The Security Practitioner’s Intro to the Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask
Before I bought a house a few years ago, my understanding of mortgages was pretty shaky at best. I only...
hacking
SecretFinder – A Python Script For Find Sensitive Data (Apikeys, Accesstoken, JWT…) And Search Anything On Javascript Files
SecretFinder is a python script based on LinkFinder, written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript...
SIEM Security Tools: Six Expensive Misconceptions
How next-gen SIEM security solutions increase time to value in a modern threat environmentThe changing security landscape demands the most...
Unlocking the Power of Macro Authentication: Part One
This blog post is part one in a three-part series on macro authentication.You may have come across macro authentication when...
Fsociety – A Modular Penetration Testing Framework
Become a Patron! Installpip install fsocietyUpdatepip install --upgrade fsocietyUsageusage: fsociety A Penetration Testing Frameworkoptional arguments: -h, --help show this help...
EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking
Read the license before using any part from this code :)Malicious DLL (Win Reverse Shell) generator for DLL HijackingFeatures:Reverse TCP...
Axiom – A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty and pentesting. Axiom...
Introducing a New InsightVM Dashboard to Monitor External and Remote Workforce Assets in Your Environment
As our economies start to slowly reopen, knowledge-based jobs are still heavily relying on working from home during the COVID-19...
Fast-Google-Dorks-Scan – Fast Google Dorks Scan
A script to enumerate web-sites using Google dorks.Usage example: ./FGDS.sh megacorp.oneVersion: 0.035, June 07, 2020Features:Looking for the common admin panelLooking...
URLCADIZ – A Simple Script To Generate A Hidden Url For Social Engineering
A simple script to generate a hidden url for social engineering.Legal disclaimer:Usage of URLCADIZ for attacking targets without prior mutual...
Shodanfy.py – Get Ports, Vulnerabilities, Informations, Banners, ..Etc For Any IP With Shodan (No Apikey! No Rate-Limit!)
Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate limit!)Usage# python3 shodanfy.py <ip> e.g: python3 shodanfy.py 111.111.111.111 python3...
KatroLogger – KeyLogger For Linux Systems
KeyLogger for Linux Systems. FeaturesRuns on GUI systems or CLISending data by email Dependenciescurllibx11-dev (Debian-Based)libX11-devel (RHEL-Based) Compiling# ./configure# make# make...
Attacker-Group-Predictor – Tool To Predict Attacker Groups From The Techniques And Software Used
The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK frameworkHow it works?1-...
EvilPDF – Embedding Executable Files In PDF Documents
Read the license before using any part from this code :)Hiding executable files in PDF documentsLegal disclaimer:Usage of EvilPDF for...
Needle – Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
Chrome extension for Instant access to your bug bounty submission dashboard of various platforms + publicly disclosed reports + #bugbountytipNeedle...
RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers,...
Support FAQs: Managing Your Organization’s Security in Response to COVID-19
The security industry has always evolved rapidly, but we have never dealt with changes as drastic and unprecedented as we...
Atlas – Quick SQLMap Tamper Suggester
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned...
Stegcloak – Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and...
How Team Collaboration Can Help You Scale the Vulnerability Mountain
“I feel like I’m buried under my growing mountain of vulnerabilities,” said every security professional ever. While this is a...
BabyShark – Basic C2 Server
This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which...
URLCrazy – Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL...
Patch Tuesday – June 2020
June 2020's Microsoft Patch Tuesday gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 -- a...
Developing Sustainable Vulnerability Management with Katie Moussouris
On this week’s episode of Security Nation, we’re delighted to be joined by Katie Moussouris, CEO and Founder of Luta...
