SWFPFinder – SWF Potential Parameters Finder
SWFPFinder is a simple and open source bash script designed to discovery the potential swf (file) parameters on the webapp...
hacking
Patch Tuesday – January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a...
How to Define and Communicate Vulnerability Risk Across Your Company
This is a guest post by Rapid7 customer Steven Maske, the Information Security Manager of a manufacturing, retail, and distribution...
laravelN00b – Automated Scan .env Files And Checking Debug Mode In Victim Host
Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug...
Andriller – Software Utility With A Collection Of Forensic Tools For Smartphones
Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition...
Simplify Your Data Search with Query Builder in InsightVM
Security professionals responsible for vulnerability risk management are required to perform data querying and analysis on a regular basis to...
LAVA – Large-scale Automated Vulnerability Addition
Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora (i.e., software that has...
Heapinspect – Inspect Heap In Python
HeapInspect is designed to make heap much more prettier.Now this tool is a plugin of nadbg. Try it!FeaturesFree of gdb...
CHAPS – Configuration Hardening Assessment PowerShell Script
CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy...
Karonte – A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.Research paperWe present our approach and the findings...
IotShark – Monitoring And Analyzing IoT Traffic
IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily,...
LNAV – Log File Navigator
The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can...
Challenges and Best Practices with Vulnerability Risk Management Collaboration
Even in the most high-tech environments, remediation and risk reduction don’t just happen. In order for vulnerability risk management to...
TuxResponse – Linux Incident Response
TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems...
Stowaway – Multi-hop Proxy Tool For Pentesters
Stowaway is Multi-hop proxy tool for security researchers and pentestersUsers can easily proxy their network traffic to intranet nodes (multi-layer)PS:...
Automating Application Security Processes with the InsightAppSec API
This blog post is part four of our ongoing Automation with InsightAppSec series. Make sure to check out part one,...
Git-Vuln-Finder – Finding Potential Software Vulnerabilities From Git Commit Messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could...
WAFW00F v2.0 – Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
The Web Application Firewall Fingerprinting Tool.— From Enable SecurityHow does it work?To do its magic, WAFW00F does the following:Sends a...
InsightConnect Announces New Plugin for Cisco AMP for Endpoints
Rapid7 is excited to announce a new plugin for InisghtConnect that connects to Cisco AMP for Endpoints. Cisco Advanced Malware...
XposedOrNot – Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage...
Dsync – IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
IDAPython plugin that synchronizes decompiled and disassembled code views.Please refer to comments in the source code for more details.Requires 7.2Download...
RFCpwn – An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
An SAP enumeration and exploitation toolkit using SAP RFC callsThis is a toolkit for demonstrating the impact of compromised service...
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on...
LKWA – Lesser Known Web Attack Lab
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as...
