LNAV – Log File Navigator
The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can...
tools
Challenges and Best Practices with Vulnerability Risk Management Collaboration
Even in the most high-tech environments, remediation and risk reduction don’t just happen. In order for vulnerability risk management to...
TuxResponse – Linux Incident Response
TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems...
Stowaway – Multi-hop Proxy Tool For Pentesters
Stowaway is Multi-hop proxy tool for security researchers and pentestersUsers can easily proxy their network traffic to intranet nodes (multi-layer)PS:...
Automating Application Security Processes with the InsightAppSec API
This blog post is part four of our ongoing Automation with InsightAppSec series. Make sure to check out part one,...
Git-Vuln-Finder – Finding Potential Software Vulnerabilities From Git Commit Messages
Finding potential software vulnerabilities from git commit messages. The output format is a JSON with the associated commit which could...
WAFW00F v2.0 – Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
The Web Application Firewall Fingerprinting Tool.— From Enable SecurityHow does it work?To do its magic, WAFW00F does the following:Sends a...
InsightConnect Announces New Plugin for Cisco AMP for Endpoints
Rapid7 is excited to announce a new plugin for InisghtConnect that connects to Cisco AMP for Endpoints. Cisco Advanced Malware...
XposedOrNot – Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage...
Dsync – IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
IDAPython plugin that synchronizes decompiled and disassembled code views.Please refer to comments in the source code for more details.Requires 7.2Download...
RFCpwn – An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
An SAP enumeration and exploitation toolkit using SAP RFC callsThis is a toolkit for demonstrating the impact of compromised service...
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on...
LKWA – Lesser Known Web Attack Lab
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as...
Multiscanner – Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a...
Election Security: What You Need to Know
Usually, when we write a "What you need to know" post on the Rapid7 blog, it's generally a rapid response...
Tishna – Complete Automated Pentest Framework For Servers, Application Layer To Web Security
Complete Automated pentest framework for Servers, Application Layer to Web SecurityInterfaceSoftware have 62 Options with full automation and can be...
AWS Report – Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources.FeaturesSearch iam users based on creation dateSearch buckets publicSearch security group with...
WindowsFirewallRuleset – Windows Firewall Ruleset Powershell Scripts
About WindowsFirewallRulesetWindows firewall rulles organized into individual powershell scripts according to:Rule groupTraffic directionIP version (IPv4 / IPv6)Further sorted according to...
S3Tk – A Security Toolkit For Amazon S3
A security toolkit for Amazon S3Another day, another leaky Amazon S3 bucket— The Register, 12 Jul 2017Don’t be the... next......
SysWhispers – AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.All core syscalls are supported...
Kamerka GUI – Ultimate Internet Of Things/Industrial Control Systems Reconnaissance Tool
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.Powered by Shodan - Supported by Binary Edge & WhoisXMLAPIwriteup - https://medium.com/@woj_ciech/hack-the-planet-with-%EA%93%98amerka-gui-ultimate-internet-of-things-industrial-control-systems-5ff7d9686b29Demo -...
XSpear v1.3 – Powerfull XSS Scanning And Parameter Analysis Tool
XSpear is XSS Scanner on ruby gemsKey featuresPattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with...
AVCLASS++ – Yet Another Massive Malware Labeling Tool
AVCLASS++ is an appealing complement to AVCLASS , a state-of-the-art malware labeling tool.OverviewAVCLASS++ is a labeling tool for creating a...
7 Vulnerability Risk Management Resolutions To Consider in the New Year
It’s that time of year again, when people start making personal resolutions to better themselves in the new year. We...
