CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual [...]
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question. [...]
Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies. Key Features JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading [...]
Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. [...]
A while back it was all over the blogs and Twitter that Amazon had somehow demoted Gay and Lesbian themed books to keep them from showing up in searches. There was outrage from all the civil rights folks especially in the LBGT camp (rightfully so if it was true). After that the rumour started the [...]
We’ve written about Twitter quite a few times now, with it’s click-jacking vulnerability, twitter phishing attacks and various other issues. It’s no surprise it’s being targeted though as it’s now the 3rd biggest social network after Facebook and Myspace. Within a relatively short time period it’s overtaken almost everyone else. This weekend it suffered a [...]
In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1. ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications [...]
XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool. The documents, tools and other content on this site assume you have a basic understanding of XSS issues and existing exploitation methods. If you are not famliar with XSS, then I recommend you check out the primer links/docs below to get a better of idea of what [...]
I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform, there also seems to be an auto follow vulnerability that spammers would love. Do you remember Myspace and samy with 900,000 friends? Now we have johng77536 on Twitter! Last week, TechCrunch’s Jason Kincaid wrote [...]
Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]
© Darknet – The Darkside 2000-2012. Don't Learn to HACK - Hack to LEARN.
Posted in: 
Recent Comments