New version of Wfuzz!

I don’t like automatic tools. Full stop. Well… not full… I like some semi-automatic tools. One of these tools is wfuzz. I love this python script to perform a quick look over all the directories in a website and sometimes to test against some basic authorization bypass fuzzing a numeric parameter. The use of this tool is very easy and I’m not going to explain here, you can read the…

The danger of the default files

(This post was originally posted in my own personal blog) During my current research I have found some default files that some web frameworks includes into their installations that can compromise the security of a website. It also can allow an attacker to determine which framework a web page is using. The first of these files is from the symfony framework. They offer to the developers a useful script called…