Richkit – Domain Enrichment Toolkit
Richkit is a python3 package that provides tools taking a domain name as input, and returns addtional information on that...
tools
Answers to Three FAQs About the New-and-Improved Cloud Configuration Assessment Remediation Content in InsightVM
Organizations operating in a cloud environment like Amazon Web Services (AWS) face additional security risk challenges that they need to...
Chromepass – Hacking Chrome Saved Passwords
Chromepass is a python-based console application that generates a windows executable with the following features:Decrypt Chrome saved paswordsSend a file...
Tentacle – A POC Vulnerability Verification And Exploit Framework
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It...
Self-Isolation, Home Networking, and Open Source: Recog and Rumble
Hey, gang. You know I'm a big open source fan and occasional contributor, so I just wanted to take a...
Shifting Security Conferences to Virtual: The New Face of Events in 2020 and Beyond
On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information...
Tails 4.5 – Live System to Preserve Your Privacy and Anonymity
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot.This release also fixes...
MSOLSpray – A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA...
Git-Hound v1.1 – GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
A batch-catching, pattern-matching, patch-attacking secret snatcher.GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit...
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization
If you saw the recent Top 10 Malware January 2020 post by the Center for Internet Security (CIS), you may...
DNSteal v2.0 – DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.Below...
OSSEM – Open Source Security Events Metadata
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of...
Financial resources for small businesses grappling with COVID-19
The United States Congress recently passed the “Coronavirus Aid, Relief, and Economic Security Act” (the “CARES Act”). This legislation is...
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker...
4 Common Goals For Vulnerability Risk Management Programs
At Rapid7, we have made it our top priority to uncover unmet customer needs and create value in new product...
Angrgdb – Use Angr Inside GDB – Create An Angr State From The Current Debugger State
Use angr inside GDB. Create an angr state from the current debugger state.Installpip install angrgdbecho "python import angrgdb.commands" >> ~/.gdbinitUsageangrgdb...
SSHPry v2.0 – Spy and Control os SSH Connected client’s TTY
This is a second release of SSHPry tool, with multiple features added.Control of target's TTYBuilt-In KeyloggerConsole-Level phishingRecord & Replay previous...
HikPwn – A Simple Scanner For Hikvision Devices
HikPwn, a simple scanner for Hikvision devices with basic vulnerability scanning capabilities written in Python 3.8. This project was born...
Sandcastle – A Python Script For AWS S3 Bucket Enumeration
Inspired by a conversation with Instacart's @nickelser on HackerOne, I've optimised and published Sandcastle – a Python script for AWS...
Tweetshell – Multi-thread Twitter BruteForcer In Shell Script
Tweetshell is an Shell Script to perform multi-threaded brute force attack against Twitter, this script can bypass login limiting and...
Jackdaw – Tool To Collect All Information In Your Domain And Show You Nice Graphs
Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice...
Frida API Fuzzer – This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing
This experimental fuzzer is meant to be used for API in-memory fuzzing.The design is highly inspired and based on AFL/AFL++.ATM...
DigiTrack – Attacks For $5 Or Less Using Arduino
In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script...
Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Wow, this past week has been a pretty long year for Zoom.As the COVID-19 global pandemic moved the whole knowledge-working...
