DIRB is a Web Content Scanner AKA a domain brute-forcing tool. It looks for existing (and/or hidden) Web Objects, it works by launching a dictionary based attack against a web server and analysing the responses. What is DIRB? DIRB comes with a set of preconfigured attack word-lists for easy usage but you can use your […]
information gathering tool
RAWR – Rapid Assessment of Web Resources
Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and […]
theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names
theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company on the Internet. […]
DirBuster Download – Brute Force Directories & Files Names
DirBuster download below, this is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and […]
Maltego Download – Data Mining & Information Gathering Tool
Maltego download below, this open source intelligence and forensics application allows for the mining and gathering of information as well as the representation of this information in a meaningful way. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet. It uses the idea […]