Since my initial post about WPSeku was about v0.1.0, an updated was made by the author and a new version was released. This post is an attempt at mentioning the changes made to the tool. Read more about UPDATE: WPSeku v0.2.1!
Web Application Security Archives:
While at work today I had to deal with a Lotus Domino web application installation that I knew nothing about. This is where I searched a bit and found an open source tool - Domi-Owned. Read more about Domi-Owned: A IBM/Lotus Domino Exploitation Tool!
This is a short post about LFISuite, an open source local file inclusion scanner and exploiter that is coded in Python. It supports multiple attack points and also has TOR proxy support. We all know that Local File Inclusion (also known as LFI) is a process of "including" locally present files, through the exploitation of vulnerable inclusion procedures implemented in the application that accepts un-sanitized input. Read more about LFISuite: An Automatic LFI Exploiter & Scanner!
If you read this blog, you must have read about an earlier post titled - List of Raspberry Pi DIY Projects for Anonymity! Though that post dealt with DIY projects about anonymity, this post is about WarBerryPi, which is more of a device to be used for offensive activities such as red teaming built on the versatile Raspberry Pi platform.The name WarBerryPi was conceived by the author as the red team, blue team nomenclature is based on military terms. This tool allows you to plug it in Read more about WarBerryPi: Red Teaming Hardware Implant!
Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular "network mapper". The Linux man page describes it as:Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what Read more about Nmap 7.50 Now Available!
If you use Kali and like searchsploit, chances are you will like getsploit even more. What searchsploit is to exploit-db, getsploit is to well, every exploit source covered by vulners.com. Read more about getsploit: Search & Download Exploits!
My last post about WordPress security was WPSeku, the simple WordPress security scanner. This post is about WPXF, short for the WordPress Exploit Framework, which will help you go one step further and perform penetration tests on WordPress powered websites. Read more about WPXF: The WordPress Exploit Framework!