Xanda's Blog !~!

MyLipas :: The Defacement Crawler


If you are a system administrator of websites that is hosted in Malaysia or owner of the domains ended with .MY.. or.. hosting company, you might heard/read about “MyLipas” somewhere, somehow.. maybe in the email subject or something 😉

Ok here are short descriptions of MyLipas and what is he capable with:

  • Named MyLipas due to the ugly code (coded in 2 nights)
  • Was around since early February 2009
  • Highly inspired by Shaun’s (Australian Honeynet Project) Skynet project
  • Crawl for the defaced/hacked websites that are hosted in Malaysia (Malaysia IP range) or domain ended with .MY
  • Crawler “abuse” Google search and Zone-H list to look for the defaced websites (based on keywords)
    1. Yes it can bypass the Zone-H’s captcha 😀
    2. If you are a CSM staff and you claim yourself as a Google-Fu, but you don’t know how to Google for websites that is hosted in Malaysia but not limited to those ended with .MY, you brought shame upon yourself
  • MyLipas can also receive manual (single or bulk) URL submission
  • All URLs will be grouped by IP (of the hosting) and the following information will be collected (automagically!) :
    1. IP address
    2. Web server information
    3. Domain owner/hosting email address (for reporting)
  • Email will be sent to MyCERT (grouped by IP) with the information above, for incident escalation process
  • Screenshot will automagically be taken for each URL
  • Defacer name will be captured into database
  • Data will be mapped into damn nice Ajax and flashy Flash graphs and bars.. [Thanks to Nymkum mYnN and @m4ysix]
  • The main job of MyLipas is to crawl for defaced website.. But it can easily customized to become SQL injection vulnerability crawler, leaked information crawler etc etc..
  • Enough for now…

Updated on 1 Feb 2012
MyLipas is now integrated with few more defacement archiver websites (which wont be listed here)

20 Responses to MyLipas :: The Defacement Crawler

  1. great…good job xanda.

  2. awesome!!

  3. To point no 2, one word,with exclamation mark, LOL!

  4. Pingback: Security officer (Calgary – Alberta) | Employment Canada and work Canada choice

  5. Hi, your ‘MyLipas’ is such a great thing.
    Actually I’m visiting your blog by searching google with ‘crawl zone-h’.
    And your MyLipas project seems to be an answer to this question.
    Would you mind if I ask you offering ‘MyLipas’ or give a tip for me.
    Thank you.

  6. @KevinPark
    I’ve replied you to your email 🙂

  7. Pingback: Hello Nokogiri | Xanda's Blog !~!

  8. Can you share the captcha breaking you are doing?

  9. Hi there. Im trying to scrape zone-h website using scrapy and stumbled upon your blog. May i know what was the approach you used? Tried to get xpath working but somehow its not working on zone h. THanks!

  10. Hi, can you share the zone-h “captcha breaker”?


  11. Hello Xanda

    Would you please share Zone-h CAPTCHA Breaker ?


  12. Hello XANDA,

    Where can I find access to MyLipas?

    • Sorry.. I worked on this project when i was working with Malaysian CERT.. The ownership of the code is belong to MyCERT

  13. Hey there Xanda, good job on this project, seems like a useful tool. A very good example of proper scrapper usage to gather intelligence.

    I’m working on something similar and would like to get some advice, could you please help me?

  14. Hi. I am currently also trying to scrape zone-h as well, may I know what is your approach to bypass the captcha?

    Thanks in advance!

  15. Hi,

    I am also trying to crawling defaced websites in zone-H (Python).
    Any advice or code snippets ?

    Best Regards

  16. Hi,
    I’m also working for a national CERT in Europe and I’m interested to crawl ZONE-H for defaced websites from my .TLD. Can you share with me the way we’ve managed to bypass the captcha verification? Thanks a lot!

  17. Hi,
    Your tool sounds great. Thank to share the things it can do.
    Do you mind helping me with the zone-h captcha ? Can you share the additionnal defacement archiver websites ?

Leave a Reply

Your email address will not be published. Required fields are marked *