This post is about a functionality which was untill today was not automated, yet very important in real world and bug bounty scenarios. The name is - PwnBack, a open source Burp Extender plugin, coded in JAVA which leverages the Wayback search engine and generates a sitemap accordingly. Read more about PwnBack: Wayback Machine Leveraging Burp Extender Plugin!
Vulnerability Assessment Archives:
This is a short post about howmanypeoplearearound, an open source tool in Python that can help you identify the number of people in the vicinity of your WiFi connection. Read more about howmanypeoplearearound: Detect People Around You!
A lot many good things are being done in Docker. Jackhammer is another good example of this. The authors have gone ahead and put almost everything you would need for vulnerability assessment and vulnerability management, dockerized it, made it an all-in-one tool and put it up for us to use! A few other security related docker projects can be found here. Read more about Jackhammer: A Vulnerability Assessment Collaboration Tool!
I stumbled upon this tool when trying to find more Docker security projects - Cameradar. You can use this tool post exploitation just for the fun, or use it in your own network and check for unauthorized CCTV installations. You can also use it to test the security of your existing camera setup. Read more about Cameradar: Hack RTSP CCTV Cameras!
Fresh off the GitHub repository - Leviathan, an open source, wide-range security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware - EDA2 and Hidden Tear. Read more about Leviathan: An All In One Security Audit Toolkit!
Kali Linux really needs no introduction today. It is the de-facto open source, Debian-based operating system for penetration testing, vulnerability assessments, digital forensics and wireless assessments. It is one of those operating systems that I see being actively developed and has a huge and helpful community. This post talks about the improvements and new tool additions in the latest open source Kali Linux 2017.1 Rolling release. Read more about Kali Linux 2017.1: The Professional Penetration-Testing Distro!
I'm thinking I might already be a week late posting this today, but this post about Fuzzbunch and DanderSpritz has been sitting in my drafts for all this while and I thought of completing it any way.As all of us know by now that the Equation Group gave us all an early Easter surprise by release an awesome cache of tools that were targeted against the Microsoft Windows operating systems - some of which are End Of Life - and other software's along with a bunch of backdoors and rootkit. My older Read more about How to: Install Fuzzbunch & DanderSpritz?