PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly. In simple terms, that means the authors have created a security scanner and the required architecture that can execute a…

UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes. The tool abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.…

So let’s talk about Web Shells, something many of us are already familiar with, but to level the field – what is a web shell? A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal…

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host. DMitry has a base functionality with the ability to add new functions, the basic functionality of DMitry allows for information to be gathered about a target…

Wfuzz is a Python-based flexible web application password cracker or brute forcer which supports various methods and techniques to expose web application vulnerabilities. This allows you to audit parameters, authentication, forms with brute-forcing GET and POST parameters, discover unlinked resources such as directories/files, headers and so on. A brute force attack is a method to…

There seems to be a trend towards malware on the Android platform that extorts money from the user somehow, either through premium SMS or services – or the latest trojan – which covertly purchases apps from the mobile market. We first wrote about Android Antivirus software from Symantec back in 2010 and it seems like…

It’s been quite a while since we’ve posted any news about Russia, so here’s an article which in some ways is quite scary. The global cybercrime market is being dominated by Russian-speaking nations and their activity doubled in 2011. It’s certainly a disproportionate amount of crime when you look at their population size. Cybercrime is…

Early last year we wrote about China Facing Problems With Android Handsets & Pre-installed Trojans, then later last year there was a possibility Cybercrooks May Be Able To Force Mobile Phones To Send Premium-Rate SMS Messages. The latest news about Android malware is malicious apps that are in the official Google marketplace (called Play) –…

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them. It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better…

There have been a few stories about this in the past, I recall China Facing Problems With Android Handsets & Pre-installed Trojans that were draining people’s batteries and phone credit by sending messages to premium-rate numbers. The latest news is of a more technical nature, but it outlines ways in which cybercrooks may well be…