The cross-site scripting (XSS) attack testing tool Jikto, written by Billy Hoffman, that was presented at ShmooCon is already on the loose. Some, like Jeremiah Grossman, held the opinion that this tool was crossing the line. I should note that White Hat is a direct competitor to SPI Dynamics. That being said, the “I told you so” queue should be filling up.
This weekend the source of Jikto was officially leaked. How long did that take? Anyone time it? So much for this statement: “Although I will not be releasing the source code of Jikto….” There are a few things to note, although I haven’t gotten through all of it.
Firstly, it is only made up of a test HTML page, a single .JS file and a command and control file. Secondly, by the time I had received it, it had already been modified at least a few times, perhaps to test it, but nevertheless it is no longer the original function.
Bearing in mind that all of this was posted on April 1st. So, I’m holding a skeptical opinion.
[tags]Jikto, Source Code, Jikto Leaked, Spi Dynamics[/tags]