AttackAPI 0.8 JavaScript Hacking Suite Available

Use Netsparker


AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.

The standalone components of the library can be found at the following locations:

One infrastructure tool is available here:

I would recommend AttackAPI 0.8 to everyone who is interested in high-end hacking not because I wrote it but because it provides a good demonstration of what is possible today. That, I hope will take our awareness even further.

AttackAPI slowly moves to its 1.0 release where I am planning to standardize its core, fix discovered bugs and make it even more cross-platformed. Still, there is a long way to go but I am willing to take my chances. There are plans for 0.9 but I will keep them undisclosed for now.

So what 0.8 has to offer? There are a couple of things that worth attention. I will start in chronological order.

The Client interface can be used to enumerate the current client. It has functionalities to fingerprint the current operating system, installed plugins, the browser in use and the local NATed IP address and hostname. This tool is brilliant for doing the first steps of any targeted attack.

The Server, on the other hand, can be used to fingerprint the current server. It provides information about its domain, IP address, platform, server software and the application architecture. Its purpose is to identify what is currently available. That is important because the Web is very distributed and agile network and controlling dozens of infected clients is a mission on its own.

Full information on AttackAPI is available here:

AttackAPI 0.8

Posted in: Hacking Tools, Web Hacking

, , , , , ,


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


2 Responses to AttackAPI 0.8 JavaScript Hacking Suite Available

  1. Red-Alpha November 22, 2006 at 1:00 am #

    how do u download it or use it?

  2. Darknet November 23, 2006 at 4:05 am #

    Just right click and save as or try out the infrastructure tool shown above as this gives an example of all the scripts implemented using PHP.