Archive | Web Hacking


09 January 2012 | 13,882 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy [...]

Continue Reading


05 January 2012 | 16,792 views

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better [...]

Continue Reading


07 December 2011 | 11,655 views

sslyze – Fast and Full-Featured SSL Configuration Scanner

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention [...]

Continue Reading


29 November 2011 | 10,641 views

Twitter Purchases WhisperCore – Full Disk Encryption For Android Phones

This is certainly an interesting acquisition and not one I would have expected, I’m not even exactly sure what Twitter is planning and why they would want a company focused on mobile encryption (and specifically on the Android platform). I can’t see any real corporate use for Twitter, so they won’t be pushing the security [...]

Continue Reading


21 November 2011 | 13,462 views

sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the database(s) structure, inject your own SQL queries (even complex ones), download files from the web server, crawl the website for writable directories, upload and control a backdoor, clone the database(s), and much more…Whenever [...]

Continue Reading


17 November 2011 | 9,420 views

GoLISMERO – Web Application Mapping Tool

GoLISMERO helps you to map a web application, displaying the results in a readable format for security auditors and also prepares the results for integration with other web hacking tools as w3af, wfuzz, netcat, nikto, etc. Features Map a web aplication. Show all links and forms params as confortable format. Save results with some formats: [...]

Continue Reading


14 November 2011 | 9,024 views

w3af v1.1 Released For Download – Web Application Attack & Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross [...]

Continue Reading


02 November 2011 | 9,190 views

13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Continue Reading


01 November 2011 | 13,302 views

DirBuster – Brute Force Directories & Files Names

DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]

Continue Reading


27 October 2011 | 11,182 views

Facebook Attachment Uploader Owned By A Space

Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executable and send it to anyone as long as you put a space after the filename. It’s not [...]

Continue Reading