What You Need to Know to Get Started in the Penetration Testing Field
As cyber-attacks become more and more frequent against entities of all sizes, penetration testing is becoming more important to identify...
tools
PCFG Cracker – Probabilistic Context Free Grammar (PCFG) Password Guess Generator
PCFG = Probabilistic Context Free GrammarPCFG = Pretty Cool Fuzzy GuesserIn short: A collection of tools to perform research into...
DVNA – Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing...
GDA Android Reversing Tool – A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at...
Project-Black – Pentest/BugBounty Progress Control With Scanning Modules
Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project.What is this tool...
RiskAssessmentFramework – Static Application Security Testing
The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST...
MassDNS – A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names...
Metasploit Team Announces Beta Sign-Up for AttackerKB
When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar...
S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters
s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP,...
See-SURF – Python Based Scanner To Find Potential SSRF Parameters
A Python based scanner to find potential SSRF parameters in a web application.MotivationSSRF being one of the critical vulnerabilities out...
How the Innocent Lives Foundation Uses OSINT to Uncover Online Predators
On our latest episode of Security Nation, we spoke with a true hero: Chris Hadnagy, founder of the Innocent Lives...
Blinder – A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a...
Obfuscapk – A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to...
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
A number of information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries intended to work...
Kali Linux 2020.1 Release – Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce the first release of 2020, Kali Linux 2020.1.2020.1 includes some exciting new updates:Non-Root by...
PythonAESObfuscate – Obfuscates A Python Script And The Accompanying Shellcode
Pythonic way to load shellcode. Builds an EXE for you too!UsagePlace a payload.bin raw shellcode file in the same directory....
ApplicationInspector – A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question ‘What’S In It’ Using Static Analysis With A Json Based Rules Engine
Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting...
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China,...
CredNinja – A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can...
Mimir – Smart OSINT Collection Of Common IOC Types
Smart OSINT collection of common IOC types.OverviewThis application is designed to assist security analysts and researchers with the collection and...
How to Analyze Your Log Data Using the Log Search API in InsightIDR
InsightIDR’s Log Search interface allows you to easily query and visualize your log data from within the product, but sometimes...
Socialscan – Check Email Address And Username Availability On Online Platforms With 100% Accuracy
socialscan offers accurate and fast checks for email address and username usage on online platforms.Given an email address or username,...
Aircrack-ng 1.6 – Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security.It focuses on different areas of WiFi security:Monitoring: Packet...
Memhunter – Live Hunting Of Code Injection Techniques
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and...
