Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Web2.0 Hacking by Mind Map: Web2.0 Hacking
4.6 stars - 9 reviews range from 0 to 5

Web2.0 Hacking

Information Farming

Everything is about information. Why go for the root when they can simply get the juicy stuff off the Web?

Data Aggregation

In the past we used to start from scratch everytime we need to perform an operation. Today we use services.

Collecting Information, Reason, knowlege, know your target (profiling), individual, friends, Social Networks, I know your friends., I know theirs friends friends., interests, blogs, bookmarks, personal, Flickr, how do you look like?, Google Maps, where do you live?, organizations, Your employees have blogs, Your employees have personal information on the Web., Your employees problems are your problems., snoop on your target, tracking user activities, Google Web Search History, Del.icio.us Bookmarks, Digg Entries, Stumble Upon, Keep your friends close, your enemies closer., Stumble upon malware, expose your target, reveling the hidden web, scan IPs for ports 80,81,888,8080,443,etc, ping Yahoo Site Explorer ping service, or create a blog and link the resources, reveling the hidden self, impersonation, reveling the hidden web, technorati ping, blackmail your target, Dark SEO, link spam, semantics, malicious code is stupid, malicious code needs help, the AI, Vulnerability Databases, XSSED.com, Milw0rm, Target lists, Automatic, Google, Google Search, Custom Search Engines, Custom Scanning Logic, The Mechanical Turk, via Social Bookmarking, DIGG, Del.icio.us, via Web Broadcast Messages, Search Engines, URL + TIMESTAMP | MD5, via mailing list, Mailinator, Dodgit, Mailbucket, malicious code needs to be mobile, the more stuff are on the web the more mobile the code will be, finding the hits, via google, via yahoo, Tools, Server Side, Aggregators, Google Reader, backup, tag based mashup, Dapper, scraper, xml/feed mashup, Yahoo Pipes, programmable service, web2.0 power tool, Maiinator, SMTP to RSS, technology bridge, General Scrapers, Feed43, Ponyfish, Remixers, Yahoo Pipes, Regexes, Filters, Loops, Google Reader, tags, folksonomy, Dapper, xml/feed mashup, Client Side, JavaScript, JSON, ActionScript

Analyzing Information, Reason, to know better, to plan better, to measure success, Tools, Feeds, FeedBurner, Trafic, Google Analytics, Custom, Yahoo Pipes

Data Distribution

Reaching Individuals, Reason, Inflience, Direction, 0wnage, Tools, Comments to personal blogs, Pingbacks to personal blogs, Trackbacks to personal blogs, Bookmarks part of the same interest group, Social Networks, Flickr, links, comments, MySpace, 1degree of separation

Reaching the Masses, Reason, mass Influence, traffic shaping, mass 0wnage, viral attacks, mass Direction, DoS, Tools, Splogs, Search Engine exposure, Blog Aggregator exposure, Technorati, Search Engines, Search Terms, Key Words, Result Poisoning, Pings, Yahoo, Google, Aggregators, Technorati

API Mastering

Reason

to accommodate Web Agents

to accommodate Sophisticated Worms, for propagation, for backend support, for AI

to accommodate Sophisticated Attack Interfaces

to accommodate Sophisticated Attack Infrastructures

Finding APIs

Mashable

TechCrunch

Programmable Web

Google

Using APIs

Yahoo Site Explorer Page Data, craw, get the site complete structure

Yahoo Site Explorer Ping, ping for a change, just ping, add xss payload, ping XSSed websites, to find the targets, domain | MD5

Yahoo Search, find more stuff

Google Search, find stuff

Mailinator, SMTP to RSS

Dodgit, SMTP to RSS

Mailbucket, SMTP to RSS

Zoho Creator, online database

Yahoo Pipes, XML Proxy, Feed Proxy, CSV Proxy, Web Services, Infrastructure Utilities

Ponyfish, scrape all links

Dapper, scrape any site

Yahoo ZoneTag, Find location from CELL ID

dabbledb, online database

Hostip, GEO IP

SEO Textbrowser, proxy, SEO analysis, keywords, tags, statistics, inbound links, outbound links, domains

Attack Infrastructure Architecture

Reason

to hide, by intermixing technologies, by creating covert channels

to reach, individuals, organizations

to enable, viral propagation, via feeds, via blogs, via user generated content, targeted attacks

Tools

Free Hosting, Google Pages, host files, Google Mashup Editor, host files, host programmable logic, application feeds, Google Code, host files, Feeds, RSS to HTML, Google Reader, forever, Mailinator, 1 day, Mailbucket, 1 day, Blogs, host files, host blog entries, communicate with the blogsphere, Freewebs, host files, JavaScript vendor sites, jQuery, AttackAPI

Mashup Editors, Google Mashup Editor, control datasources, provided intuitive GUI, Yahoo Pipes, link components, run server side tasks, Popfly, irrelevant and this stage

Services, HTML to RSS, scraping, Screen Scraping, SMTP to RSS, bridging, RSS to SMTP, Schedulers, Google Calendar, public calendars as feeds, l8r, pipe to Mailinator, get as RSS, Alerts, Google Alerts, pipe to Maiinator, get as RSS