About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon (@calderpwn), addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular “network mapper“. Read more about UPDATE: Nmap 7.60 Now Available!
Distributions such as Kali Linux make it easier for us to carry out our penetration tests, vulnerability assessments, digital forensics gigs and wireless assessments. However, there are very few tools on such distributions that help you test the security of Internet of Things (IoT) devices as it needs bit of a customization. We now have AttifyOS to fill in the gap and help us test IoT security. Read more about AttifyOS: IoT Devices Testing Distribution!
Recently, we posted about HatCloud, a different tool which identifies CloudFlare protected IP addresses. This post is about CloudFail, a tool which detects CloudFlare protected hosts and then some more. Read more about CloudFail: Detect CloudFlare Secured Hosts!
Nmap is now the default tool to discover services running on a remotely connected system. None of us really need any introduction to this very popular "network mapper". The Linux man page describes it as:Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what Read more about Nmap 7.50 Now Available!
Hiding your tracks for public facing targets has become easier - thanks to scanless! It allows you to scan IP addresses utilizing online services that already exist. However, instead of you manually submitting the target to each of them, this Python script does it for you.What is scanless?Scanless is an open source script coded in Python that helps you to perform port scans utilizing multiple online scanners such as you get signal, View DNS, Hacker Target, IPFingerPrints, ping.eu, Read more about scanless: Anonymize Your Port Scans!
A problem with remote web application vulnerability scanners is that sometimes they have false positives. The only way to get good results is by launching an actual exploit, which if not treated with caution can lead to problems with the web application itself. This is where pyfiscan comes into picture and helps you perform a non-intrusive vulnerability scan on your own web application. Read more about pyfiscan: A Local Web Application Vulnerability Scanner!
Kali Linux really needs no introduction today. It is the de-facto open source, Debian-based operating system for penetration testing, vulnerability assessments, digital forensics and wireless assessments. It is one of those operating systems that I see being actively developed and has a huge and helpful community. This post talks about the improvements and new tool additions in the latest open source Kali Linux 2017.1 Rolling release. Read more about Kali Linux 2017.1: The Professional Penetration-Testing Distro!