MyLipas :: The Defacement Crawler

Posted: July 20th, 2011 | Author: | Filed under: IT Related, Project | Tags: , , , , | 21 Comments »

If you are a system administrator of websites that is hosted in Malaysia or owner of the domains ended with .MY.. or.. hosting company, you might heard/read about “MyLipas” somewhere, somehow.. maybe in the email subject or something 😉

Ok here are short descriptions of MyLipas and what is he capable with:

  • Named MyLipas due to the ugly code (coded in 2 nights)
  • Was around since early February 2009
  • Highly inspired by Shaun’s (Australian Honeynet Project) Skynet project
  • Crawl for the defaced/hacked websites that are hosted in Malaysia (Malaysia IP range) or domain ended with .MY
  • Crawler “abuse” Google search and Zone-H list to look for the defaced websites (based on keywords)
    1. Yes it can bypass the Zone-H’s captcha 😀
    2. If you are a CSM staff and you claim yourself as a Google-Fu, but you don’t know how to Google for websites that is hosted in Malaysia but not limited to those ended with .MY, you brought shame upon yourself
  • MyLipas can also receive manual (single or bulk) URL submission
  • All URLs will be grouped by IP (of the hosting) and the following information will be collected (automagically!) :
    1. IP address
    2. Web server information
    3. Domain owner/hosting email address (for reporting)
  • Email will be sent to MyCERT (grouped by IP) with the information above, for incident escalation process
  • Screenshot will automagically be taken for each URL
  • Defacer name will be captured into database
  • Data will be mapped into damn nice Ajax and flashy Flash graphs and bars.. [Thanks to Nymkum mYnN and @m4ysix]
  • The main job of MyLipas is to crawl for defaced website.. But it can easily customized to become SQL injection vulnerability crawler, leaked information crawler etc etc..
  • Enough for now…

Updated on 1 Feb 2012
MyLipas is now integrated with few more defacement archiver websites (which wont be listed here)

21 Comments on “MyLipas :: The Defacement Crawler”

  1. 1 pian said at 12:56 AM on July 21st, 2011:

    great…good job xanda.

  2. 2 maysix said at 4:56 PM on July 21st, 2011:


  3. 3 tdr.local said at 1:35 AM on July 25th, 2011:

    To point no 2, one word,with exclamation mark, LOL!

  4. 4 Security officer (Calgary – Alberta) | Employment Canada and work Canada choice said at 10:00 PM on February 1st, 2012:

    […] at Five Filters recommends: Donate to Wikileaks. E-mail this Job Job Number: 6186742 Title: Security officer (Mobile Patrol Driver) ( NOC: 6651 ) Te…etc.): Security Guard basic (pre-assignment ) training program certificate, Security Guard Licence, […]

  5. 5 KevinPark said at 5:14 PM on February 25th, 2012:

    Hi, your ‘MyLipas’ is such a great thing.
    Actually I’m visiting your blog by searching google with ‘crawl zone-h’.
    And your MyLipas project seems to be an answer to this question.
    Would you mind if I ask you offering ‘MyLipas’ or give a tip for me.
    Thank you.

  6. 6 xanda said at 11:21 AM on February 28th, 2012:

    I’ve replied you to your email 🙂

  7. 7 Hello Nokogiri | Xanda's Blog !~! said at 7:52 PM on March 2nd, 2012:

    […] crawler’ aka Google web-scraper. So it is not a surprise if I say.. It was part of MyLipas Defacement Crawler as […]

  8. 8 daniel said at 11:04 PM on March 19th, 2013:

    Can you share the captcha breaking you are doing?

  9. 9 xanda said at 2:48 AM on March 23rd, 2013:

    Email sent..

  10. 10 v0id said at 3:49 PM on June 9th, 2013:

    would you mind sharing this with me ??would be grateful 🙂

  11. 11 Mustaqiim said at 2:38 PM on December 18th, 2014:

    Hi there. Im trying to scrape zone-h website using scrapy and stumbled upon your blog. May i know what was the approach you used? Tried to get xpath working but somehow its not working on zone h. THanks!

  12. 12 Peter said at 6:46 PM on March 4th, 2015:

    Hi, can you share the zone-h “captcha breaker”?


  13. 13 Steven said at 5:12 AM on April 3rd, 2015:

    Hello Xanda

    Would you please share Zone-h CAPTCHA Breaker ?


  14. 14 domajor said at 7:03 PM on May 12th, 2017:

    Hello XANDA,

    Where can I find access to MyLipas?

  15. 15 Xanda said at 7:07 PM on May 12th, 2017:

    Sorry.. I worked on this project when i was working with Malaysian CERT.. The ownership of the code is belong to MyCERT

  16. 16 vle said at 5:13 AM on August 3rd, 2017:

    Hey there Xanda, good job on this project, seems like a useful tool. A very good example of proper scrapper usage to gather intelligence.

    I’m working on something similar and would like to get some advice, could you please help me?

  17. 17 dlh said at 11:30 AM on December 19th, 2017:

    Hi. I am currently also trying to scrape zone-h as well, may I know what is your approach to bypass the captcha?

    Thanks in advance!

  18. 18 esteban said at 6:05 PM on December 30th, 2017:


    I am also trying to crawling defaced websites in zone-H (Python).
    Any advice or code snippets ?

    Best Regards

  19. 19 cata said at 8:41 PM on October 24th, 2018:

    I’m also working for a national CERT in Europe and I’m interested to crawl ZONE-H for defaced websites from my .TLD. Can you share with me the way we’ve managed to bypass the captcha verification? Thanks a lot!

  20. 20 homere said at 5:44 AM on February 28th, 2019:

    Your tool sounds great. Thank to share the things it can do.
    Do you mind helping me with the zone-h captcha ? Can you share the additionnal defacement archiver websites ?

  21. 21 serciyo said at 3:32 PM on December 14th, 2020:

    where tool

Leave a Reply