July 15th, 2009

Damn Vulnerable Web App – Learn & Practise Web Hacking

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.

Vulnerabilities

SQL Injection
XSS (Cross Site Scripting)
LFI (Local File Inclusion)
RFI (Remote File Inclusion)
Command Execution
Upload Script
Login Brute [...]

May 14th, 2008

browserrecon – Passive Browser Fingerprinting

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted [...]

November 10th, 2007

Skavenger – source code auditing tool!

Skavenger? Yes, because scavenger is already used?!?
What is skavenger? Skavenger is a source code auditing tool, firstly though for php, but also used for any kind of source code file; as long as you know what to look for…
Yes I thought is as a replacement tool for egrep/sed under Windows! because not everybody installs cygwin [...]

October 28th, 2007

Scavenging for project members on Darknet

Wanna work on a web reconnaissance tool?
Want to have your name in readme file?
Got bored and want to help somebody?
Well then darknet readers this is your chance, because I need people to help me on a project I started a while ago called Website Anatomy, to find out what it is about check out the [...]

October 23rd, 2007

CORE GRASP – PHP Web Application Protection Software

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.
As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license.
The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it can be [...]

April 28th, 2007

login (security through obscurity) – weird PHP script

This was the idea with which I have won the regional web apps contest… well actually I did a CMS but the security part of it was the most appreciated. Maybe because it was weird, you’ll see…
Classical Login scripts
What exactly do classical login scripts do… they get the password from the database by querying it [...]

September 25th, 2006

FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability

A useful tool for anyone working with PHP applications.
DESCRIPTION
————
FIS (File Inclusion Scanner) is a vulnerability scanner for PHP applications. Is scans PHP files mapping PHP/HTTP variables and then performs a security audit,in order to find out which of them are exploitable.
USAGE
——
php fis.php [local file] [remote file] [remote FIS ID file]

[local file]
————–
The local copy of the [...]

March 16th, 2006

Who is Haydies? Me my self and quite possibly some one else.

Shaolin introduced him self, and said he had asked every one to do like wise. News to me mate or did that slip my mind? Can’t see how it could but one never knows…
So, any way, who the hell am I? I have known Shaolin for years, he might have some idea how [...]


Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This