reading


02 December 2014 | 2,340 views

Gruyere – Learn Web Application Exploits & Defenses

This codelab is built around Gruyere – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]

Continue Reading


Advertisements