Andrew contributes to the information security community through the development of open-source security tools.

Open-Source Security Tools


WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.


UrlCrazy is for the study of domain name typos and URL hijacking. It generates domain name typo permutations then tests them to learn if they are in use, estimates their popularity and more.

Username Anarchy

Tools for generating usernames when penetration testing. Usernames are half the password brute force problem.


Enumerate hostnames from for an IP address. is Microsoft’s search engine which has an IP: search parameter.


Enumerate hostnames and URLs from Google.
Features: antibot avoidance, search within a country, custom search appliance
Download gggooglescan-0.1.tar.gz
Latest Version 0.1
License GPLv3
Author Andrew Horton


Extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
Download basedomainname-0.1.tar.gz
Latest Version 0.1
License Copyright
Author Andrew Horton