Archive | Web Hacking


02 April 2012 | 7,224 views

GooDork – Command Line Google Dorking/Hacking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking. GooDork offers powerful use of Google’s search directives, by [...]

Continue Reading


26 March 2012 | 4,553 views

SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

SSLyze is a Fast and Full-Featured SSL Scanner – it enables Better, faster scanning to analyze the configuration of SSL servers. Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more. Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other [...]

Continue Reading


07 March 2012 | 7,930 views

Goofile v1.5 – Search For A Specific File Type In A Given Domain.

Use this tool to search for a specific file type in a given domain – inspired by TheHarvester. Usage

-d: domain to search -f: filetype (ex. pdf) Written in Python and tested on 2.5 and 2.7. Please submit any bug reports or requests to the author. You can download Goofile v1.5 here: goofilev1.5.zip Or [...]

Continue Reading


21 February 2012 | 10,740 views

UK Facebook Hacker Jailed For 8 Months

It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties. I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most [...]

Continue Reading


07 February 2012 | 9,862 views

At Last – Adobe Launches Sandboxed Flash Player For Firefox

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – – Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – Adobe Promises [...]

Continue Reading


31 January 2012 | 20,238 views

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported [...]

Continue Reading


09 January 2012 | 13,898 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy [...]

Continue Reading


05 January 2012 | 16,814 views

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better [...]

Continue Reading


07 December 2011 | 11,666 views

sslyze – Fast and Full-Featured SSL Configuration Scanner

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention [...]

Continue Reading


29 November 2011 | 10,651 views

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security [...]

Continue Reading