Since my initial post about WPSeku was about v0.1.0, an updated was made by the author and a new version was released. This post is an attempt at mentioning the changes made to the tool. Read more about UPDATE: WPSeku v0.2.1!
FOCA: Fingerprinting & Organisation with Collected Archives!
There are a few tools OSINT tools that I wrote about in the old PenTestIT blog that I still remember. FOCA is one of them and it has only gotten better with time and has a lot of features and plugins since I last looked at it. Read more about FOCA: Fingerprinting & Organisation with Collected Archives!
RouterSploit: The Metasploit For Routers!
There are exploitation frameworks and then there is Metasploit. Though it has a few modules targeted towards embedded devices, it is your "general purpose" framework. If you are looking at a comprehensive embedded devices/router exploitation framework you now have RouterSploit! Read more about RouterSploit: The Metasploit For Routers!
WPSeku: A Simple WordPress Security Scanner!
There are a lot of open source WordPress security scanners out there right now and WPSeku is one more of them. Since it's release about a month ago, it has a few static cross-site scripting, local file inclusion and SQL injection strings which it tries to leverage while scanning a website. Read more about WPSeku: A Simple WordPress Security Scanner!
Leviathan: An All In One Security Audit Toolkit!
Fresh off the GitHub repository - Leviathan, an open source, wide-range security audit toolkit that helps you with service discovery, brute force, SQL injection detection and running custom exploit. One of the guys behind this project is Utku Sen. If you remember he was the one who wrote open source ransomware - EDA2 and Hidden Tear. Read more about Leviathan: An All In One Security Audit Toolkit!
Acra: Database Protection With Encryption & Intrusion Detection!
This year at RSA, I remember meeting with a vendor who dealt with database security by encrypting the database. I forget the name, but found a open source project - Acra, which I think is a promising product if designed & developed right. Read more about Acra: Database Protection With Encryption & Intrusion Detection!