I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! Read more about UPDATE: Leviathan Framework v0.1.2!
Penetration Testing Archives:
I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss, which turned out to be a pretty decent open source tool. I think JexBoss is a play on Java EXploitation like a Boss wording. Read more about JexBoss: Java Deserialization Verification & EXploitation Tool!
If you remember, I had posted about this Red Teaming Hardware Implant in an earlier post. It now happens that it was updated and we now have WarBerryPi Version 5! As you remember, it is a Raspberry Pi based hardware implant allowing you to be stealthy during red teaming scenarios, exfiltrating information with speed. Read more about UPDATE: WarBerryPi Version 5!
About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon (@calderpwn), addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular “network mapper“. Read more about UPDATE: Nmap 7.60 Now Available!
If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare, Censys & Crtsh using Python! Read more about Subdomain Enumeration Using Censys & Crtsh!
VirusTotal for long has provided a free online file and URL scanning service. Infact, I think it is THE site that started this kind of service more than 10 years ago. Wikipedia mentions that it was started in the year 2004! It also offers a "search" service which helps us to find more interesting details about a file hash or a URL. Leveraging this feature, we have an open source script called V1D0m! Read more about V1D0m: Enumerate Subdomains via Virustotal!
Distributions such as Kali Linux make it easier for us to carry out our penetration tests, vulnerability assessments, digital forensics gigs and wireless assessments. However, there are very few tools on such distributions that help you test the security of Internet of Things (IoT) devices as it needs bit of a customization. We now have AttifyOS to fill in the gap and help us test IoT security. Read more about AttifyOS: IoT Devices Testing Distribution!