Tag Archives | web-server-security




DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool

A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on […]

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

Microsoft IIS Semicolon Bug Leaves Servers Vulnerable

The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;). Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version […]

Tags: , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking, Windows Hacking | Add a Comment

hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests. hostmap helps you using […]

Tags: , , , , , , , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment

Nikto 2.1.0 Released – Web Server Security Scanning Tool

It’s been almost 2 years since the last update on Nikto, which was version 2. For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on […]

Tags: , , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment

WSGW – Web Security Gateway for Secure Apache

The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software. The Web Security Gateway provides a configurable caching, authentication, input […]

Tags: , , , , , , , , , , , ,

Posted in: Countermeasures, Web Hacking | Add a Comment

Webshag v1.00 – Web Server Auditing Tool (Scanner and File Fuzzer)

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

gotroot modsecurity Rules for Apache – Anti-spam and Security

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security. ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web […]

Tags: , , , , , , ,

Posted in: Countermeasures, Security Software, Web Hacking | Add a Comment

Nikto 2 Released – Web Server Scanning Tool

Another one that has been a long time coming, but finally here it is! Nikto 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment

Sandcat by Syhunt – Web Server & Application Vulnerability Scanner

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities. This is a […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

Popular Tags

computer-security · darknet · Database Hacking · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · XSS ·