CorsMe – Cross Origin Resource Sharing MisConfiguration Scanner
A Misconfiguration Scanner cors misconfiguration scanner tool based on golang with speed and precision in mind !Misconfiguration type this scanner...
hacking
How to Free Recover Deleted Files on Your Mac
There are many scenarios where you would want to recover deleted data from your Mac. These deleted files could be...
Customer Spotlight: How Amedisys CISO Proves Security’s Value to the Business
Vulnerability management can often feel like a thankless job, especially when your leadership team has a difficult time understanding the...
Sifter 7.4 – OSINT, Recon & Vulnerability Scanner
Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order...
Back to Basics: Maintaining Cloud Migration Oversight While Navigating the New Normal
On the fifth and final installment of our Remote Work Readiness Series, Rapid7 taps industry insiders for what the future...
Hmmcookies – Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)
Grab cookies from Firefox, Chrome, Opera using a shortcut file (bypass UAC)Legal disclaimer:Usage of HMMCOOKIES for attacking targets without prior...
Business Secure: How AI is Sneaking into our Restaurants
Prior to pandemic days, the restaurant industry talked of computers that might end up taking over their daily responsibilities. They’d...
InQL – A Burp Extension For GraphQL Security Testing
To use inql in Burp Suite, import the Python extension:Download the Jython JarStart Burp SuiteExtender Tab > Options > Python...
TokenBreaker – JSON RSA To HMAC And None Algorithm Vulnerability POC
Token Breaker is focused on 2 particular vulnerability related to JWT tokens.None AlgorithmRSAtoHMACRefer to this link about insights of the...
Increasing Visibility in Changing Threat Environments: A Conversation With Anthony Edwards
We recently interviewed Anthony Edwards, Director of Security Operations for Hilltop Holdings, who shared problem-solving insights for our evolving security...
SAyHello – Capturing Audio (.Wav) From Target Using A Link
Capturing audio (.wav) from target using a linkHow it works?After the user grants microphone permissions, a website redirect button of...
Lynis 3.0.0 – Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core...
Advancements in Vulnerability Reporting in the Post-PGP Era: A Conversation with Art Manion
On this week’s episode of Security Nation, Art Manion of the CERT Coordination Center gets us up to speed on...
O.G. AUTO-RECON – Enumerate A Target Based Off Of Nmap Results
Enumerate a target Based off of Nmap ResultsFeaturesThe purpose of O.G. Auto-Recon is to automate the initial information gathering phase...
Zip Cracker – Python Script To Crack Zip Password With Dictionary Attack And Also Use Crunch As Pipeline
This Script Supports Only Zip File in This VersionYou Can Also Use This Script With crunchCross-platform SupportedUsage: zipcracker.py Options: --version...
DroidTracker – Script To Generate An Android App To Track Location In Real Time
Script to generate an Android App to track location in real timeFeatures:Custom App Name2 Port Forwarding options (Ngrok or using...
Iox – Tool For Port Forward &Amp; Intranet Proxy
Tool for port forward & intranet proxy, just like lcx/ew, but betterWhy write?lcx and ew are awesome, but can be...
OSS-Fuzz – Continuous Fuzzing Of Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow,...
Vhosts-Sieve – Searching For Virtual Hosts Among Non-Resolvable Domains
Searching for virtual hosts among non-resolvable domains.Installationgit clone https://github.com/dariusztytko/vhosts-sieve.gitpip3 install -r vhosts-sieve/requirements.txtUsageGet a list of subdomains (e.g. using Amass)$ amass...
Formphish – Auto Phishing Form-Based Websites
Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page.Features:Auto detect...
SGN – Encoder Ported Into Go With Several Improvements
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a...
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In case you missed it, we introduced Network Traffic Analysis for our InsightIDR and MDR customers a few months back....
TeaBreak – A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work...
Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking
Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell...
