Tag Archives | web privacy

dirs3arch – HTTP File & Directory Brute Forcing Tool

Last updated: July 10, 2014 | 9,233 views

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help            show this help message and exit

  Mandatory:
    -u URL, --url=URL   URL target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extensions list separated by comma (Example: php, asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase

  General Settings:
    -r, --recursive     Bruteforce recursively
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    --cookie=COOKIE, --cookie=COOKIE
    --user-agent=USERAGENT, --user-agent=USERAGENT
    --no-follow-redirects, --no-follow-redirects

  Connection Settings:
    --timeout=TIMEOUT, --timeout=TIMEOUT
                        Connection timeout
    --ip=IP, --ip=IP    Destination IP (instead of resolving domain, use this
                        ip)
    --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES, --max-retries=MAXRETRIES

  Reports:
    -o OUTPUTFILE, --output=OUTPUTFILE
    --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:

-h, --help show this help message and exit

Mandatory:

-u URL, --url=URL URL target

-e EXTENSIONS, --extensions=EXTENSIONS

Extensions list separated by comma (Example: php, asp)

Dictionary Settings:

-w WORDLIST, --wordlist=WORDLIST

-l, --lowercase

General Settings:

-r, --recursive Bruteforce recursively

-t THREADSCOUNT, --threads=THREADSCOUNT

Number of Threads

-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES

Exclude status code, separated by comma (example: 301,

500)

--cookie=COOKIE, --cookie=COOKIE

--user-agent=USERAGENT, --user-agent=USERAGENT

--no-follow-redirects, --no-follow-redirects

Connection Settings:

--timeout=TIMEOUT, --timeout=TIMEOUT

Connection timeout

--ip=IP, --ip=IP Destination IP (instead of resolving domain, use this

ip)

--http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY

Http Proxy (example: localhost:8080

--max-retries=MAXRETRIES, --max-retries=MAXRETRIES

Reports:

-o OUTPUTFILE, --output=OUTPUTFILE

--json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

You […]

81 Shares

Topic: Hacking Tools, Privacy, Web Hacking

Facebook Introduces OTP (One-time Password) Functionality

Last updated: September 9, 2015 | 9,168 views

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot […]

Share20

20 Shares

Topic: Countermeasures, Cryptography, Privacy, Web Hacking

PayPal Patches Critical Security Vulnerabilities

Last updated: September 9, 2015 | 15,508 views

PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. […]

Share1

1 Shares

Topic: Exploits/Vulnerabilities, Privacy, Web Hacking

Google Buzz Patches XSS Flaw In Mobile Version

Last updated: September 9, 2015 | 5,531 views

You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of you […]

0 Shares

Topic: Exploits/Vulnerabilities, Privacy, Web Hacking

Facebook Bug Leaks Birthday Data

Last updated: September 9, 2015 | 5,908 views

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy. A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a […]

Share6

6 Shares

Topic: Hacking News, Privacy

Popular Tags

· · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·

Navigation

Tag Archives | web privacy

Popular Tags