RouterSploit: The Metasploit For Routers!

There are exploitation frameworks and then there is Metasploit. Though it has a few modules targeted towards embedded devices, it is your “general purpose” framework. If you are looking at a comprehensive embedded devices/router exploitation framework you now have RouterSploit!

RouterSploit
RouterSploit: The Metasploit for Routers!

Continue reading “RouterSploit: The Metasploit For Routers!”

WPSeku: A Simple WordPress Security Scanner!

There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it’s release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website.

WPSeku
WPSeku

Continue reading “WPSeku: A Simple WordPress Security Scanner!”

PwnBack: Wayback Machine Leveraging Burp Extender Plugin!

This post is about a functionality which was untill today was not automated, yet very important in real world and bug bounty scenarios. The name is – PwnBack, a open source Burp Extender plugin, coded in JAVA which leverages the Wayback search engine and generates a sitemap accordingly.

PwnBack
PwnBack

Continue reading “PwnBack: Wayback Machine Leveraging Burp Extender Plugin!”

Leviathan: An All In One Security Audit Toolkit!

Fresh off the GitHub repository – Leviathan, an open source, wide-range  security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware – EDA2 and Hidden Tear.

Leviathan
Leviathan

Continue reading “Leviathan: An All In One Security Audit Toolkit!”

Kali Linux 2017.1: The Professional Penetration-Testing Distro!

Kali Linux really needs no introduction today. It is the de-facto open source, Debian-based operating system for penetration testing, vulnerability assessments, digital forensics and wireless assessments.  It is one of those operating systems that I see being actively developed and has a huge and helpful community. This post talks about the improvements and new tool additions in the latest open source Kali Linux 2017.1 Rolling release.

Kali Linux
Kali Linux

Continue reading “Kali Linux 2017.1: The Professional Penetration-Testing Distro!”

How to: Install Fuzzbunch & DanderSpritz?

I’m thinking I might already be a week late posting this today, but this post about Fuzzbunch and DanderSpritz has been sitting in my drafts for all this while and I thought of completing it any way.

As all of us know by now that the Equation Group gave us all an early Easter surprise by release an awesome cache of tools that were targeted against the Microsoft Windows operating systems – some of which are End Of Life – and other software’s along with a bunch of backdoors and rootkit. My older post – List of Equation Group Exploits already lists the names of the tools and their targets. With that cleared, moving on to the main topic of interest. Download the files listed under “EQGRP_Lost_in_Translation” and proceed.

Continue reading “How to: Install Fuzzbunch & DanderSpritz?”

List of Equation Group Exploits!

It has been sometime since the Shadow Brokers released a major cache of tools and exploits used/created by the Equation Group. This post is an attempt at listing only the exploits and their names from the last two; Linux and Windows, Equation Group dumps. These are the dump details:

eqgrp-auction-file.tar.xz
Password: CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN
Decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

eqgrp-free-file.tar.xz
Password: theequationgroup
Decrypted files: https://github.com/samgranger/EQGRP

If you have any details to add/share tweet @pentestit.

Equation Group
Equation Group

Continue reading “List of Equation Group Exploits!”