82 matches found
Broadening the Scope: A Comprehensive View of Pen Testing
Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of...
nmapAutomator - Tool To Automate All Of The Process Of Recon/Enumeration
nmapAutomator A script that you can run in the background! Summary The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing. This will ensure two things: 1 Automate nmap scans. 2 Always have so...
Ships engines, a guide for pen testers
I spent several years as a ships engineer before straying in to pen testing. Ships used to be fairly secure; they were physically isolated at sea. Satcoms were scarily expensive, usually available only to the captain for business-critical communication. Even satphone use was heavily rationed. All...
Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks
Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...
PTP at DEF CON 27
Here's the lowdown on our 14 DEF CON 27 talks, workshops, and panel sessions: Main Stage Track 3 Paris: Saturday 13:00 Chris Wade presents Tag-side attacks against NFC Track 2 Paris: Saturday 15:00 G Richter presents Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss Villages...
Black Hat USA 2019 Preview
Las Vegas – Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. The Threatpost team, which will be on the frontlines of next week’s shows, discuss wh...
Getting your head under the hood and out of the sand: Automotive security testing
We’ve been doing automotive pen testing for several years now. Along the way we’ve had some fascinating experiences, working with some insightful and forward-thinking OEMs. But we’ve also worked with some OEMs and suppliers that consider pen testing to be a box checking exercise and frankly, buri...
Web Testing Framework Samurai
The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...
MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework
Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...
Metateta - Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit
Metateta Automated Tool For Scanning And Exploiting Network Protocols Using Metasploit For faster pen testing for large networks What You Can Do Scanning with all metasploit modules for specific network Protocol like smb,smtp,snmp Run all Auxiliary modules against specific network Protocol Run al...
GetAltName - Get Subject Alt Name From SSL Certificates
GetAltName it's a little script that can extract Subject Alt Names for SSL Certificates directly from HTTPS web sites which can provide you with DNS names or virtual servers. It's useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your...
Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software
A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...
SMBMap - Samba Share Enumeration Tool
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...
Deep-Learning PassGAN Tool Improves Password Guessing
Artificial intelligence and deep learning are creeping into information security, and one of the early applications of those approaches has emerged and is focused on passwords. Researchers from the Stevens Institute of Technology and the New York Institute of Technology have recently published so...
OWASP ZSC - Shellcode/Obfuscate Code Generator
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python. Usage of shellcodes Shellcodes are small codes in Assembly language which could be used as...
RedSnarf - A Pen-Testing / Red-Teaming Tool For Windows Environments
RedSnarf is a pen-testing / red-teaming tool by Ed Williams for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf functionality includes: Retrieval of local SAM hashes Enumeration of user/s running with elevated syste...
Mobile Security Framework: MobSF
Mobile Security Framework is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We’ve been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and...
Creating a More Altruistic Bug Bounty Program
SINT MAARTEN—David Jacoby and Frans Rosén want security researchers to become more altruistic about how they approach bug bounty programs. While programs such as those facilitated by HackerOne and BugCrowd have become ubiquitous over the last several years, the researchers said in a talk at...
Acunetix Release Web Site Security Pen Testing Tools Free
HTTP editor, fuzzer and sniffer tools help pen testers identify vulnerabilities London, UK – January 2016 – Hot on the release of Acunetix Version 11, pioneering web application security software Acunetix, now delivering Manual Pen Testing Tools at no cost. Penetration testers can make use of an...
Claudio Guarnieri on Security Without Borders
Security researcher and activist Claudio Guarnieri talks to Mike Mimoso about a new project announced last week at the Chaos Communication Congress called Security Without Borders. The project aims to form a collective of researchers and security practitioners who volunteer to provide pen-testing...