Published on February 26th, 2018 | by MaxiSoler


WebLorean v.2017 – Time-Travel for Web Admins

WebLorean is a time-travel tool for web admins and IT security people. This tool allows pentesters and sysadmins to run an infogather phase against a website’s past hosts, exploting the human weakness of lazyness.

If we go to Netcraft, and check some domain name using their tools, we MIGHT find the hosting history of a website. Yes, used to run on server A, then server B, now server C! And, wow, thats weird, the old servers are still up and running.

So, MIGHT still be configured in one of those servers. You know how hosting companies [dont] do their homework sometimes 😉

So, an attacker could fire up a scanner, and by any means available, target thru the older IP addresses, and scan our OLD WEBSITE[s], which, of course, we no longer keep updated (maybe not even the server, for that matter…). And you know what outdated usually means: holes. Lots of them.

And holes lead to lots of things: remote code execution, data exfiltration, resource control.

Additionally, this could can be used to detect bad implementations of CDNs, and to uncover origin servers behind CDNs.


cd weblorean


More Information: here

Thanks to our friend Arturo ‘Buanzo‘ Busleiman for sharing this tool with us. 😉

Tags: , , ,

About the Author @maxisoler

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