We’ve talked a lot about using a password manager to secure, generate and manage your passwords – way back since 2008 when we introduced you to the Password Hasher Firefox Extension. Since then we’ve also mentioned it multiple times in articles where plain text passwords were leaked during hacks, such as the Cupid Media hack […]
Archives for 2014
dirs3arch – HTTP File & Directory Brute Forcing Tool
dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options] Options: -h, --help show this help message and exit Mandatory: -u URL, --url=URL URL target -e EXTENSIONS, --extensions=EXTENSIONS Extensions list separated by comma (Example: php, asp) Dictionary Settings: -w WORDLIST, --wordlist=WORDLIST -l, --lowercase General Settings: -r, --recursive Bruteforce recursively -t THREADSCOUNT, --threads=THREADSCOUNT Number of Threads -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES Exclude status code, separated by comma (example: 301, 500) --cookie=COOKIE, --cookie=COOKIE --user-agent=USERAGENT, --user-agent=USERAGENT --no-follow-redirects, --no-follow-redirects Connection Settings: --timeout=TIMEOUT, --timeout=TIMEOUT Connection timeout --ip=IP, --ip=IP Destination IP (instead of resolving domain, use this ip) --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY Http Proxy (example: localhost:8080 --max-retries=MAXRETRIES, --max-retries=MAXRETRIES Reports: -o OUTPUTFILE, --output=OUTPUTFILE --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE |
You […]
Hacking Your Fridge – Internet of Things Security
So one of the latest fads is IoT or the Internet of things phenomena which has been talked about for a while (especially since the discussion of IPv6 started), IoT is connecting physical items to the Internet and giving them some kind of IP (be in NAT or a proper IPv6 address). This enabled you […]
ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a valid Oracle account on a database and want […]
Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP
So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have […]