812 matches found
Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advance Usage ./osmedeus.py -t example.com Installation git clone...
Reconerator - C# Targeted Attack Reconnaissance Tools
This is a custom .NET assembly which will perform a number of situational awareness activities. There are a number of current featuresets: BASIC - Obtains information from the disk and registry. LDAP - Allows customised AD LDAP queries to be made. RESOLVEHOST - Performs DNS lookup queries...
Chomp Scan - A Scripted Pipeline Of Tools To Streamline The Bug Bounty/Penetration Test Reconnaissance Phase
A scripted pipeline of tools to simplify the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs. Scope Chomp Scan is a Bash script that chains together the fastest and most effective tools in my opinion/experience for doing the long and sometimes tedious process o...
Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems
Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...
RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope
SAN FRANCISCO – An insidious reconnaissance campaign discovered in 2018, dubbed Operation Sharpshooter, is much more widespread than previously thought, researchers said. Operation Sharpshooter was first disclosed in December 2018, using a never-before-seen implant framework to infiltrate global...
Gen. Nakasone on US Cyber Command
Really interesting article by and interview with Paul M. Nakasone Commander of US Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service in the current issue of Joint Forces Quarterly. He talks about the evolving role of US Cyber Command, and its new...
Netsniff-Ng - A Swiss Army Knife For Your Daily Linux Network Plumbing
netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space a...
Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory
Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms...
Fighting Fire with Fire: API Automation Risks
Akamai research shows that 83 percent of all traffic on the web today are API calls JSON / XML. In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their manual...
CVE-2019-1645 Cisco Connected Mobile Experiences Information Disclosure Vulnerability
A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...
Bit-and-Piece DDoS Method Emerges to Torment ISPs
A pioneering distributed denial-of-service DDoS attack pattern has emerged, targeting internet service providers ISPs with something researchers have dubbed the bit-and-piece “Mongol” attack. The approach involves spreading out junk traffic across large numbers of IP addresses in order to evade...
Cisco Connected Mobile Experiences Information Disclosure Vulnerability
A vulnerability in the Cisco Connected Mobile Experiences CMX software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected...
Adminer < 4.7.8 SSRF Vulnerability - Windows
Adminer is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
R3Con1Z3R - A Lightweight Web Information Gathering Tool With An Intuitive Features (OSINT)
R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence OSINT web-based footprinting can be conducted quickly and thoroughly. Footprinting is the first phase of ethical hacking, it...
Operation Sharpshooter Takes Aim at Global Critical Assets
Researchers have detected a widespread reconnaissance campaign using a never-before-seen implant framework to infiltrate global defense and critical infrastructure players — including nuclear, defense, energy and financial companies. The campaign, dubbed Operation Sharpshooter, began Oct. 25 when...
SpiderFoot - The Most Complete OSINT Collection And Reconnaissance Tool
SpiderFoot is an open source intelligence OSINT automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person's name. SpiderFoot can be used offensively, i.e. as part of a...
TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework
TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...
Network and Web Pentest Framework: Jok3r
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...
Osmedeus - Automatic Reconnaisance And Scanning In Penetration Testing
Automatic Reconnaisance and Scanning in Penetration Testing What is Osmedeus? Osmedeus allow you to doing boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools. Installation git clone https://github.com/j3ssie/Osmedeus cd...
SMWYG-Show-Me-What-You-Got - Tool To Search 1.4 Billion Clear Text Credentials Which Was Dumped As Part Of BreachCompilation Leak
This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above...