Tag Archives | web-server-security




DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool

A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on […]

Topic: Hacking Tools, Web Hacking

Microsoft IIS Semicolon Bug Leaves Servers Vulnerable

The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;). Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version […]

Topic: Exploits/Vulnerabilities, Web Hacking, Windows Hacking

hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests. hostmap helps you using […]

Topic: Hacking Tools, Networking Hacking, Web Hacking

Nikto 2.1.0 Released – Web Server Security Scanning Tool

It’s been almost 2 years since the last update on Nikto, which was version 2. For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on […]

Topic: Hacking Tools, Networking Hacking, Web Hacking

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature […]

Topic: Hacking Tools, Networking Hacking, Web Hacking

WSGW – Web Security Gateway for Secure Apache

The Web Security Gateway is a security-centric distribution of the Apache web server, bundled with additional security modules, and configured as a front-end (reverse) HTTP proxy. The goal is to mirror most of the features of commercial web application “firewalls”, with free and Open-Source software. The Web Security Gateway provides a configurable caching, authentication, input […]

Topic: Countermeasures, Web Hacking

Popular Tags

computer-security · darknet · ddos · dos · exploits · fuzzing · google · hacking-networks · hacking-websites · hacking-windows · hacking tool · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · pen-testing · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · windows · windows-security · Windows Hacking · worms · XSS ·