Research

MorningStar Security actively researches new technologies within the emerging trends of information security. Research is conducted in the areas of vulnerability discovery, systems identification and more.

MorningStar Security regularly publishes vulnerability advisories and and open source security tools for public use.

Vulnerability Advisories

Multiple security issues in Cute News and UTF-8 Cute News
Date: 11th November 2009

Multiple security issues in Open Auto Classifieds
Date: 27th August 2009

Conference Presentations and Slides

Next Generation Web Scanning – New Zealand, a case study

Date December 2009

Includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.


Download Next Generation Web Scanning Conference Presentation.pdf

Opensource Security Tools

whatweb

Next generation web scanner. Identify what websites are running.
Homepage /research/whatweb
Latest Version 0.4.7
License GPLv2
Author Andrew Horton

bing-ip2hosts

Bing-IP2hosts – Enumerate hostnames for an IP using bing.com. This is useful during the reconnaissance phase of a penetration test and for website hosting provider research.
Homepage /research/bing-ip2hosts
Latest Version 0.2
License GPLv3
Author Andrew Horton

gggooglescan

Google scraper to enumerate hostnames and URLs from Google.
Features: antibot avoidance, search within a country, custom search appliance, and more.
Homepage /research/gggooglescan
Latest Version 0.4
License GPLv3
Author Andrew Horton

basedomainname

Extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
Download basedomainname-0.1.tar.gz
Latest Version 0.1
License Copyright
Author Andrew Horton

GeoIPgen

GeoIPgen – Country-to-IPs generator. Geographic IP generator for IPv4 networks.

Homepage http://www.morningstarsecurity.com/research/geoipgen/
Latest Version 0.4
License New BSD
Author Andrew Horton

urlcrazy

UrlCrazy is for the study of domain name typos and url hijacking. It generates domain name typo permutations then tests them to learn if they are in use, estimates their popularity and more.

Homepage http://www.morningstarsecurity.com/research/urlcrazy/
Latest Version 0.4
License GPLv2
Author Andrew Horton