There are a lot of WordPress security tools out there such as the WPScan, vulnerability scanner. Now, there is an addition - WPForce, which I consider is a more offensive tool that performs brute force attempts against a targeted WordPress installation. Read more about WPForce & Yertle: The WordPress Attack Suite!
APT2: An Automated Penetration Testing Toolkit!
All of us know that a typical penetration testing engagement begins with reconnaissance (run nmap, etc.), testing for services & their default passwords then moving onto launching common exploits (Metasploit, etc.), getting access and then lateral movement. This is okay on small networks, but tends to be slow on large networks. Fortunately, we have APT2 to help us! Read more about APT2: An Automated Penetration Testing Toolkit!
LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O Formats!
While there are multiple platform dependent libraries such as pefile, pyelftools, pwntools in Python and objdump and similar tools. Now, there is LIEF, an open source cross platform library to parse, modify and abstract ELF, PE and MachO file formats. Read more about LIEF: Cross-Platform Library to Interact With ELF, PE and Mach-O…
Acra: Database Protection With Encryption & Intrusion Detection!
This year at RSA, I remember meeting with a vendor who dealt with database security by encrypting the database. I forget the name, but found a open source project - Acra, which I think is a promising product if designed & developed right. Read more about Acra: Database Protection With Encryption & Intrusion Detection!
Pwnbox: A Docker Container For Reverse Engineering & Exploitation!
Since I blogged a bit about docker security tools, I thought of continuing the trend and introduce Pwnbox, is an open source docker container that has tools to aid you in reverse engineering and exploitation. It allows you to package up an container with all of the tools of trade you need in a capture-the-flag situation, or elsewhere too! Read more about Pwnbox: A Docker Container For Reverse Engineering & Exploitation!
Ostinato: The Network Traffic Generator and Analyzer!
I had covered Ostinato in our earlier blog, before it got blown away and was reminded of it when I was working on the Apache Struts S2-046 vulnerability. I had a .pcap file which I had to replay and this is where Ostinato came into picture. A bit off track, if you want to protect yourself from S2-045 & S2-046, and your application is on Apache, simply add the following to your .htaccess file: <IfModule mod_headers.c> RequestHeader unset Content-Type RequestHeader unset Read more about Ostinato: The Network Traffic Generator and Analyzer!
Wifiphisher: Perform Automated Customized Phishing Attacks Against Wi-Fi Clients!
A human is the weakest link in cyber security and tools like Wifiphisher cement the fact. This tool exploits this weak link by launching a social-engineering attack leading the user to a phishing page and then you can get the users password or install your stuff. Read more about Wifiphisher: Perform Automated Customized Phishing Attacks Against Wi-Fi Clients!