Archive | Web Hacking


02 November 2011 | 9,147 views

13 Out Of 15 Popular CAPTCHA Schemes Vulnerable To Automated Attacks

This is not a real shock to be if I’m perfectly honestly, I only use reCAPTCHA whenever I need a CAPTCHA implementation for anything. And well even then, it’s not totally safe as apparently you can farm out your CAPTCHA cracking (those the fail the automated attempts) to India for a few dollars. It does [...]

Continue Reading


01 November 2011 | 12,940 views

DirBuster – Brute Force Directories & Files Names

DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]

Continue Reading


27 October 2011 | 11,170 views

Facebook Attachment Uploader Owned By A Space

Oh look – another vulnerability in Facebook! It wasn’t long ago we reported New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking. Well this time the private messaging function has been compromised, you can attach an executable and send it to anyone as long as you put a space after the filename. It’s not [...]

Continue Reading


12 October 2011 | 9,839 views

VeriSign Demands The Power To Take Down Websites/Domains

I was scanning the news today, and nothing much was going on. There were some half-arsed stories about Anonymous and LulzSec – but nothing really worth writing about. And then, and then I spotted this, which quite frankly scares the shit out of me. As much as it may well have a use in law [...]

Continue Reading


11 October 2011 | 9,510 views

File Disclosure Browser – Tool To Explore .DS_Store Files

The File Disclosure Browser takes .DS_Store files found on websites and parses through them to find a list of all potential files in the directory. It can then either just display the URLs for the files or if you give it a proxy it can browse to the files itself. The author wrote it after [...]

Continue Reading


15 September 2011 | 12,309 views

Lilith – Web Application Security Audit Tool

LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html form tags , which often refer to dynamic pages that might be subject to SQL injection or other flaws. It works as an ordinary spider and analyses pages, following hyperlinks, injecting special characters that have a [...]

Continue Reading


14 September 2011 | 9,114 views

WAVSEP – Web Application Vulnerability Scanner Evaluation Project

The author of WAVSEP (Shay Chen) e-mailed quite some time back about this project, but I have to say I honestly didn’t have time to look at it back then. It popped back up on my radar again when it was mentioned by the author of – Arachni v0.3 – his tool did extremely well [...]

Continue Reading


29 August 2011 | 59,972 views

WebSurgery – Web Application Security Testing Suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injection, Cross [...]

Continue Reading


22 August 2011 | 12,595 views

Arachni v0.3 Released – Web Application Security Scanner Framework

It’s been a while since we last mentioned Arachni, it was back in February – Arachni v0.2.2.1 – Web Application Security Scanner Framework. For those who are not aware, Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother [...]

Continue Reading


05 August 2011 | 11,256 views

Websecurify – Integrated Web Security Testing Environment

Websecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration [...]

Continue Reading