The Dutch HackInfo

Information about Hacking, Security & Tweaking


1 1 1 1 1 1 1 1 1 1 Rating 3.00 (4 Votes)

Blogs worth it

McGrew Security
Blog -
Jeremiah Grossman
Security and Networking
Digital Soapbox
tssci security
Blog - Gotham Digital Science
Reiners’ Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
Reusable Security
SpiderLabs Anterior
Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
Home Of PaulDotCom Security Podcast
Attack Vector
Alpha One Labs
Nullthreat Security
Archangel Amael's BT Tutorials
memset's blog
Security Ninja
Security and risk
GRM n00bs
PenTestIT — Your source for Information Security Related information!
Your source for Information Security related information!


Kali Forums
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override


(IN)SECURE Magazine


The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
YouTube - ChRiStIaAn008's Channel
YouTube - HackingCons's Channel




Enterprise Open Source Intelligence Gathering – Part 1 Social Networks
Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata
Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies —
Tactical Information Gathering
document_metadata_the_silent_killer__32974 (application/pdf Object)
footprinting - passive information gathering before a pentest

People and Orginizational - People Search - Business Directory
Business Network - Social Network for Business Professionals
Pipl - People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search - Social Mention
EntityCube | No. 1 free people search - Find anyone on the web - search, find and discover interesting people on twitter
TweepSearch :: Twitter Profile and Bio Search - Company Salaries and Reviews
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PicFog - Quick Image Search
Twapper Keeper - "We save tweets" - Archive Tweets
White Pages | Email Lookup | People Find Tools at The Ultimates


Netcraft Uptime Survey
SHODAN - Computer Search Engine
Domain Tools: Whois Lookup and Domain Suggestions
Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger
WHOIS and Reverse IP Service
SSL Labs - Projects / Public SSL Server Database - SSL Server Test
MyIPNeighbors Reverse IP Lookup
Google Hacking Database, GHDB, Google Dorks
Domain - reports and all about ips, networks and dns
net toolkit::index

Exploits and Advisories

Cheat Sheets and Syntax

Big Port DB | Cirt
Cheat Sheet : All Cheat Sheets in one page
Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets
Information about developments at the Monastery

Agile Hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
Command Line Kung Fu
Simple yet effective: Directory Bruteforcing
The Grammar of WMIC
Windows Command-Line Kung Fu with WMIC
Windows CMD Commands
running a command on every mac
Syn: Command-Line Ninjitsu
WMIC, the other OTHER white meat.
Hacking Without Tools: Windows - RST
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
[PenTester Scripting]

OS & Scripts

IPv4 subnetting reference - Wikipedia, the free encyclopedia
All the Best Linux Cheat Sheets
SHELLdorado - Shell Tips & Tricks (Beginner)
Linux Survival :: Where learning Linux is easy
BashPitfalls - Greg's Wiki
Rubular: a Ruby regular expression editor and tester
Useful commands for Windows administrators
All the Best Linux Cheat Sheets
Rubular: a Ruby regular expression editor


netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Netcat cheat sheet



ISO's / VMs

Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
:: moth - Bonsai Information Security ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
LAMPSecurity LiveCD
Virtual Hacking Lab
Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
Damn Vulnerable Web App - DVWA
The ButterFly - Security Project

Vulnerable Software

Old Version Downloads -
Web Application exploits, php exploits, asp exploits
wavsep - Web Application Vulnerability Scanner Evaluation Project
OWASP SiteGenerator - OWASP
Hacme Books | McAfee Free Tools
Hacme Casino v1.0 | McAfee Free Tools
Hacme Shipping | McAfee Free Tools
Hacme Travel | McAfee Free Tools

Test Sites

Test Site
CrackMeBank Investments
acublog news
acuforum forums
Home of Acunetix Art
Altoro Mutual

Exploitation Intro

Reverse Engineering & Malware

Passwords and Hashes

Password Exploitation Class
Default Passwords Database
Sinbad Security Blog: MS SQL Server Password Recovery
Foofus Networking Services - Medusa::SMBNT
LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff
MD5 Crackers | Password Recovery | Wordlist Downloads
Password Storage Locations For Popular Windows Applications
Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator
Requested MD5 Hash queue
Default Password List
Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR


"Crack Me If You Can" - DEFCON 2011
Packet Storm Word Lists
Passwords - SkullSecurity
Index of /passwd/passwords

Pass the Hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
crack-pass-hash_33219 (application/pdf Object)


