HackDig : Dig high-quality web security articles for hacker

HookME – API Based TCP Proxy Including SSL

HookME is a an API based TCP Proxy software designed for intercepting communications by hooking the desired process and hooking the API calls for sending and receiving network data (even SSL clear data). HookME provides a nice graphic user interface allowing you to change the packet content in real time, dropping or forwarding the packet.It also has a Python
Publish At:2015-10-02 19:05 | Read:2931 | Comments:0 | Tags:Hacking Tools Network Hacking api based tcp proxy hookme net

Weevely 3 – Weaponized PHP Web Shell

Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments.The low footprint agent and over 30 modules shape an extensible framework to administrate,
Publish At:2015-09-18 18:40 | Read:3747 | Comments:0 | Tags:Hacking Tools Web Hacking command line web shell extensible

Gcat – Python Backdoor Using Gmail For Command & Control

Gcat is a stealthy Python backdoor that uses Gmail as a command and control server. It’s fairly basic right now, but it’s an interesting proof of concept and if the community got behind it and contributed some new features it could be a pretty powerful piece of kit.Feature wise it doesn’t have that much, you can’t upload files yet, bu
Publish At:2015-09-12 04:15 | Read:3630 | Comments:0 | Tags:Hacking Tools Programming backdoor command and control gcat

Money may grow on trees

By Fernando ArnaboldiSometimes when buying something that costs $0.99 USD (99cents) or $1.01 USD (one dollar and one cent), you may pay an even dollar. Eitheryou or the cashier may not care about the remaining penny, and so one of youtakes a small loss or profit.Rounding at the cash register is a common practice, just asit is in programming languages when d
Publish At:2015-08-25 18:25 | Read:3871 | Comments:0 | Tags:bugs fernando arnaboldi hacking java javascript numbers prob

Passgen – Random Character Generator For WPA/WPA2 Key Cracking

Passgen is an simple Python alternative for the random character generator Crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output as opposed to generating a list like so (aaaaaaaa, aaaaaaab, aaaaaac, etc).Example usage with aircrack-ng: python passgen.py -l | sudo aircrack-ng --bssid 00:11:22:33:44:55 -w- WiFi.cap1python passgen.py -
Publish At:2015-07-10 16:35 | Read:2613 | Comments:0 | Tags:Hacking Tools Password Cracking crunch key cracking key gene

Just-Metadata – Gathers & Analyse IP Address Metadata

Just-Metadata is a tool that can be used to gather IP address metadata passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has “gather” modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-M
Publish At:2015-06-14 05:55 | Read:4424 | Comments:0 | Tags:Countermeasures Network Hacking Security Software analyse at

Plecost – WordPress Fingerprinting Tool

Plecost is a WordPress fingerprinting tool, it can search and retrieve information about the plug-in versions installed in a WordPress installation. It can be used to analyse a single URL or perform an analysis based on the results indexed by Google.Additionally it also displays the CVE code associated with each plug-in vulnerability, if any exist.The other
Publish At:2015-06-09 23:26 | Read:4852 | Comments:0 | Tags:Hacking Tools Web Hacking hack-wordpress identify wordpress

Deobfuscating Malicious VBA Macro with a Few Lines of Python

Just a quick post about a problem that security analysts are facing daily… For a while, malicious Office documents are delivered with OLE objects containing VBA macros. Bad guys are always using obfuscation techniques to make the analysis more difficult and (try to) bypass basic filters. This makes the analysis not impossible but boring and time consum
Publish At:2015-06-09 21:00 | Read:2703 | Comments:0 | Tags:Malware Security Macro Python VBA

Python difflib SequenceMatcher quick_ratio performance contribution

Hi everyone Once in a while I’m trying to contribute something non-security related to an Open Source project. At the moment I’m teaching Python courses and found some of my old scripts that are pretty useful. I’m trying to contribute a performance optimized difflib.SequenceMatcher.quick_ratio to CPython. It’s not decided yet if it
Publish At:2015-06-09 16:20 | Read:2733 | Comments:0 | Tags:Coding difflib optimisation performance python quick_ratio S

EvilAP Defender – Detect Evil Twin Attacks

EvilAP_Defender is an application that helps wireless network administrators to discover and prevent Evil Access Points (AP) from attacking wireless users. The application can be run in regular intervals to protect your wireless network and detect Evil Twin attacks.By configuring the tool you can get notifications sent to your email whenever an evil access p
Publish At:2015-04-18 19:50 | Read:3750 | Comments:0 | Tags:Countermeasures Wireless Hacking aircrack detect malicious a

Commix – Command Injection Attack Tool

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.By using this command injection attack tool, it is very easy to find and exploi
Publish At:2015-04-04 02:10 | Read:3495 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking command injection attac

WordPress and the GHOST Vulnerability

On Jan. 27, Qualys released a security advisory for what it termed the “GHOST” vulnerability. This was a few hours after the vulnerability was mistakenly leaked by a public relations agency on a French mailing list, possibly forcing the company’s hand to release the advisory before it had planned to. The vulnerability is a buffer overflow v
Publish At:2015-03-06 16:20 | Read:2693 | Comments:0 | Tags:Application Security Software & App Vulnerabilities Cyberatt

Look How Easy TAXII Is

Tripwire has been getting more involved in connecting its products to threat intelligence services lately.I described the reasons why we care about threat intelligence, particularly STIX and TAXII, in my article last month: Why We Should Care About STIX & TAXII. My colleagues also talked in more specifics about some of the partners Tripwire is working wi
Publish At:2015-03-04 15:40 | Read:2280 | Comments:0 | Tags:Cyber Security Featured Articles python Soltra STIX TAXII th

CMSmap – Content Management System Security Scanner

CMSmap is a Python open source Content Management System security scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. This is as opposed t
Publish At:2015-03-01 02:25 | Read:2986 | Comments:0 | Tags:Hacking Tools Web Hacking cmsmap drupal drupal security drup

pwntools – CTF Framework & Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.Command-line frontends for some of the functionality are available:asm/disasm: Small wrapper for various assemblers.constgrep: Tool for finding constants defined in he
Publish At:2015-01-13 10:20 | Read:6318 | Comments:0 | Tags:Exploits/Vulnerabilities ctf ctf framework exploit dev explo

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud