Tools
- logo github - ToolsWatch.org – The Hackers Arsenal Tools Portal » WebLorean v.2017 – Time-Travel for Web Admins


Published on February 26th, 2018 |
by MaxiSoler





is a time-travel tool for and IT people. This tool allows pentesters and sysadmins to run an infogather phase against a website’s past hosts, exploting the human weakness of lazyness.


If we go to Netcraft, and check some domain name using their , we MIGHT find the hosting history of a website. Yes, www.example.com used to run on server A, then server B, now server C! And, wow, thats weird, the old servers are still up and running.

So, www.example.com MIGHT still be configured in one of those servers. You know how hosting companies [dont] do their homework sometimes 😉

So, an attacker could fire up a scanner, and by any means available, target www.example.com thru the older IP addresses, and scan our OLD WEBSITE[s], which, of course, we no longer keep updated (maybe not even the server, for that matter…). And you know what outdated usually means: holes. Lots of them.

And holes lead to lots of things: remote code execution, exfiltration, resource control.

Additionally, this could can be used to detect bad implementations of CDNs, and to uncover origin servers behind CDNs.

Usage

cd weblorean
./weblorean.py http://www.example.org

 

More Information: here

Thanks to our friend Arturo ‘Buanzo‘ Busleiman for sharing this tool with us. 😉



Tags: , , ,





About the Author

- b8e04b89c2cefe1a3868f53c275070e0 s 80 d mm r g - ToolsWatch.org – The Hackers Arsenal Tools Portal » WebLorean v.2017 – Time-Travel for Web Admins

www.artssec.com
@maxisoler













Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here