Introduction to dsniff - GIAC Certified Student Practical
dsniff-n-mirror.pdf (application/pdf Object)
dsniff.pdf (application/pdf Object)
A Hacker's Story: Let me tell you just how easily I can steal your personal data -
ECCE101.pdf (application/pdf Object)
3.pdf (application/pdf Object)
Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
cracking-air.pdf (application/pdf Object)
bh-europe-03-valleri.pdf (application/pdf Object)
Costa.pdf (application/pdf Object)
defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
Live_Hacking.pdf (application/pdf Object)
PasstheParcel-MITMGuide.pdf (application/pdf Object)
2010JohnStrandKeynote.pdf (application/pdf Object)
18.Ettercap_Spoof.pdf (application/pdf Object)
EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
Fun With EtterCap Filters.pdf (application/pdf Object)
The_Magic_of_Ettercap.pdf (application/pdf Object)
arp_spoofing.pdf (application/pdf Object)
Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
ICTSecurity-2004-26.pdf (application/pdf Object)
ettercap_Nov_6_2005-1.pdf (application/pdf Object) Mallory is More than a Proxy
Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers



Edge-Security - theHarvester- Information Gathering
DNSTRACER man-page
Maltego 3


document-metadata-silent-killer_32974 (application/pdf Object)
[strike out]
ExifTool by Phil Harvey
Edge-Security - Metagoofil - Metadata analyzer - Information Gathering
Security and Networking - Blog - Metadata Enumeration with FOCA

Google Hacking

Midnight Research Labs - SEAT
Google Hacking Diggity Project « Stach & Liu


BlindElephant Web Application Fingerprinter
XSSer: automatic tool for pentesting XSS attacks against different applications
RIPS | Download RIPS software for free at
Attack and Defense Labs - Tools
Using sqid (SQL Injection Digger) to look for SQL Injection
XSSer: automatic tool for pentesting XSS attacks against different applications
unicode-fun.txt ≈ Packet Storm

Attack Strings

fuzzdb - Project Hosting on Google Code
OWASP Fuzzing Code Database - OWASP

Shells Yokoso!
AJAX/PHP Command Shell


w3af - Web Application Attack and Audit Framework
skipfish - Project Hosting on Google Code
sqlmap: automatic SQL injection tool
SQID - SQL Injection digger
WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code
fm-fsf - Project Hosting on Google Code
News :: Arachni - Web Application Security Scanner Framework
rfiscan ≈ Packet Storm
lfi-rfi2 scanner ≈ Packet Storm
inspathx – Tool For Finding Path Disclosure Vulnerabilities
DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm



fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
Constricting the Web: The GDS Burp API - Gotham Digital Science
Browse Belch - Burp External Channel v1.0 Files on
Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja
w3af in burp
Attack and Defense Labs - Tools
burp suite tutorial - English
SensePost - reDuh - HTTP Tunneling Proxy
OWASP WebScarab NG Project - OWASP
Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight
Fiddler Web Debugger - A free web debugging tool
Watcher: Web security testing tool and passive vulnerability scanner
koto/squid-imposter - GitHub
squid-imposter - Phishing attack w/HTML5 offline cache framework based on Squid proxy

Social Engineering

Social Engineering Toolkit


keimpx in action | 0x3f
keimpx - Project Hosting on Google Code


markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb
WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code
markremark: Metasploit Visual Basic Payloads in action
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script for meterpreter available !
Metasploit: Automating the Metasploit Console
Deploying Metasploit as a Payload on a Rooted Box Tutorial
Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks
SecTor 2010 - HD Moore - Beyond Exploits on Vimeo
XLSinjector « Milo2012's Security Blog
Armitage - Cyber Attack Management for Metasploit
(automating msf) UAV-slides.pdf

MSF Exploits or Easy

Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security


Nmap Scripting Engine Primer Tutorial
NSEDoc Reference Portal

Net Scanners & Scripts

sambascan2 - SMB scanner
SoftPerfect Network Scanner
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community

Post Exploitation
Metacab | PHX2600


Re: Your favorite Ncat/nc/Netcat trick? -
ads.pdf (application/pdf Object)
Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
netcat_cheat_sheet_v1.pdf (application/pdf Object)
NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World
Netcat tricks « Jonathan’s Techno-tales
Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
Few Useful Netcat Tricks « Terminally Incoherent
Skoudis_pentestsecrets.pdf (application/pdf Object)
Cracked, inSecure and Generally Broken: Netcat
Ncat for Netcat Users

