Archive | Web Hacking


25 April 2012 | 4,862 views

creepy – A Geolocation Information Aggregator AKA OSINT Tool

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown accompanied with relevant information (i.e. what was posted from that specific location) to provide context to [...]

Continue Reading


23 April 2012 | 876 views

Anonymous Take Down Official F1 Site As Bahrain Protest

It seems like the latest target for Anonymous is the F1 due to the race that took place in Bahrain and the human rights issues in the country. They DDoSed the official F1 site (formula1.com), which was up and down on Saturday and defaced another related site (f1-racers.net) which also contains some details from ticket [...]

Continue Reading


12 April 2012 | 2,757 views

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework. Current Functionality -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language [...]

Continue Reading


02 April 2012 | 7,399 views

GooDork – Command Line Google Dorking/Hacking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking. GooDork offers powerful use of Google’s search directives, by [...]

Continue Reading


26 March 2012 | 4,571 views

SSLyze v0.4 Released – Scan & Analyze SSL Server Configuration

SSLyze is a Fast and Full-Featured SSL Scanner – it enables Better, faster scanning to analyze the configuration of SSL servers. Supports cipher suites scanning, insecure renegotiation verification, session resumption testing, client certificates, and more. Tested on Python 2.6 & 2.7 with Ubuntu and Windows 7, both 32 and 64 bits. Might work on other [...]

Continue Reading


07 March 2012 | 7,951 views

Goofile v1.5 – Search For A Specific File Type In A Given Domain.

Use this tool to search for a specific file type in a given domain – inspired by TheHarvester. Usage

-d: domain to search -f: filetype (ex. pdf) Written in Python and tested on 2.5 and 2.7. Please submit any bug reports or requests to the author. You can download Goofile v1.5 here: goofilev1.5.zip Or [...]

Continue Reading


21 February 2012 | 10,760 views

UK Facebook Hacker Jailed For 8 Months

It’s a pretty harsh sentence if you ask me, especially since Facebook decided in July 2011 to start paying bug bounties. I have to say though, this guy must be a pretty talented hacker to break into the Facebook servers – they aren’t exactly low hanging fruit. I’d imagine they are some of the most [...]

Continue Reading


07 February 2012 | 9,866 views

At Last – Adobe Launches Sandboxed Flash Player For Firefox

Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – – Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – Adobe Promises [...]

Continue Reading


31 January 2012 | 20,317 views

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported [...]

Continue Reading


09 January 2012 | 13,908 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy [...]

Continue Reading