Anything related to websites


SpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain names (and when I say domains, I'm referring to the DNS kind, not Windows domains), it will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS to build up information


httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.


The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.


Axman is an active-x fuzzer created by hd moore from the metasploit project. It is used to discover com objects exposed through the internet.

Session Thief

Session Thief is a session hijacking tool.


A Internet Explorer Cookie Forensic Analysis Tool.

Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.

Many computer crime investigations require the reconstruction of a subject's Internet Explorer Cookie files. Since this analysis technique is executed regularly, we researched the structure of the data found in the cookie files. Galleta, the Spanish word meaning "cookie", was developed to examine the contents of the cookie files. The foundation of Galleta's examination methodology will be documented in an upcoming whitepaper. Galleta will parse the information in a Cookie file and output the results in a field delimited manner so that it may be imported into your favorite spreadsheet program. Galleta is built to work on multiple platforms and will execute on Windows (through Cygwin), Mac OS X, Linux, and *BSD platforms.

galleta [options]
-t Field Delimiter (TAB by default)

Example Usage:
[kjones:galleta/galleta_20030410_1/bin] kjones% ./galleta antihackertoolkit.txt > cookies.txt

Open cookies.txt as a TAB delimited file in MS Excel to further sort and filter your results


HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.

WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release.

Passive Recon

Based on Gina Trapani's About This Site Firefox Plugin (https://addons.mozilla.org/en-US/firefox/addon/3673), Passive Recon allows Information Security professionals the ability to perform "packetless" discovery of target resources utilising publicly available information. In addition multiple googlehacks can be performed. Selecting the ShowAll option at the bottom opens each search in a separate tab (Better have broadband, that's a lot of tabs and your browser will get very clouded).

Recommended to be included in FireCat, (available from Security-database.com)

Need to register with Firefox plug-ins site
Download and select install within Firefox

Right click, select passive recon


w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

The project uses a number of disparate plugins to carry out an audit against a target website, the main ones being:

* Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. A classic example of a discovery plugin is a web spider. This plugin takes a URL as input and returns one or more injection points. When a user enables more than one plugin of this type, they work recursively: If plugin A finds a new URL in the first run, the w3af core will send that URL to plugin B. If plugin B then finds a new URL, it will be sent to plugin A. This will go on until all plugins are run and no more knowledge about the application can be found using the enabled discovery plugins.

* Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. A classic example of an audit plugin is one that searches for SQL injection.

* Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote databases in case of SQL injections.

The plugins find the URLs, discover the bugs and exploit them. The complete list of plugins types is:

* audit
* bruteforce
* discovery
* evasion
* exploit
* grep
* mangle
* output


SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.

sqlier [OPTIONS] [url]

-c [host] Clear all exploit information stored for [host].
-o [file] Output cracked passwords to [file].
-s [seconds] Wait [seconds] between page requests.
-u [usernames] Usernames that will be brute forced from the database,
comma separated (Username1,Username2,Username3).
-w [options] Pass [options] to wget.

Passing Field Names:
--table-names [table_names] Comma separated list of table names to guess.
--user-fields [user_fields] Comma separated list of username fields to guess.
--pass-fields [pass_fields] Comma separated list of password fields to guess.

Syndicate content