Darknet https://www.darknet.org.uk Hacking Tools, Hacker News & Cyber Security Wed, 23 May 2018 01:53:17 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.6 https://www.darknet.org.uk/images/darknet_logo_small.jpghttps://www.darknet.org.uk/images/darknet_logo_small.jpgdf6f0b Acunetix v12 – More Comprehensive More Accurate & 2x Faster https://www.darknet.org.uk/2018/05/acunetix-v12-more-comprehensive-more-accurate-2x-faster/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/acunetix-v12-more-comprehensive-more-accurate-2x-faster/#respond Wed, 23 May 2018 01:52:59 +0000 https://www.darknet.org.uk/?p=5029 Acunetix v12 – More Comprehensive More Accurate & 2x Faster

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites.

With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.

Read the rest of Acunetix v12 – More Comprehensive More Accurate & 2x Faster now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/acunetix-v12-more-comprehensive-more-accurate-2x-faster/feed/ 0
CloudFrunt – Identify Misconfigured CloudFront Domains https://www.darknet.org.uk/2018/05/cloudfrunt-identify-misconfigured-cloudfront-domains/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/cloudfrunt-identify-misconfigured-cloudfront-domains/#respond Fri, 18 May 2018 22:03:31 +0000 https://www.darknet.org.uk/?p=5011 CloudFrunt – Identify Misconfigured CloudFront Domains

CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions. This effectively allows for domain hijacking.

How CloudFrunt Works For Misconfigured CloudFront

CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create “distributions” that serve content from specific sources (an S3 bucket, for example).

Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex.

Read the rest of CloudFrunt – Identify Misconfigured CloudFront Domains now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/cloudfrunt-identify-misconfigured-cloudfront-domains/feed/ 0
Airbash – Fully Automated WPA PSK Handshake Capture Script https://www.darknet.org.uk/2018/05/airbash-fully-automated-wpa-psk-handshake-capture-script/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/airbash-fully-automated-wpa-psk-handshake-capture-script/#respond Thu, 10 May 2018 10:25:56 +0000 https://www.darknet.org.uk/?p=5015 Airbash – Fully Automated WPA PSK Handshake Capture Script

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP).

Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng.

Read the rest of Airbash – Fully Automated WPA PSK Handshake Capture Script now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/airbash-fully-automated-wpa-psk-handshake-capture-script/feed/ 0
XXEinjector – Automatic XXE Injection Tool For Exploitation https://www.darknet.org.uk/2018/05/xxeinjector-automatic-xxe-injection-tool-for-exploitation/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/xxeinjector-automatic-xxe-injection-tool-for-exploitation/#respond Sat, 05 May 2018 09:13:38 +0000 https://www.darknet.org.uk/?p=4863 XXEinjector – Automatic XXE Injection Tool For Exploitation

XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.

Usage of XXEinjector XXE Injection Tool

XXEinjector actually has a LOT of options, so do have a look through to see how you can best leverage this type of attack. Obviously Ruby is a prequisite to run the tool.

Read the rest of XXEinjector – Automatic XXE Injection Tool For Exploitation now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/xxeinjector-automatic-xxe-injection-tool-for-exploitation/feed/ 0
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack https://www.darknet.org.uk/2018/05/yahoo-fined-35-million-usd-for-late-disclosure-of-hack/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/yahoo-fined-35-million-usd-for-late-disclosure-of-hack/#respond Thu, 03 May 2018 16:51:11 +0000 https://www.darknet.org.uk/?p=5017 Yahoo! Fined 35 Million USD For Late Disclosure Of Hack

Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million Accounts Compromised.

Yahoo! has been having a rocky time for quite a few years now and just recently has sold Flickr to SmugMug for an undisclosed amount, I hope that at least helps pay off some of the fine.

Read the rest of Yahoo! Fined 35 Million USD For Late Disclosure Of Hack now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/yahoo-fined-35-million-usd-for-late-disclosure-of-hack/feed/ 0
Drupwn – Drupal Enumeration Tool & Security Scanner https://www.darknet.org.uk/2018/05/drupwn-drupal-enumeration-tool-security-scanner/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/05/drupwn-drupal-enumeration-tool-security-scanner/#respond Tue, 01 May 2018 15:36:52 +0000 https://www.darknet.org.uk/?p=5008 Drupwn – Drupal Enumeration Tool & Security Scanner

Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.

