MyLipas :: The Defacement Crawler

If you are a system administrator of websites that is hosted in Malaysia or owner of the domains ended with .MY.. or.. hosting company, you might heard/read about “MyLipas” somewhere, somehow.. maybe in the email subject or something 😉

Ok here are short descriptions of MyLipas and what is he capable with:

• Named MyLipas due to the ugly code (coded in 2 nights)
• Was around since early February 2009
• Highly inspired by Shaun’s (Australian Honeynet Project) Skynet project
• Crawl for the defaced/hacked websites that are hosted in Malaysia (Malaysia IP range) or domain ended with .MY
• Crawler “abuse” Google search and Zone-H list to look for the defaced websites (based on keywords)
1. Yes it can bypass the Zone-H’s captcha 😀
2. If you are a CSM staff and you claim yourself as a Google-Fu, but you don’t know how to Google for websites that is hosted in Malaysia but not limited to those ended with .MY, you brought shame upon yourself
• MyLipas can also receive manual (single or bulk) URL submission
• All URLs will be grouped by IP (of the hosting) and the following information will be collected (automagically!) :
1. IP address
2. Web server information
3. Domain owner/hosting email address (for reporting)
• Email will be sent to MyCERT (grouped by IP) with the information above, for incident escalation process
• Screenshot will automagically be taken for each URL
• Defacer name will be captured into database
• Data will be mapped into damn nice Ajax and flashy Flash graphs and bars.. [Thanks to Nymkum mYnN and @m4ysix]
• The main job of MyLipas is to crawl for defaced website.. But it can easily customized to become SQL injection vulnerability crawler, leaked information crawler etc etc..
• Enough for now…

Updated on 1 Feb 2012
MyLipas is now integrated with few more defacement archiver websites (which wont be listed here)