Figured I’d keep a copy of this on here for the next time I need to do malware investigation.

  • urlvoid.com – checks URL’s against lots of blacklists, emergingthreats, malwaredomainlist and zeustracker/etc…
  • ipvoid.com – Same as above but for IP addresses
  • support.clean-mx.de – Searches above databases and records logs of abuse claims. Useful as it can sometime give you extra URI’s for a host to comb your logs for. Also usefully… Continue reading

So you’ve got some XSS that you want to test but the browser you’ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL:


Would end up getting sent to the server as:

1GET /index.asp?val=%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1

In order to prevent this so we can test XSS flaws within applications we need to turn off the javascript filter in the… Continue reading