what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 48 RSS Feed

Files from Andrew Horton

First Active2008-10-01
Last Active2021-10-04
Bing.com Hostname / IP Enumerator 1.0.5
Posted Oct 4, 2021
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Minor release. Changed User-Agent to wget/1.20. Fixed an error where it finds no results.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 0a198af8d7876d7adb9c0517025bd6443d13399a188615a078cf3e45e120f19e
URLCrazy Domain Name Typo Tool 0.7.3
Posted Apr 14, 2021
Authored by Andrew Horton | Site github.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Minor update with some bug fixes and improvements to the README.md.
tags | tool, web
systems | unix
SHA-256 | b04745000e2c27fd85f7b6af98bdac81b7d1685da87267fc47adea0735a42b95
WhatWeb Scanner 0.5.5
Posted Jan 15, 2021
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: 1 fix, 8 new plugins, and 3 plugin updates.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 96dedb6a377184fb8f5fd3f2a81c26ff8c92c4dc1503ce409793a1e7ab23695d
URLCrazy Domain Name Typo Tool 0.7.2
Posted Jan 5, 2021
Authored by Andrew Horton | Site github.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Fixed a bug where output to a file did not work.
tags | tool, web
systems | unix
SHA-256 | abf6014c2578e1ae5a4c8e69728d1a8219ca02ec17fc8be82f354c8560d0f4a5
WhatWeb Scanner 0.5.4
Posted Dec 14, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Minor release with three new plugins and one plugin update.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 73e1b8592bf5a15f8a66fffe2408732c434b7068f5d3379cc889fad14ea513ee
Bing.com Hostname / IP Enumerator 1.0.4
Posted Oct 2, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: This is a minor release with no code changes.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | f83cb6b91b197a079e3bfbb484b1d652a62b381e1175cf46a6f305177af13bd1
WhatWeb Scanner 0.5.3
Posted Oct 1, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Minor release with miscellaneous changes, seven new plugins, and two plugin updates.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 26464e30171057117f6199bf5dc719167e0e400a747dd50d314e497007919af2
WhatWeb Scanner 0.5.2
Posted Jun 10, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor update with bug fixes and one new plugin called PHP-Slim.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 627e3a9e07f586f13b2e64c027516af00395135b18c0f950dc884b7872f65ccf
Bing.com Hostname / IP Enumerator 1.0.3
Posted Jun 8, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed an issue with Bing.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 7773e8f8531efb3e4dd207571a8dff688359261bbcf9a2beeefaba8acb4c5484
Bing.com Hostname / IP Enumerator 1.0.2
Posted Apr 27, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed a couple of bugs. Added an animated GIF of searching Bing.com to README.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 1edf0c378bb51329cb87cf581499ceb5bf11db8419e73a8fb388b9e4cee169fc
URLCrazy Domain Name Typo Tool 0.7.1
Posted Apr 24, 2020
Authored by Andrew Horton | Site github.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Added --debug to show debugging output for development. No longer requires pry gem unless debugging. Checks for a low ulimit and shows a warning.
tags | tool, web
systems | unix
SHA-256 | 7f0f74c0f7cca19b89445bbdc168cdb6604de03bba13061be360561afade6290
WhatWeb Scanner 0.5.1
Posted Feb 25, 2020
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor release with bug fixes, one new plugin, and a couple of plugin updates.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | 0d95c6a0a11ab19f8683e7f22702b9440ebdcdad3598201a34aeb1a2a2e07a82
Bing.com Hostname / IP Enumerator 1.0
Posted Nov 19, 2019
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: New progress display with more details about the scraping job. New parsing of Bing.com search results. Various updates and fixes.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | f611e29ee74a4a212fca8367be3d4c75c49d90644e66e88ced166d6d554f433b
WhatWeb Scanner 0.5.0
Posted Oct 5, 2019
Authored by Andrew Horton | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: Version 0.5.0 is a major version release form urbanadventurer and bcoles. With the help of the WhatWeb community they have reached over 1800 plugins! Plugin authors should take note that this release is not backwards compatible, and they have made a migration tool to help you update your private or unreleased plugins. New additions include IDN support, 9 unit tests, and various other items. Multiple bug fixes and updates have been added.
tags | tool, web, scanner, javascript
systems | unix
SHA-256 | d9dd541368c4c251ca5af53fba5cc7e2d70b012d7c4d8f1863a7aba23cd5c619
NetGear DGN2200 N300 CSRF / Disclosure / Command Execution
Posted Feb 13, 2014
Authored by Andrew Horton

