Archive | Web Hacking


06 December 2012 | 2,269 views

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. [...]

Continue Reading


13 November 2012 | 3,939 views

Hack.me – Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party [...]

Continue Reading


15 October 2012 | 4,840 views

Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool

Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks. There’s a couple of other tools that [...]

Continue Reading


16 July 2012 | 2,535 views

Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext

There’s been a few HUGE cases of large sites being hacked and exposing either plaintext or extremely poorly encrypted passwords, it happened to LinkedIn not that long ago – and the latest case is of Yahoo!. It wasn’t the main site, but with almost half a million username and password combos exposed – it’s a [...]

Continue Reading


17 May 2012 | 1,367 views

Hackers Break Into Bitcoin Exchange Site Bitcoinica

Bitcoin hasn’t been having a great time lately, there have been a few high profile, large dollar amount hacks of Bitcoin Exchange sites (basically the Bitcoin banks). The latest involved $90,000USD and a high likelihood that the user database was compromised too. It seems like Bitcoin, despite all the hype, might die a slow death [...]

Continue Reading


25 April 2012 | 4,353 views

creepy – A Geolocation Information Aggregator AKA OSINT Tool

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to [...]

Continue Reading


23 April 2012 | 868 views

Anonymous Take Down Official F1 Site As Bahrain Protest

It seems like the latest target for Anonymous is the F1 due to the race that took place in Bahrain and the human rights issues in the country. They DDoSed the official F1 site (formula1.com), which was up and down on Saturday and defaced another related site (f1-racers.net) which also contains some details from ticket [...]

Continue Reading


12 April 2012 | 2,699 views

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework. Current Functionality -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language [...]

Continue Reading


02 April 2012 | 6,644 views

GooDork – Command Line Google Dorking/Hacking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking. GooDork offers powerful use of Google’s search directives, by [...]

Continue Reading


26 March 2012 | 4,503 views

SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

SSLyze is a Fast and Full-Featured SSL Scanner – it enables Better, faster scanning to analyze the configuration of SSL servers. Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more. Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other [...]

Continue Reading