what you don't know can hurt you
Showing 1 - 25 of 43 RSS Feed

Files from Andrew Horton

First Active2008-10-01
Last Active2020-10-02
Bing.com Hostname / IP Enumerator 1.0.4
Posted Oct 2, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: This is a minor release with no code changes.
tags | tool, scanner, bash
systems | linux, unix
MD5 | b337bc57bc4bb3aed8d93453ecc18db2
WhatWeb Scanner 0.5.3
Posted Oct 1, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Minor release with miscellaneous changes, seven new plugins, and two plugin updates.
tags | tool, web, scanner, javascript
systems | unix
MD5 | 45ca011cb9018d277ff2efeaa0ddd4f9
WhatWeb Scanner 0.5.2
Posted Jun 10, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor update with bug fixes and one new plugin called PHP-Slim.
tags | tool, web, scanner, javascript
systems | unix
MD5 | 0ab8d88a6702b58812dd5d7e45712338
Bing.com Hostname / IP Enumerator 1.0.3
Posted Jun 8, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed an issue with Bing.
tags | tool, scanner, bash
systems | linux, unix
MD5 | e8d1cc0e2a6dd8929622f15b3aa8fe58
Bing.com Hostname / IP Enumerator 1.0.2
Posted Apr 27, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed a couple of bugs. Added an animated GIF of searching Bing.com to README.
tags | tool, scanner, bash
systems | linux, unix
MD5 | 729407dd3aa962f4430fedcaf5d5dc72
URLCrazy Domain Name Typo Tool 0.7.1
Posted Apr 24, 2020
Authored by Andrew Horton | Site github.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Added --debug to show debugging output for development. No longer requires pry gem unless debugging. Checks for a low ulimit and shows a warning.
tags | tool, web
systems | unix
MD5 | a20c223e81c93371dc4a1c486cbcfdc3
WhatWeb Scanner 0.5.1
Posted Feb 25, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor release with bug fixes, one new plugin, and a couple of plugin updates.
tags | tool, web, scanner, javascript
systems | unix
MD5 | a437d13dbfe9caccc1b4c39a57350c05
Bing.com Hostname / IP Enumerator 1.0
Posted Nov 19, 2019
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: New progress display with more details about the scraping job. New parsing of Bing.com search results. Various updates and fixes.
tags | tool, scanner, bash
systems | linux, unix
MD5 | 38d7944b4cf69b9f39013928ac892a15
WhatWeb Scanner 0.5.0
Posted Oct 5, 2019
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Version 0.5.0 is a major version release form urbanadventurer and bcoles. With the help of the WhatWeb community they have reached over 1800 plugins! Plugin authors should take note that this release is not backwards compatible, and they have made a migration tool to help you update your private or unreleased plugins. New additions include IDN support, 9 unit tests, and various other items. Multiple bug fixes and updates have been added.
tags | tool, web, scanner, javascript
systems | unix
MD5 | 3dc99c5f128d3866273f05cd77548a2f
NetGear DGN2200 N300 CSRF / Disclosure / Command Execution
Posted Feb 13, 2014
Authored by Andrew Horton

NetGear DGN2200 N300 Wireless ADSL2+ Modem Router with firmware version 1.0.0.36-7.0.37 suffers from command injection, cross site request forgery, insecure configuration, cleartext password storage, information disclosure, and other vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
MD5 | dc7d35c6eedc197bbf853f0709f5c4f7
WordPress Stop User Enumeration 1.2.4 Bypass
Posted Feb 3, 2014
Authored by Andrew Horton | Site morningstarsecurity.com

The WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.

tags | exploit, bypass
MD5 | 622fcec0bc866f10c400f9581647461c
Bing.com Hostname / IP Enumerator 0.4
Posted Jan 1, 2014
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: :Updated usage, Fixed tmp file issue where files were not being deleted, Resolves hostnames using nslookup instead of resolveip (Thanks Xavier Mertens).
tags | tool, scanner, bash
systems | linux, unix
MD5 | a05b8543a57ba3170555c6497194114f
Atlassian Confluence 4.3.5 XSS / Clickjacking
Posted Jul 11, 2013
Authored by Andrew Horton, Sow Ching Shiong, Mahendra | Site baesystemsdetica.com.au

Atlassian Confluence versions 4.3.5 and below suffer from cross site scripting, cross site flashing, and insufficient framing protection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1922464b700f5aaa4b707765398932f1
Bing.com Hostname / IP Enumerator 0.3
Posted Dec 29, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed bug where version 0.2 stopped working, now uses bing.com instead of the mobile site, more detailed progress animation.
tags | tool, scanner, bash
systems | linux, unix
MD5 | bbbd9eb78eb78004340938d14ef004e2
Username Anarchy 0.2
Posted Dec 22, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

Username-Anarchy is for generating usernames when penetration testing. It is useful for user enumeration and username/password brute forcing. Features include format-style style username formats, common first and lastnames from countries around the world, the facebook names lists, and substitution of common names when details aren't known, e.g. when you know a user's initial. Common aliases or self chosen usernames scraped from forums, and a name extractor are also included.

tags | tool
systems | unix
MD5 | c41eea4cd1b0d948512f90d61671e89a
URLCrazy Domain Name Typo Tool 0.5
Posted Jul 19, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Now supports Ruby1.9.1, CSV output, homoglyphs, shows the country for IPs.
tags | tool, web
systems | unix
MD5 | bfe2e0c71cc5160530b773f15d242964
WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
MD5 | e2abac98d6f8c708eef84b5e166ca4e1
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
MD5 | 1688b6eaa86b161c91dd0d6b4158f460
Clickjacking For Shells
Posted Sep 21, 2011
Authored by Andrew Horton | Site security-assessment.com

Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.

tags | paper, web, shell
MD5 | 92e4924002079bb3c456c65201f796ab
URLCrazy Domain Name Typo Tool 0.4
Posted Sep 15, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: It now also supports bit flipped domains. Urlcrazy is written in Ruby.
tags | tool, web
systems | unix
MD5 | 3393672839100e9ba0d1c3ee6f039cf0
GGGooglescan 0.4
Posted May 12, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google's search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behavior.

tags | tool, scanner
systems | unix
MD5 | 63316923251b7dbc84d7455f7fdd9515
WhatWeb Scanner 0.4.7
Posted Apr 6, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Performance enhancements and bug fixes.
tags | tool, web, scanner, javascript
systems | unix
MD5 | c1bdbc4a6d757f2aa3172b2c8c8c8be9
WhatWeb Scanner 0.4.6
Posted Mar 26, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Over 900 plugins, performance improvements, new log formats (JSON, MongoDB, MagicTree), custom headers, basic authentication, nmap-style ip ranges, and much more.
tags | tool, web, scanner, javascript
systems | unix
MD5 | 5a8714352496703d61c87da0b2ad24a3
WhatWeb Scanner 0.4.5
Posted Aug 17, 2010
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 300 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.

tags | tool, web, scanner
systems | unix
MD5 | 87c63c591654687a22528083df043d04
WhatWeb Scanner 0.4.4
Posted Jul 3, 2010
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.

tags | tool, web, scanner
systems | unix
MD5 | 416c645fb4fca7f2bcc489f321576dcb
Page 1 of 2
Back12Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close