BabyShark – Basic C2 Server
This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which...
tools
URLCrazy – Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL...
Patch Tuesday – June 2020
June 2020's Microsoft Patch Tuesday gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 -- a...
Developing Sustainable Vulnerability Management with Katie Moussouris
On this week’s episode of Security Nation, we’re delighted to be joined by Katie Moussouris, CEO and Founder of Luta...
Impost3r – A Linux Password Thief
Impost3r is a tool that aim to steal many kinds of linux passwords(including ssh,su,sudo) written by C.Attackers can use Impost3r...
Tangalanga – The Zoom Conference Scanner Hacking Tool
Zoom Conference scanner.This scanner will check for a random meeting id and return information if available.UsageThis are all the possible...
Maturing Your Security Posture: Around-the-Clock Threat Detection With Managed Detection & Response (MDR) Services
Recently, we (virtually!) sat down with Jeremiah Dewey, Rapid7’s VP of Managed Services, to chat about how managed detection response...
Spyeye – Script To Generate Win32 .Exe File To Take Screenshots
Script to generate Win32 .exe file to take screenshots every ~10 seconds.Features:Works on WAN: Port Forwarding by Serveo.netFully Undetectable (FUD)...
Words Scraper – Selenium Based Web Scraper To Generate Passwords List
Selenium based web scraper to generate passwords list.Installation# Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases$ tar xzf geckodriver-v{VERSION-HERE}.tar.gz$ sudo mv geckodriver /usr/local/bin...
JSshell – A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ...This tool works...
Astsu – A Network Scanner Tool
How it worksScan common portsSend a TCP Syn packet to the destination on the defined port, if the port is...
Git-Scanner – A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public
This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of...
Confessions of a Former CISO: Shaming People for Bad Security
My name is Scott King, and I am the Senior Director of Advisory Services at Rapid7. Before that, I was...
Recox – Master Script For Web Reconnaissance
The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other...
Jshole – A JavaScript Components Vulnrability Scanner, Based On RetireJS
A JavaScript components vulnrability scanner, based on RetireJS.Why use JShole instead of RetireJS?By default, RetireJS only searches one page, but...
GitMonitor – A Github Scanning System To Look For Leaked Sensitive Information Based On Rules
GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are...
Amplifying Impact to Reduce Friction: A Guide to Security Team Efficiency
In a recent session of our Accelerate Threat Detection and Response with SIEM + SOAR webcast series, Rapid7 product leaders...
Eviloffice – Inject Macro And DDE Code Into Excel And Word Documents (Reverse Shell)
Win python script to inject Macro and DDE code into Excel and Word documents (reverse shell)Features:Inject malicious Macro on formats:...
Ligolo – Reverse Tunneling Made Easy For Pentesters, By Pentesters
Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety...
Custom Policy Builder Is Now in Open Preview in InsightVM
This post is part one of a two-part blog series on policy customization in InsightVM.To properly guard against security threats,...
Standing Together: A Public Statement from Rapid7 CEO Corey Thomas
It has been shocking for many people in the United States and around the world to see the stark racial...
Rapid7 Quarterly Threat Report: 2020 Q1
If calendars still hold any meaning for you, you may be dimly aware that it's now midway through the second...
Inshackle – Instagram Hacks: Track Unfollowers, Increase Your Followers, Download Stories, Etc
Instagram hacks: Track unfollowers, Increase your followers, Download Stories, etcFeatures:Unfollow TrackerIncrease FollowersDownload: Stories, Saved Content, Following/followers list, Profile InfoUnfollow all...
GhostShell – Malware Indetectable, With AV Bypass Techniques, Anti-Disassembly, And More
In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning...
