• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

CMS Explorer

When it comes to security vulnerability assessments against content management systems, it becomes necessary to discover which plugins are being used within the system. For the most popular open source systems (wordpress, drupal, joomla) there are literally thousands of plugins available and many have lets admit it not the best record when it comes to […]
Read More

New Web Application Security Tool from Google. Skipfish.

Having done some initial testing this new tool is powerful and comprehensive. It blends a number of other tool features into a neat little package. I did some testing on my local LAN and the web server was getting pounded with thousands of requests per second. Your access and error.log is really going to fill […]
Read More

Sqlmap 0.8 Released and Rolled out to HackerTarget.com servers

After discovering the new release of the excellent SQL Injection tool sqlmap I have done some testing and rolled it out to the HackerTarget.com scanning servers. If you are not familiar with the power of sqlmap head over to the sourceforge site for demo videos and some top notch documentation. Our scanning tools are configured […]
Read More

Web Scanner Comparison

An interesting report has been released that takes a sample of web application security testing applications and puts them up against each other. The most notably thing is how much the results vary, and how many vulnerabilities most scanners miss. Clearly using more than one scanner is necessary to be able to compare the results, […]
Read More

Nikto 2.1.0 released and rolled out

The latest version of Nikto has been rolled out to our web scanning servers. Enjoy the web scanning from the leading open source web scanning tool. Head over to Cirt.net for full details.
Read More

Samurai, BackTrack and Kali – LiveCD’s for Pentesting

Linux has brought a wonderful concept to the world of computers and that is easy to use live cd's that allow you to boot up a fully operational operating system that does not require installation to the hard drive. Ubuntu, SuSe, Mandriva and Fedora all have boot-able Live CD options that allow you to test […]
Read More

Nmap Cheat Sheet

Nmap Target Selection Scan a single IP nmap 192.168.1.1 Scan a host nmap www.testhostname.com Scan a range of IPs nmap 192.168.1.1-20 Scan a subnet nmap 192.168.1.0/24 Scan targets from a text file nmap -iL list-of-ips.txt These are all default scans, which will scan 1000 TCP ports. Host discovery will take place. Nmap Port Selection Scan […]
Read More

Maltego – Open Source Intelligence Gathering

A powerful new tool is about to go into a new release. Maltego makes the collection of open source intelligence about a target organisation a simple matter. DNS queries, document collection, email addresses, whois, search engine interrogation and a wide range of other collection methods allows a Penetration Tester or vulnerability assessment to quickly gather […]
Read More

DirBuster – Brute force a web server for interesting things

You would be surprised at what people leave unprotected on a web server. DirBuster is a java application that will brute force web directories and filenames on a web server / virtual host. This can often reveal unprotected web applications, scripts, old configuration files and many other interesting things that should not be available to […]
Read More

rkhunter – add another layer to your security

Rkhunter is an easy to use tool that keeps an eye on your systems files for rootkits and a few other oddities that may indicate an attacker has taken over your system. It can be also used if your system has been hacked and you wish to inspect the damage - keep in mind that […]
Read More