Opensource Security Tools

  • WhatWeb
    WhatWeb identifies websites. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
  • Bing-ip2hosts
    Bing-IP2hosts – Enumerate hostnames for an IP using bing.com. This is useful during the reconnaissance phase of a penetration test and for website hosting provider research.
  • gggooglescan
    Google scraper to enumerate hostnames and URLs from Google.
    Features: antibot avoidance, search within a country, custom search appliance, and more.
  • GeoIPgen
    GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database.
  • URLcrazy
    URLCrazy enables the study of domainname typos, domain doppelgangers and URL hijacking. URLCrazy is a domainname typo generator.
  • Username Anarchy
    Username Anarchy is for generating usernames for username enumeration and password bruteforce guessing. Usernames are half the password brute force problem.

Vulnerability Advisories

Advisories page

  • Advisory Multiple security issues in Cute News and UTF-8 Cute News (11th November, 2009)
  • Advisory Multiple security issues in Open Auto Classifieds (2009)

Presentations

Presentations page

  • Abode Vulnerabilities & Decrypting the Cloud
  • Clickjacking for Shells
  • How Does Your Gut Stack Up?
  • Next Generation Web Scanning – New Zealand