NetGear DGN2200 N300 Wireless ADSL2+ Modem Router with firmware version 1.0.0.36-7.0.37 suffers from command injection, cross site request forgery, insecure configuration, cleartext password storage, information disclosure, and other vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
SHA-256 | a978aba153192cd7a832bce9b39e16a17481fc2d53a997dd74d8b88cfef63fc9
WordPress Stop User Enumeration 1.2.4 Bypass
Posted Feb 3, 2014
Authored by Andrew Horton | Site morningstarsecurity.com

The WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.

tags | exploit, bypass
SHA-256 | 2dd78ee648a3793edd606581b3bffa990f070dbc5f3063fd92e079140ca7f33a
Bing.com Hostname / IP Enumerator 0.4
Posted Jan 1, 2014
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: :Updated usage, Fixed tmp file issue where files were not being deleted, Resolves hostnames using nslookup instead of resolveip (Thanks Xavier Mertens).
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 9dedb3e6914170fb86b515b8405a38a1577f7119c5265ed94b9d7ac2fb6fc2df
Atlassian Confluence 4.3.5 XSS / Clickjacking
Posted Jul 11, 2013
Authored by Andrew Horton, Sow Ching Shiong, Mahendra | Site baesystemsdetica.com.au

Atlassian Confluence versions 4.3.5 and below suffer from cross site scripting, cross site flashing, and insufficient framing protection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 04b97b6e60bc74d9d3dc996fcb89ad8016e30f85442144fb45955cd70de7cbb7
Bing.com Hostname / IP Enumerator 0.3
Posted Dec 29, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

Changes: Fixed bug where version 0.2 stopped working, now uses bing.com instead of the mobile site, more detailed progress animation.
tags | tool, scanner, bash
systems | linux, unix
SHA-256 | 652f806668e2da16c60d530a21a840a2cbd6cb4da1794bfc93cc12dac7a062fe
Username Anarchy 0.2
Posted Dec 22, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

Username-Anarchy is for generating usernames when penetration testing. It is useful for user enumeration and username/password brute forcing. Features include format-style style username formats, common first and lastnames from countries around the world, the facebook names lists, and substitution of common names when details aren't known, e.g. when you know a user's initial. Common aliases or self chosen usernames scraped from forums, and a name extractor are also included.

tags | tool
systems | unix
SHA-256 | d3773b90f3bc09016ebd87d970b95e0c0a080095720adaed0329a65ded34b7a8
URLCrazy Domain Name Typo Tool 0.5
Posted Jul 19, 2012
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: Now supports Ruby1.9.1, CSV output, homoglyphs, shows the country for IPs.
tags | tool, web
systems | unix
SHA-256 | 744bfee0933dc8f1f2432528d5f7c5ce770416146ddc67b984b5117426e99dcd
WordPress Clickjacking
Posted Sep 23, 2011
Authored by Andrew Horton | Site security-assessment.com

This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.

tags | advisory, web, arbitrary, php
SHA-256 | 6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321
WordPress 3.1.2 Clickjacking
Posted Sep 22, 2011
Authored by Andrew Horton | Site security-assessment.com

WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.

tags | exploit
SHA-256 | d4a46b300c33199d62f520ab8dfe78f8b757bb617b125029fabdb5451143d0d3
Clickjacking For Shells
Posted Sep 21, 2011
Authored by Andrew Horton | Site security-assessment.com

Whitepaper called Clickjacking for Shells. Two years after the world was warned about clickjacking, popular web apps are still vulnerable and no web app exploits have been published. With many security pros considering clickjacking to have mere nuisance value on social networks, the attack is grossly underestimated. In this presentation, the author demonstrates step by step how to identify vulnerable applications, how to write exploits that attack web apps and also how to protect against clickjacking.

tags | paper, web, shell
SHA-256 | b6184ace78ff59c01b98abf9251555c43de66e1e8499ccd4c6717f23c36d980f
URLCrazy Domain Name Typo Tool 0.4
Posted Sep 15, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: It now also supports bit flipped domains. Urlcrazy is written in Ruby.
tags | tool, web
systems | unix
SHA-256 | 1508aab43633f915ded61710cf102778608f8c3ac34461c12982e8e8afa13a57
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close