How to bruteforce a login page? – Blazy

What is Blazy? Blazy is a python script to bruteforce login pages. The script takes input from usernames.txt and passwords.txt and try every possible combination to find the correct authentication credentials. It can also check for login bypass via SQL injection and CSRF. Common usernames and passwords can be downladed online. kali linux has a […]

E book web aplication security handbook PDF Khromozome

Web application Hacker’s handbook 2 PDF

DOWNLOAD  Contents Chapter 1 Web Application (In)security Chapter 2 Core Defense Mechanisms Chapter 3 Web Application Technologies Chapter 4 Mapping the Application Chapter 5 Bypassing Client-Side Controls Chapter 6 Attacking Authentication Chapter 7 Attacking Session Management Chapter 8 Attacking Access Controls Chapter 9 Attacking Data Stores Chapter 10 Attacking Back-End Components Chapter 11 Attacking Application […]


CENSYS – Hacker friendly search engine exposing all internet connected devices

When John Matherly released SHODAN, search engine which could collect data on web servers like HTTP port 80, FTP etc. It was considered a success, in the hackers point of view. And now there’s censys. Censys is just like shodan but, more user friendly and works in a better and broader way. Censys is like […]

How to find website admin panel using cpscan

How to find website admin panel using cpscan

Most of the websites have their own custom control panel/admin panel other than the server cpanel. They are simply programmed in php, html and java like languages. These admin panel can control the website completely other than the server settings. Once you have access to this then you can upload new images, edit pages and […]

How_to _clone_a_website-and_browse_offline

How to clone a website and browse offline

This tutorial will give you an idea on website cloning. Cloning a website doesn’t means importing whole server to our system. It only consist of client side scripts like java and html. Server side scripts like PHP cannot be imported (its common sense). The clone looks exactly the same and with the same functionality. Cloning […]


How to hack a database with sql injection – sqlmap

We all know websites need a database to store data. That is called s RDBMS – relational database management system. These databases store data in tables and columns so that it can be accessed easily. Server side languages like PHP can interact with SQL database with proper authentication and has read/write permission. Most of the sensitive information are stored in […]


How to backdoor and deface a web server using weevely

In the web almost 82% of servers are running on PHP. Its a simple open source server side scripting language. A website consist of PHP, HTML, CSS, Javascript mostly. Among these PHP directly interact with the server i.e. logical calculations and stuffs other languages are for user interface. PHP can also contact sql server for […]