What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers...
hacking
MalwareSourceCode – Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages
Malware Source Code Collection!!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in...
Pwndoc – Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx...
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Zap-Hud – The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with...
PatchChecker – Web-based Check For Windows Privesc Vulnerabilities
This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application (running on...
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to...
Apk-Medit – Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk
Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile...
SSJ – Your Everyday Linux Distribution Gone Super Saiyan
SSJ is s silly little script that relies on docker installed on your everyday Linux distribution (Ubuntu, Debian, etc.) and...
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020. What does that mean...
NICER Protocol Deep Dive: Internet Exposure of IMAP and POP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria
RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial....
Taken – Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to...
Simple-Live-Data-Collection – Simple Live Data Collection Tool
How it works?1- Build server 2- Connect with admin and client to server 3- To collect information, send the request...
TheCl0n3r – Tool To Download And Manage Your Git Repositories
TheCl0n3r will allow you to download and manage your git repositories. PrefaceAbout 90% of the penetration testing tools used in...
Eagle – Yet Another Vulnerability Scanner
Project Eagle is a plugin based vulnerabilities scanner with threading support used for detection of low-hanging bugs on mass scale...
HackBrowserData – Decrypt Passwords/Cookies/History/Bookmarks From The Browser
hack-browser-data is an open-source tool that could help you decrypt data (passwords / bookmarks / cookies / history) from the...
Mail-Swipe – Script To Create Temporary Email Addresses And Receive Emails
Mail Swipe is a python script that helps you to create temporary email addresses and receive emails at that address....
Zracker – Zip File Password BruteForcing Utility Tool based on CPU-Power
Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList...
Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives
Let’s talk about false positives. They’re frustrating and faulty, but also about as certain as death and taxes for anyone...
Introducing Enhanced Endpoint Telemetry (EET) in InsightIDR
Rapid7 detection and response customers have access to, and insights from, our experts and research driving the industry forward. This...
Mikrot8Over – Fast Exploitation Tool For Mikrotik RouterOS
mikrot8over: Fast exploitation tool for Mikrotik RouterOS up to 6.38.4 This is reworked original Mikrotik Exploit. Added Python 2 compatibility...
MEDUZA – A More Or Less Universal SSL Unpinning Tool For iOS
"MEDUZA" ("медуза") means "jellyfish" in Ukrainian What is MEDUZA?It's a Frida-based tool, my replacement for SSLKillSwitch. I created it for...
Heartland Dental’s Ambitions Land Them in the Cloud
Managing security for the largest Dental Support Organization (DSO) in the United States is no easy task. And sometimes, you...
