Tag Archive | "hacking-websites"


11 May 2009 | 6,694 views

Durzosploit v0.1 – JavaScript Exploit Generation Framework

Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. [...]

Continue Reading


28 January 2009 | 15,839 views

Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect

I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed). The vendors were not contacted during or after the evaluation. Testing Procedure The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications [...]

Continue Reading


16 January 2009 | 6,747 views

FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to [...]

Continue Reading


27 November 2008 | 5,182 views

FireCAT 1.4 Released – Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment You can find an online map of Firecat v1.4 here. Changes for version 1.4 Information Gathering (Enumeration and Fingerprinting) Passive Recon : PassiveRecon allows Information Security professionals the ability to perform [...]

Continue Reading


12 November 2008 | 16,513 views

Samurai Web Testing Framework – Web Application Security LiveCD

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]

Continue Reading


29 October 2008 | 7,928 views

Google Hacking Back in The News – Google Takes Action

Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers. The Google Hacking Database has been active for years now and there are hundreds [...]

Continue Reading


23 October 2008 | 24,132 views

XSS-Proxy – Cross Site Scripting Attack Tool

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool. The documents, tools and other content on this site assume you have a basic understanding of XSS issues and existing exploitation methods. If you are not famliar with XSS, then I recommend you check out the primer links/docs below to get a better of idea of what [...]

Continue Reading


18 September 2008 | 5,020 views

Web Application Security Statistics for 2008

Purpose The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most [...]

Continue Reading


10 September 2008 | 11,223 views

reDuh – TCP Redirection over HTTP

What Does reDuh Do? reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests. Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially What is it for? a) Bob.Hacker has the ability [...]

Continue Reading


29 July 2008 | 9,316 views

Widespread Flaws in Online Banking Systems

After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites. Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·