Archive | Web Hacking




Another Week Another Mass Domain Hijacking

Following shortly after the .io domain cock-up that left thousands vulnerable to domain hijacking, this week more than 750 domains were jacked via registrar Gandi. Seems like some pretty sloppy administration going on, but that’s how business goes sadly security is still a very much reactive trade. People don’t enable strict controls and audit unless […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

dork-cli – Command-line Google Dork Tool

dork-cli is a Python-based command-line Google Dork Tool to perform searches againsts Google’s custom search engine. A command-line option is always good as it allows you to script it in as part of your automated pen-testing suite. It will return a list of all the unique page results it finds, optionally filtered by a set […]

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

snitch – Information Gathering Tool Via Dorks

Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can identify general information, […]

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment

OneLogin Hack – Encrypted Data Compromised

The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service. Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for […]

Tags: , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Sn1per – Penetration Testing Automation Scanner

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info […]

Tags: , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment

Microsoft Azure Web Application Firewall (WAF) Launched

Not too long after Amazon launched their cloud protection WAF the Microsoft Azure Web Application Firewall (WAF) has been made generally available in all public Azure DCs. It’s a good move with the majority of websites and services moving into one of the big 3 cloud providers (AWS, Google or Azure) and the vast majority […]

Tags: , , , , , , , ,

Posted in: Countermeasures, Web Hacking | Add a Comment

Kadimus – LFI Scanner & Exploitation Tool

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

Then you can run the configure file:

Then:

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

LastPass Leaking Passwords Via Chrome Extension

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Password Cracking, Web Hacking | Add a Comment

OWASP VBScan – vBulletin Vulnerability Scanner

OWASP VBScan short for vBulletin Vulnerability Scanner is an open-source project in Perl programming language to detect VBulletin CMS vulnerabilities and analyse them. Features VBScan currently has the following: Compatible with Windows, Linux & OSX Up to date exploit database Full path disclosure Firewall detect & bypass Version check Upgrade config finder Random user agent […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment

DAVScan – WebDAV Security Scanner

DAVScan is a quick and lightweight WebDAV security scanner designed to discover hidden files and folders on DAV enabled web servers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities. The scanner attempts to fingerprint the target server and then spider the server […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment

Popular Tags

computer-security · darknet · Database Hacking · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · pen-testing · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · XSS ·