Tag Archive | "darknet"
w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features: HTTP/HTTPS(SSL) support Banner grabbing User-Agent faking Proxy support (HTTP/S) Reports found and non-existend directories Example output:
Starting w3bfukk0r 0.2
Scanning http://nion.modprobe.de/ with 76 words from words.txt
Found http://nion.modprobe.de/tmp/ (HTTP 200)
Found http://nion.modprobe.de/blog/ (HTTP 200)
Found http://nion.modprobe.de/img/ (HTTP 200)
Found http://nion.modprobe.de/setup/ (HTTP 200)
Found 4 directories.
Server runs: Apache/2.0.54 (Debian GNU/Linux) PHP/5.1.4-0.1~bpo2
Scan finished (5 seconds).
Note: Not all webservers are handling HTTP status codes […]
Now for once, this is a really neat use of technology, someone using their brains and a suitable tech to solve a problem that is very apparent. PERL may be frowned upon by some as being old or outdated, but seriously for parsing data, pattern matching and trawling, it’s still excellent and you can get […]
Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols. Taof aids the researcher during the data retrieval process by providing a transparent proxy functionality that forwards and logs requests from […]
Wyd is a neat tool I found recently for Password Profiling. In current IT security environments, files and services are often password protected. In certain situation it is required to get access to files and/or data even when they are protected and the password is unknown. wyd.pl was born out of those two of situations: […]
BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]
An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files. So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could.. Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of […]
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, […]
New versions of the ultracool tools pwdump (1.4.2) and fgdump (1.3.4) have been released. Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading, since there are numerous performance improvements and full multithreading capabilities in both packages. If you don’t know..what […]
Ah Facebook again, security problems again? Not this time, but privacy fears with the new stalker-esque features for tracking changes to people’s pages. Millions of people have flocked to social networking sites to post information about themselves and share it with friends. Now Facebook, one of the most popular, is facing a user backlash over […]