lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4b6ee9310811261115v1ef3187egc8744ae5063a8ad7@mail.gmail.com>
Date: Wed, 26 Nov 2008 19:15:13 +0000
From: n3td3v <xploitable@...il.com>
To: "James Matthews" <nytrokiss@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Anehta0.6.0 -- a new XSS Attack Platform!

An attack platform is an attack platform, there is no "take a page out
of hd moore's book" to make it look legal. His way isn't any more
legal than this guys way, thats what you guys seem to be crossing your
wires about.

On Wed, Nov 26, 2008 at 6:15 PM, James Matthews <nytrokiss@...il.com> wrote:
> I applaud the new tool however in reference on to what Mike said take a page
> out of HD Moore's book and make it something to "help" the community.
>
> On Wed, Nov 26, 2008 at 7:47 PM, Mike C <mike.cartall@...il.com> wrote:
>>
>>
>> 2008/11/25 pst axis <axis@...nt0m.org>
>>>
>>>  Anehta is an open source XSS Attack Platform which is maintained by
>>> axis@...nt0m.org
>>>
>>>
>>>
>>> Project Home: http://anehta.googlecode.com
>>>
>>> Demo Video:
>>> http://hi.baidu.com/aullik5/blog/item/cb4cd5899283b093a4c272a9.html
>>>
>>> Online Demo: http://www.secwiki.com/anehta
>>>
>>> Download: http://anehta.googlecode.com/files/anehta-v0.6.0fixed.zip
>>>
>>>
>>>
>>> It contains a javascript framework called anehta.js which is something
>>> like "attackAPI" to help hackers write XSS payloads easier, and more than
>>> that ,there is an administrative panel which implemented by PHP to help
>>> manage the clients.
>>>
>>>
>>>
>>> Many good ideas are included in anehta project, some of the ideas you
>>> might never seen before.
>>>
>>> You can really maximize your profits gained from XSS by lauching anehta.
>>
>> I'm not sure you should word it that way. While full-disclosure is the
>> best way to security utopia, touting a tool for it's malicious use will only
>> serve to provide fodder to those who are opposed to full-disclosure.
>>
>> HD Moore has handled this well with his framework.
>>
>> --
>> MC
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> --
>
> http://www.goldwatches.com/
>
> http://www.jewelerslounge.com/liberty-coin-cufflinks
>
> http://www.astorandblack.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