Subscribe: Darknet - The Darkside
http://feeds.feedburner.com/darknethackers
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
darknet  ddos  memcached ddos  memcached servers  memcached  read rest  read  rest  servers  tool  xss fuzzer  xss  xsstrike   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Darknet - The Darkside

Darknet



Hacking Tools, Hacker News & Cyber Security



Last Build Date: Mon, 23 Apr 2018 17:14:51 +0000

 



StaCoAn – Mobile App Static Analysis Tool

Mon, 23 Apr 2018 17:08:42 +0000

(image)

StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.

This tool will look for interesting lines in the code which can contain:

  • Hardcoded credentials
  • API keys
  • URL’s of API’s
  • Decryption keys
  • Major coding mistakes

This tool was created with a big focus on usability and graphical guidance in the user interface.

Read the rest of StaCoAn – Mobile App Static Analysis Tool now! Only available at Darknet.




snallygaster – Scan For Secret Files On HTTP Servers

Mon, 16 Apr 2018 17:48:40 +0000

(image)

snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn’t be public and can pose a security risk.

Typical examples include publicly accessible git repositories, backup files potentially containing passwords or database dumps. In addition it contains a few checks for other security vulnerabilities.

snallygaster HTTP Secret File Scanner Features

This is an overview of the tests provided by snallygaster.

Read the rest of snallygaster – Scan For Secret Files On HTTP Servers now! Only available at Darknet.




Portspoof – Spoof All Ports Open & Emulate Valid Services

Fri, 06 Apr 2018 17:42:27 +0000

(image)

The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port. As a result, any attackers port scan results will become fairly meaningless and will require hours of effort to accurately identify which ports have real services on and which do not.

The tool is meant to be a lightweight, fast, portable and secure addition to any firewall system or security system.

Read the rest of Portspoof – Spoof All Ports Open & Emulate Valid Services now! Only available at Darknet.




Cambridge Analytica Facebook Data Scandal

Sun, 25 Mar 2018 15:34:29 +0000

(image)

One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.

It’s kicking off in the UK and the US and Mark Zuckerberg has had to come out publically and apologise about the involvement of Facebook.

This goes deep with ties to elections and political activities in Malaysia, Mexico, Brazil, Australia and Kenya.

Read the rest of Cambridge Analytica Facebook Data Scandal now! Only available at Darknet.




GetAltName – Discover Sub-Domains From SSL Certificates

Mon, 19 Mar 2018 08:19:32 +0000

(image)

GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.

It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.

Features of GetAltName to Discover Sub-Domains

  • Strips wildcards and www’s
  • Returns a unique list (no duplicates)
  • Works on verified and self-signed certs
  • Domain matching system
  • Filtering for main domains and TLDs
  • Gets additional sub-domains from crt.sh
  • Outputs to clipboard

GetAltName Subdomain Exctraction Tool Usage

You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.

Read the rest of GetAltName – Discover Sub-Domains From SSL Certificates now! Only available at Darknet.




Memcrashed – Memcached DDoS Exploit Tool

Tue, 13 Mar 2018 14:32:42 +0000

(image)

Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.

This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan.

What is Memcached?

Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering.

Read the rest of Memcrashed – Memcached DDoS Exploit Tool now! Only available at Darknet.




QualysGuard – Vulnerability Management Tool

Sun, 11 Mar 2018 11:31:41 +0000

(image)

QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.

From reviews, it seems like a competent tool with a low rate of false positives that is fairly easy to work with and keep the more ‘dangerous’ parts of vulnerability scanning out of the hands of users, but with the flexibility for expert users to do what they need.

Read the rest of QualysGuard – Vulnerability Management Tool now! Only available at Darknet.




Memcached DDoS Attacks Will Be BIG In 2018

Wed, 07 Mar 2018 18:33:41 +0000

(image)

So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.

Unfortunately, it looks like a problem that won’t easily go away as there are so many publically exposed, poorly configured Memcached servers online (estimated to be over 100,000).

Honestly, Github handled the 1.3Tbps attack like a champ with only 10 minutes downtime although they did deflect it by moving traffic to Akamai.

Read the rest of Memcached DDoS Attacks Will Be BIG In 2018 now! Only available at Darknet.




libsodium – Easy-to-use Software Library For Encryption

Mon, 05 Mar 2018 17:54:43 +0000

(image)

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.

Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly.

Read the rest of libsodium – Easy-to-use Software Library For Encryption now! Only available at Darknet.




XSStrike – Advanced XSS Fuzzer & Exploitation Suite

Sat, 03 Mar 2018 15:49:31 +0000

(image)

XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

It is also built in an intelligent enough manner to detect and break out of various contexts.

Features of XSStrike XSS Fuzzer & Hacking Tool

XSStrike has:

  • Powerful fuzzing engine
  • Context breaking technology
  • Intelligent payload generation
  • GET & POST method support
  • Cookie Support
  • WAF Fingerprinting
  • Handcrafted payloads for filter and WAF evasion
  • Hidden parameter discovery
  • Accurate results via levenshtein distance algorithm

There are various other XSS security related tools you can check out like:

– XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool
– xssless – An Automated XSS Payload Generator Written In Python
– XSSer v1.0 – Cross Site Scripter Framework

You can download XSStrike here:

XSStrike-master.zip

Or read more here.

Read the rest of XSStrike – Advanced XSS Fuzzer & Exploitation Suite now! Only available at Darknet.