Tag Archives | web privacy

dirs3arch – HTTP File & Directory Brute Forcing Tool

July 9, 2014 | 7,440 views

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:
  -h, --help            show this help message and exit

  Mandatory:
    -u URL, --url=URL   URL target
    -e EXTENSIONS, --extensions=EXTENSIONS
                        Extensions list separated by comma (Example: php, asp)

  Dictionary Settings:
    -w WORDLIST, --wordlist=WORDLIST
    -l, --lowercase

  General Settings:
    -r, --recursive     Bruteforce recursively
    -t THREADSCOUNT, --threads=THREADSCOUNT
                        Number of Threads
    -x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
                        Exclude status code, separated by comma (example: 301,
                        500)
    --cookie=COOKIE, --cookie=COOKIE
    --user-agent=USERAGENT, --user-agent=USERAGENT
    --no-follow-redirects, --no-follow-redirects

  Connection Settings:
    --timeout=TIMEOUT, --timeout=TIMEOUT
                        Connection timeout
    --ip=IP, --ip=IP    Destination IP (instead of resolving domain, use this
                        ip)
    --http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY
                        Http Proxy (example: localhost:8080
    --max-retries=MAXRETRIES, --max-retries=MAXRETRIES

  Reports:
    -o OUTPUTFILE, --output=OUTPUTFILE
    --json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

Usage: dirs3arch.py [-u|--url] target [-e|--extensions] extensions [options]

Options:

-h, --help show this help message and exit

Mandatory:

-u URL, --url=URL URL target

-e EXTENSIONS, --extensions=EXTENSIONS

Extensions list separated by comma (Example: php, asp)

Dictionary Settings:

-w WORDLIST, --wordlist=WORDLIST

-l, --lowercase

General Settings:

-r, --recursive Bruteforce recursively

-t THREADSCOUNT, --threads=THREADSCOUNT

Number of Threads

-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES

Exclude status code, separated by comma (example: 301,

500)

--cookie=COOKIE, --cookie=COOKIE

--user-agent=USERAGENT, --user-agent=USERAGENT

--no-follow-redirects, --no-follow-redirects

Connection Settings:

--timeout=TIMEOUT, --timeout=TIMEOUT

Connection timeout

--ip=IP, --ip=IP Destination IP (instead of resolving domain, use this

ip)

--http-proxy=HTTPPROXY, --http-proxy=HTTPPROXY

Http Proxy (example: localhost:8080

--max-retries=MAXRETRIES, --max-retries=MAXRETRIES

Reports:

-o OUTPUTFILE, --output=OUTPUTFILE

--json-output=JSONOUTPUTFILE, --json-output=JSONOUTPUTFILE

You […]

Shares 81

Tags: dirs3arch, http file brute forcer, information gathering, pen test tool, penetration-testing, Python, Web Hacking, web privacy, web-security

Posted in: Hacking Tools, Privacy, Web Hacking | Add a Comment

Facebook Introduces OTP (One-time Password) Functionality

October 13, 2010 | 9,128 views

Nice to see an innovation on the security front for once rather than endless ‘feature’ updates and announcements of ‘the next big thing’. Facebook has had its fair share of security woes so it’s nice to see they are doing something which I think may be genuinely useful for it’s burgeoning user base. A lot […]

Shares 0

Tags: facebook, facebook one time password, facebook password, facebook phone number, facebook security, facebook temporary password, facebook-privacy, one time password, online privacy, otp, web privacy, web-security

Posted in: Countermeasures, Cryptography, Privacy, Web Hacking | Add a Comment

PayPal Patches Critical Security Vulnerabilities

April 22, 2010 | 15,492 views

PayPal in the news again for a series of fairly high-profile vulnerabilities discovered by the same guy that found the XSS bugs in Google Calendar and Twitter (Nir Goldshlager). I’m glad people are looking at PayPal as I’m sure the volume of monetary transactions that pass through their site on a daily basis is huge. […]

Share1

Shares 1

Tags: avnet, cross site forgery request, cross-site-scripting, csrf, nir goldshlager, paypal csrf, paypal exploit, paypal security, paypal vulnerability, paypal xss, paypay privacy, web privacy, web-application-hacking, web-application-security, web-security, XSS

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Google Buzz Patches XSS Flaw In Mobile Version

February 18, 2010 | 5,525 views

You may or may not have noticed, but I was on hiatus for a few days. As you’re probably aware (and I’m sure many of you celebrate) it was Chinese New Year on February 14th so I was offline for a few days taking a well deserved break. I’d like to wish all of you […]

Shares 0

Tags: buzz, buzz privacy, buzz security, cross-site-scripting, exploit, google, google buzz, google buzz exploit, google buzz privacy, google buzz security, google buzz vulnerability, google-security, trainreq, vulnerability, web privacy, web-security, XSS

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Facebook Bug Leaks Birthday Data

July 17, 2008 | 5,895 views

It’s not a big deal but it does show a problem with the way Facebook deals with data and how much power they have over people’s privacy. A small slip in coding could cause much worse problems that this, plus this could have happened before but no one picked up on it. It takes a […]

Share6

Shares 6

Tags: facebook, facebook breach, facebook leak, facebook security, facebook testing, facebook-privacy, web privacy, web-application-security

Posted in: General Hacking, Privacy | Add a Comment