Andrew contributes to the information security community through the development of open-source security tools.

Open-Source Security Tools

WhatWeb

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
Continue

URLCrazy

UrlCrazy is for the study of domain name typos and URL hijacking. It generates domain name typo permutations then tests them to learn if they are in use, estimates their popularity and more.
Continue

Username Anarchy

Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.
Continue

bing-ip2hosts

Enumerate hostnames from Bing.com for an IP address.
Bing.com is Microsoft’s search engine which has an IP: search parameter.
Continue

gggooglescan

Enumerate hostnames and URLs from Google.
Features: antibot avoidance, search within a country, custom search appliance
Download gggooglescan-0.1.tar.gz
Latest Version 0.1
License GPLv3
Author Andrew Horton

basedomainname

Extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
Download basedomainname-0.1.tar.gz
Latest Version 0.1
License Copyright
Author Andrew Horton