3 Questions to Ask Yourself When Justifying Your Infosec Program
On the Rapid7 Labs team, we’re constantly looking for ways to give defenders a boost in the work they need...
tools
Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled...
Dufflebag – Search Exposed EBS Volumes For Secrets
Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally...
How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud
In part one of our four-part series on security in the cloud, we discussed the AWS shared responsibility model and...
Qiling – Advanced Binary Emulation Framework
Qiling is an advanced binary emulation framework, with the following features:Cross platform: Windows, MacOS, Linux, BSDCross architecture: X86, X86_64, Arm,...
Nfstream – A Flexible Network Data Analysis Framework
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline...
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
That’s good news, right? Well, I’d say that’s a qualified “yes.” As I mentioned, it’s easy to change the implant...
DOUBLEPULSAR RCE 2: An RDP Story
In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR...
WhatTheHack – A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates.What, Why...
Injectus – CRLF And Open Redirect Fuzzer
Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. ▪ ▐ ▄ ▐▄▄▄▄▄▄...
Congrats to the winners of the 2020 Metasploit community CTF
After four days of competition and a whole lot of “trying harder,” we have the winners of this year's Metasploit...
What You Need to Know to Get Started in the Penetration Testing Field
As cyber-attacks become more and more frequent against entities of all sizes, penetration testing is becoming more important to identify...
PCFG Cracker – Probabilistic Context Free Grammar (PCFG) Password Guess Generator
PCFG = Probabilistic Context Free GrammarPCFG = Pretty Cool Fuzzy GuesserIn short: A collection of tools to perform research into...
DVNA – Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing...
GDA Android Reversing Tool – A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat
Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at...
Project-Black – Pentest/BugBounty Progress Control With Scanning Modules
Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project.What is this tool...
RiskAssessmentFramework – Static Application Security Testing
The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST...
MassDNS – A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names...
Metasploit Team Announces Beta Sign-Up for AttackerKB
When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar...
S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters
s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP,...
See-SURF – Python Based Scanner To Find Potential SSRF Parameters
A Python based scanner to find potential SSRF parameters in a web application.MotivationSSRF being one of the critical vulnerabilities out...
How the Innocent Lives Foundation Uses OSINT to Uncover Online Predators
On our latest episode of Security Nation, we spoke with a true hero: Chris Hadnagy, founder of the Innocent Lives...
Blinder – A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a...
Obfuscapk – A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to...