Source Inspection

Graudit - Just Another Hacker
javasnoop - Project Hosting on Google Code

Firefox Addons

David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
OSVDB :: Add-ons for Firefox
Packet Storm search plugin. :: Add-ons for Firefox
Default Passwords - :: Add-ons for Firefox
Offsec Exploit-db Search :: Add-ons for Firefox
OVAL repository search plugin :: Add-ons for Firefox
CVE ® dictionary search plugin :: Add-ons for Firefox
HackBar :: Add-ons for Firefox

Tool Listings

.:[ packet storm ]:. - tools
Security and Hacking Tools


Sec / Hacking

Penetration Testing and Vulnerability Analysis - Home
Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
CNIT 124: Advanced Ethical Hacking -- Sam Bowne
CS 279 - Advanced Topics in Security
CS142 Web Programming and Security - Stanford
CS155 Computer and Network Security - Stanford
CSE 227: Computer Security - UCSD
CS 161: Computer Security - UC Berkley
Security Talks - UCLA
CSCI 4971 Secure Software Principles - RPI
MCS 494 UNIX Security Holes
Software Security - CMU
T-110.6220 Special Topics in Ifocsec -TKK
Sec and Infosec Related - MIT


Metasploit Unleashed
Metasploit Class Videos  (Hacking Illustrated Series InfoSec Tutorial Videos)
Metasploit Megaprimer 300+ mins of video
Metasploit Tips and Tricks - Ryan Linn
OffSecOhioChapter, Metasploit Class2 - Part1
OffSecOhioChapter, Metasploit Class2 - Part2
OffSecOhioChapter, Metasploit Class2 - Part3



Google's Python Class - Google's Python Class - Google Code
Python en:Table of Contents - Notes
TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python
Python Videos, Tutorials and Screencasts
Learning Python Programming Language Through Video Lectures - good coders code, great reuse


Video Tutorials - Technology Demonstrations -


CS490 Windows Internals
T-110.6220 Lectures - Noppa - TKK
Index of /edu/training/ss/lecture/new-documents/Lectures
 InfoSec Resources
Robert Hansen on Vimeo

Web Vectors


MSSQL Injection Cheat Sheet -
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet » krazl - ™ ķЯαž£ ™ - bloggerholic
MS Access SQL Injection Cheat Sheet
Penetration Testing: Access SQL Injection
Testing for MS Access - OWASP
Security Override - Articles: The Complete Guide to SQL Injections
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections « Reiners’ Weblog
SQL Injection Attack
YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009
Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object)
Joseph McCray SQL Injection web application security forum :: Obfuscation :: SQL filter evasion
sqli2.pdf (application/pdf Object)
SQL Server Version -
Overlooked SQL Injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)


bypassing upload file type - Google Search Adobe Responds... Sort Of
Secure File Upload in PHP Web Applications | INSIC DESIGNS
Stupid htaccess Tricks • Perishable Press
Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r
Security FCKeditor ADS File Upload Vulnerability - Windows Only
Cross Site Scripting scanner – Free XSS Security Scanner
VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634)
Uploading Files Using the File Field Control
TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project
Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
Cross-site File Upload Attacks | GNUCITIZEN
TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
FileUploadSecurity - SH/SC Wiki

Exploiting PHP File Inclusion – Overview « Reiners’ Weblog
LFI..Code Exec..Remote Root!
Local File Inclusion – Tricks of the Trade « Neohapsis Labs
Blog, When All You Can Do Is Read - DigiNinja


The Anatomy of Cross Site Scripting
Whitepapers -
Cross-Site Scripting (XSS) – no script required - Tales from the Crypto
Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training
BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
sirdarckcat: Our Favorite XSS Filters and how to Attack them
Filter Evasion – Houdini on the Wire « Security Aegis
HTML5 Security Cheatsheet
XSS - Cross Site Scripting web application security forum :: XSS Info
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
What's Possible with XSS?


ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
Attacking ColdFusion. | Sigurnost i zastita informacija
Attacking ColdFusion
HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub
254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
Adobe XML Injection Metasploit Module |
Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console


The Ethical Hacker Network - Pen Testing Sharepoint


Lotus Notes/Domino Security - David Robert's -castlebbs- Blog
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno


Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded Security Blog: Good Bye Critical Jboss 0day

vmware web

Metasploit Penetration Testing Framework - Module Browser

Oracle appserver

hideaway [dot] net: Hacking Oracle Application Servers
Testing for Oracle - OWASP
NGSSQuirreL for Oracle
hpoas.pdf (application/pdf Object)


Onapsis | Research Labs
'[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC
Phenoelit SAP exploits


Capture the Flag/Wargames



Copyright © 2022. All Rights Reserved.