Application auditing

June 28, 2013

Small but effective script on Domain Scanning by (Fierce)ha.ckers.org !

Hi Auditors,

After a long break with new people and new terms, Here is my next share on, too small, but effective script known as Domain Scanning.
Yes, Its Fierce Domain Scan !

Well the whole story of the author is written on their website – so, I am directly pasting some command that help web sec auditor to find out many things of target terminal.

  • perl fierce.pl -dns target-domain.com -search string1,string2
  • perl fierce.pl -range 10.10.10.0-255 -dnsserver ns1.example.com
  • perl fierce.pl -dns example.com -wide -file output.txt
  • perl fierce.pl -dns example.com -connect headers.txt -fulloutput -file output.txt
  • perl fierce.pl -dns example.com -wordlist dictionary.txt -file output.txt
  • perl fierce.pl -help

Thanks to RSnake and team for wonderful efforts on such perl scripts.
We can easily understand the script and read the function. fierce script is written in PERL.

Here is the two files of Fierce Domain Scan: fierce.pl  &  hosts.txt

Do you think to describe it ?? Naaa.. Its awesome while working on script !!

Happy Scripting !!

July 14, 2012

Is your browser teaching Ethical Hacking ?

You might be thinking about this topic,  Many of us, use various toolkit for various purpose for (un/) – professional ethical hacking. We used (Man-In-Middle)proxy interceptor, Scanner, Intruder, Decoder, and many more things while performing web auditing.

Very first step of ethical hacking is reconnaissance.  Sometimes we used 3rd party toolkit to do information gathering, absolutely the process of professional security enthusiasm is different, it depends on the perspective of them. No one can judge their professional security method in right and wrong category. This article is waiting to introduce about browser that help tester, developer and security professional etc.

OWASP Mantra Security Framework is the browser that i would like to introduce.

Here is the Source Information of OWASP Mantra Portal 1/2/3 :

OWASP Mantra is such an innovative product, a security framework built on top of a browser. Its cross-platform, portable and can run out of the box. You can take it with you where ever you go in absolutely any rewritable media including memory cards, flash drives and portable hard disks. More over, Mantra can be used for both offensive security and defensive security related tasks which makes it incredible.


Mantra is a free and open source security toolkit with a collection of hacking tools, add-ons and scripts based on Firefox and Chromium. It is intended for web application penetration testers, web application developers, security professionals, etc.

OWASP Mantra is a powerful set of tools to make the attacker’s task easier. The beta version of Mantra Security Toolkit has various tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. The OWASP Mantra Security Toolkit has tools under the following categories. The complete list of tools is available on the official website. (List of Tools)

  • Information gathering
  • Editors
  • Network utilities
  • Miscellaneous
  • Application auditing
  • Proxy

Mantra browser is teaching many times with the help of their Gallery and Hackery collection 🙂

1. Galley – Online Penetration Testing Tools Index

2. Hackery – Open Penetration Testing Bookmarks Collection

Mantra officially integrated with BackTrack 5 Linux in May 2011 and Matriux Krypton

Lets find out with intro video of OWASP Mantra here:

And Many More Videos

Well this article is all about Mantra Browser only. All you have to do just Experience it !!

I hope i introduced this browser very well and it’s really helpful for security professional that is why the topic of article is “Is your Browser Teaching Ethical Hacking ?

Happy Learning and Happy Hacking with Mantra ^_^