0x0Lab Blog Just another damn blog

12Dec/11Off

DNS Brute Force

Posted by neuro

This python program, bfdomain.py, was written to identify valid hosts of a domain that deny zone transfers.
Tagged as: Continue reading
2Dec/11Off

dns-brute.nse

Posted by cirrus

I've always wondered why Nmap didn't have a DNS brute-forcing script. Some months ago I decided to have a look at the scripting engine, and make one.

Tagged as: , , Continue reading
19May/11Off

Oracle Auditing Toolkit

Posted by neuro

The Oracle Auditing Toolkit can be used to audit security within Oracle database servers. The toolkit consists of the following tools, written in Python:

  • Sidguesser
  • deforabf
  • orabf
Filed under: Security Continue reading
22Dec/10Off

SSH honeypot

Posted by cirrus

I've been running an SSH honeypot for around a month now.
So let's have a look at the stats.

Filed under: Security Continue reading
27Sep/10Off

HackAri – HackBar for Safari

Posted by cirrus

I've been using the excellent HackBar add-on for Firefox for some time now.

7Sep/10Off

How hard can it be to disclose an XSS

Posted by cirrus

Some time ago, I discovered an XSS in LinkedIn, and thought what the heck, let's report it.
I reported the XSS using the customer service center (couldn't find a security contact anywhere) on 25/Dec/2009.

Filed under: Security Continue reading
8Jun/10Off

Bypassing Safari 5 XSS Auditor

Posted by cirrus

Safari 5 was released today and following IE8's move they decided to implement what they call XSS Auditor.

2Jun/10Off

DirBuster Dictionary Populator

Posted by cirrus

Dirbuster and dirb are in the toolset of all web application security fans. Both tools are excellent (although I prefer dirb due to it being command line and not Java), but their results obviously depends on how good the wordlist you are using is.

26Apr/102

iPhone applications that transmit credentials using “unsafe” protocols

Posted by cirrus

The iPhone SDK allowed for the creation of thousands of applications. However, some of these applications (probably more than I would like to admit), have not been coded with security in mind.

Filed under: Security Continue reading
24Mar/100

Show hidden fields bookmarklet

Posted by cirrus

Just a quick useful bookmarklet, that shows all the hidden fields in a page.
Just bookmark this:
Show hidden

Filed under: Security No Comments