Drupwn Drupal Enumeration Tool Hacking Features

Drupwn can be run, using two separate modes which are enum and exploit. The enum mode allows performing enumerations whereas the exploit mode allows checking and exploiting CVEs.

Enum mode

  • User enumeration
  • Node enumeration
  • Default files enumeration
  • Module enumeration
  • Theme enumeration
  • Cookies support
  • User-Agent support
  • Basic authentication support
  • Request delay
  • Enumeration range
  • Logging

Exploit mode

  • Vulnerability checker
  • CVE exploiter

For scanning Drupal sites there is also:

– Droopescan – Plugin Based CMS Security Scanner

You can download Drupwn here:

drupwn-master.zip

Or read more here.

Read the rest of Drupwn – Drupal Enumeration Tool & Security Scanner now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/05/drupwn-drupal-enumeration-tool-security-scanner/feed/ 0
MyEtherWallet DNS Hack Causes 17 Million USD User Loss https://www.darknet.org.uk/2018/04/myetherwallet-dns-hack-causes-17-million-usd-user-loss/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/04/myetherwallet-dns-hack-causes-17-million-usd-user-loss/#respond Sat, 28 Apr 2018 18:31:03 +0000 https://www.darknet.org.uk/?p=5004 MyEtherWallet DNS Hack Causes 17 Million USD User Loss

Big news in the crypto scene this week was that the MyEtherWallet DNS Hack that occured managed to collect about $17 Million USD worth of Ethereum in just a few hours.

The hack itself could have been MUCH bigger as it actually involved compromising 1300 Amazon AWS Route 53 DNS IP addresses, fortunately though only MEW was targetted resulting in the damage being contained in the cryptosphere (as far as we know anyway).

Read the rest of MyEtherWallet DNS Hack Causes 17 Million USD User Loss now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/04/myetherwallet-dns-hack-causes-17-million-usd-user-loss/feed/ 0
StaCoAn – Mobile App Static Analysis Tool https://www.darknet.org.uk/2018/04/stacoan-mobile-app-static-analysis-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/04/stacoan-mobile-app-static-analysis-tool/#respond Mon, 23 Apr 2018 17:08:42 +0000 https://www.darknet.org.uk/?p=4982 StaCoAn – Mobile App Static Analysis Tool

StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.

This tool will look for interesting lines in the code which can contain:

  • Hardcoded credentials
  • API keys
  • URL’s of API’s
  • Decryption keys
  • Major coding mistakes

This tool was created with a big focus on usability and graphical guidance in the user interface.

Read the rest of StaCoAn – Mobile App Static Analysis Tool now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/04/stacoan-mobile-app-static-analysis-tool/feed/ 0
snallygaster – Scan For Secret Files On HTTP Servers https://www.darknet.org.uk/2018/04/snallygaster-scan-for-secret-files-on-http-servers/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/04/snallygaster-scan-for-secret-files-on-http-servers/#respond Mon, 16 Apr 2018 17:48:40 +0000 https://www.darknet.org.uk/?p=4995 snallygaster – Scan For Secret Files On HTTP Servers

snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn’t be public and can pose a security risk.

Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities.

snallygaster HTTP Secret File Scanner Features

This is an overview of the tests provided by snallygaster.

Read the rest of snallygaster – Scan For Secret Files On HTTP Servers now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/04/snallygaster-scan-for-secret-files-on-http-servers/feed/ 0
Portspoof – Spoof All Ports Open & Emulate Valid Services https://www.darknet.org.uk/2018/04/portspoof-spoof-all-ports-open-emulate-valid-services/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed https://www.darknet.org.uk/2018/04/portspoof-spoof-all-ports-open-emulate-valid-services/#comments Fri, 06 Apr 2018 17:42:27 +0000 https://www.darknet.org.uk/?p=4992 Portspoof – Spoof All Ports Open & Emulate Valid Services

The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port. As a result, any attackers port scan results will become fairly meaningless and will require hours of effort to accurately identify which ports have real services on and which do not.

The tool is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system.

Read the rest of Portspoof – Spoof All Ports Open & Emulate Valid Services now! Only available at Darknet.

]]>
https://www.darknet.org.uk/2018/04/portspoof-spoof-all-ports-open-emulate-valid-services/feed/ 1