hacks & code

was just released a new w3bfukk0r version.

w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features:
HTTP/HTTPS(SSL) support
Banner grabbing
User-Agent faking
Proxy support (HTTP/S)
Reports found and non-existend directories

Note: Not all webservers are handling HTTP status codes correctly, so if the webserver doesn't care about RFCs the report generated by w3bfukk0r may include false positives. Maybe we'll find a good method to detect those false positives.

http://www.ngolde.de/download/w3bfukk0r-0.2.tar.gz

List of changes (CHANGELOG):

* w3bfukk0r 0.2 21.10.2006
- HTTP and HTTPS proxy support
- bug fixes
- it's now possible to specify more than just one URL to be scanned
- the man page has been rewritten
- a Doxyfile and doxygen source comments have been included
- support for the -p command line option has been dropped, use : instead

BigBrother^WGoogle has released another cool search "plugin".
The Google code search is really cool. It has some nice features Koders doesn't have like searching with regexp.

It's just a bit more flexible and of course it has a way more search results.
Compare this and this.

But what really surprised me that Google also seems to extract files from tarballs. I didn't release the files of w3bfukk0r in a directory on a webserver and I think noone else did but the ubermighty Google will find it anyway:
http://www.google.com/codesearch?hl=en&lr=&q=w3bfukk0r&btnG=Search.

And they find even more, look at the following web interface:
http://www.google.com/codesearch?q=show:0GFmqDPt0Xo:JfoqLfp9gKo:pE69hVzivsU&sa=N&ct=rd&cs_p=http://www.ngolde.de/download/w3bfukk0r-0.1.tar.gz&cs_f=w3bfukk0r-0.1/list.c.