Research

MorningStar Security actively researches new technologies within the emerging trends of information security. Research is conducted in the areas of vulnerability discovery, systems identification and more.

MorningStar Security regularly publishes vulnerability advisories and and open source security tools for public use.

Vulnerability Advisories

Multiple security issues in Cute News and UTF-8 Cute News
Date: 11th November 2009

Multiple security issues in Open Auto Classifieds
Date: 27th August 2009

Conference Presentations and Slides

Next Generation Web Scanning – New Zealand, a case study

Date December 2009

Includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.


Download Next Generation Web Scanning Conference Presentation.pdf

Free Security Tools

whatweb

Next generation web scanner. Identify what websites are running. As seen at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand.
Homepage /research/whatweb
Latest Version 0.4.4
License GPLv2
Author Andrew Horton

bing-ip2hosts

Bing-IP2hosts – Enumerate hostnames for an IP using bing.com. This is useful during the reconnaissance phase of a penetration test and for website hosting provider research.
Homepage /research/bing-ip2hosts
Latest Version 0.2
License GPLv3
Author Andrew Horton

gggooglescan

Enumerate hostnames and URLs from Google.
Features: antibot avoidance, search within a country, custom search appliance
Download gggooglescan-0.1.tar.gz
Latest Version 0.1
License GPLv3
Author Andrew Horton

basedomainname

Extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
Download basedomainname-0.1.tar.gz
Latest Version 0.1
License Copyright
Author Andrew Horton

GeoIPgen

GeoIPgen – Country-to-IPs generator. Geographic IP generator for IPv4 networks.

Homepage http://www.morningstarsecurity.com/research/geoipgen/
Latest Version 0.3
License New BSD
Author Andrew Horton

urlcrazy

UrlCrazy is for the study of domain name typos and url hijacking. It generates domain name typo permutations then tests them to learn if they are in use, estimates their popularity and more.

Homepage http://code.google.com/p/urlcrazy/
Latest Version 0.2
License GPL
Author Andrew Horton