How to Measurably Reduce False Positive Vulnerabilities by Up To 22%
If you’ve been in the security industry for any amount of time, you’re no stranger to false positives. They show...
hacking
Awspx – A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments
auspex noun: An augur of ancient Rome, especially one who interpreted omens derived from the observation of birds.awspx is a...
Pulsar – Network Footprint Scanner Platform – Discover Domains And Run Your Custom Checks Periodically
Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization...
A Chat with Jonathan Cran About Intrigue and Security in the COVID-19 Pandemic
In a recent episode of Rapid7’s podcast, Security Nation, we talked with Jonathan Cran, Head of Research at Kenna Security....
CVE-2020-0796 – Windows SMBv3 LPE Exploit #SMBGhost
Windows SMBv3 LPE Exploit AuthorsDaniel García Gutiérrez (@danigargu) Manuel Blanco Parajón (@dialluvioso_) Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html https://www.fortinet.com/blog/threat-research/cve-2020-0796-memory-corruption-vulnerability-in-windows-10-smb-server.html#.Xndfn0lv150.twitter https://www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796/ http://blogs.360.cn/post/CVE-2020-0796.html https://blog.zecops.com/vulnerabilities/vulnerability-reproduction-cve-2020-0796-poc/ Download CVE-2020-0796...
CVE-2020-0796 – CVE-2020-0796 Pre-Auth POC
(c) 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes POC to check for CVE-2020-0796 / "SMBGhost" Expected outcome: Blue...
R00Kie-Kr00Kie – PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability
DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be...
One-Lin3r v2.1 – Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows,...
Working from Home? Wi-Fi Security and Tips and Tricks
Now that nearly all Rapid7 employees—along with a huge percentage of U.S.-based knowledge workers—are sliding into a work-from-home (WFH) routine,...
Project iKy v2.4.0 – Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface
Project iKy is a tool that collects information from an email and shows results in a nice visual interface.Visit the...
SauronEye – Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords
SauronEye is a search tool built to aid red teams in finding files containing specific keywords.Features:Search multiple (network) drivesSearch contents...
Webkiller v2.0 – Tool Information Gathering
Tool Information Gathering Write With Python.PreView ██╗ ██╗███████╗██████╗ ██╗ ██╗██╗██╗ ██╗ ███████╗██████╗ ██║ ██║██╔════╝██╔══██╗██║ ██╔╝██║██║ ██║ ██╔════╝██╔══██╗ ██║ █╗ ██║█████╗...
InQL Scanner – A Burp Extension For GraphQL Security Testing
A security testing tool to facilitate GraphQL technology security auditing efforts.InQL can be used as a stand-alone script, or as...
Mssqlproxy – A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse
Note #1: if using a non-direct connection (e.g. proxies in between), the -no-check-src-port flag is needed, so the server only...
ProjectOpal – Stealth Post-Exploitation Framework For WordPress
Stealth post-exploitation framework for Wordpress CMSOfficial ProjectOpal Repository.What is it and why was it made?We intentionally made it for our...
Tinfoil Chat – Onion-routed, Endpoint Secure Messaging System
Tinfoil Chat (TFC) is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from...
ConEmu – Customizable Windows Terminal With Tabs, Splits, Quake-Style, Hotkeys And More
ConEmu-Maximus5 is a Windows console emulator with tabs, which represents multiple consoles as one customizable GUI window with various features.Initially,...
Ninja – Open Source C2 Server Created For Stealth Red Team Operations
Ninja C2 is an Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration...
RapidPayload – Metasploit Payload Generator
Framework RapidPayload - Metasploit Payload Generator Requirements OpenJDK 8 (JAVA), or superiors versions. Metasploit Apktool Python3 Execution: git clone https://github.com/AngelSecurityTeam/RapidPayload...
Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment
The Rapid7 team is excited to announce that we have been recognized as a March 2020 Gartner Peer Insights Customers’...
Katana – A Python Tool For Google Hacking
Katana-ds (ds for dork_scanner) is a simple python tool that automates Google Hacking/Dorking and support TorIt becomes more powerful in...
Envizon v3.0 – Network Visualization And Vulnerability Management/Reporting
This tool is designed, developed and supported by evait security. In order to give something back to the security community,...
Automating Multi-Factor Authentication: Time-Based One-Time Passwords
Two days ago marks my two years with Rapid7. It has been a fantastic adventure, and I’m quite excited to...
Zphisher – Automated Phishing Tool
Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully...
