25 matches found
Tentacle: A Vulnerability & Exploitation Test Framework
Yesterday, I was searching for a PoC of a Spring Cloud Config vulnerability. The first result that Google returned was for a cool vulnerability and exploit testing framework – Tentacle. Cherry on the top was that this is open source and has been coded in Python3! This post is an attempt at listin...
UPDATE: Electronegativity v1.4.0
Electronegativity v1.4.0 was released some time ago. My first post about this open source Electron Security tool was titled – Electronegativity: An Open Source Electron Security Auditor which contains several bug fixes and a new feature. What is Electronegativity? Electronegativity is an open...
UPDATE: MITRE CALDERA 2.3.0
PenTestIT RSS Feed A month ago, MITRE Caldera 2.2.0 was released and a couple of days back now MITRE CALDERA 2.3.0 was released as well. If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. A lot of changes have be...
UPDATE: FOCA v3.4.6.0
PenTestIT RSS Feed My last post about this Fingerprinting & Organisation with Collected Archives was almost two year ago. I also mentioned that this tool was open sourced. Now, FOCA v3.4.6.0 has been released! I missed a lot of the older updates to this tool. What is FOCA? FOCA stands for...
UPDATE: SILENTTRINITY v0.3.0
PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...
UPDATE: Buscador Version 2.0
PenTestIT RSS Feed I briefly mentioned about Buscador in my previous post titled - List of Operating Systems for OSINT Open-Source Intelligence. A few days ago, an updated - Buscador Version 2.0 was made available by the author. This post is about the changes made in the latest version. What is...
UPDATE: Cameradar v3.0.1
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...
UPDATE: XSStrike 3.1.2
PenTestIT RSS Feed My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update - XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped...
Comparison of Open Source Adversary Emulation Tools
PenTestIT RSS Feed If you liked my older post titled "List of Adversary Emulation Tools", I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools...
UPDATE: P4wnP1 v0.1.0-alpha1
PenTestIT RSS Feed P4wnP1 update time guys and this time it is the P4wnP1 v0.1.0-alpha1, the first pre-built image! It has almost been a year since I last posted about this Raspberry Pi based, customizable USB attack platform and yet, what an update! Read on! What is P4wnP1? P4wnP1 is a highly...
UPDATE: Prowler 2.0 Beta
PenTestIT RSS Feed My older post about Prowler was about a good NINE months ago. Since then, a lot has changed and hence, this post is about the recently released update made to the AWS CIS Benchmark tool – Prowler 2.0 Beta! This new beta version has lots of improvements which you shall read abou...
UPDATE: Kali Linux 2018.1 Release!
PenTestIT RSS Feed Second post of the new year and it is about the latest Kali Linux 2018.1 release! The last Kali Linux release was made available in the month of November. As usual, this new release includes all patches, fixes, updates, and improvements since the last release - Kali Linux 2017....
SmoothCriminal Update: Additional Sandbox Detection Methods
PenTestIT RSS Feed About three months ago, I had written about a tool which helps you detect sandboxes using cursor movements. I was extremely busy, by the author of this tool - @G4lB1t was king enough to bring to my notice that it was about a SmoothCriminal update. This update brings in addition...
UPDATE: WarBerryPi Version 5.1b!
PenTestIT RSS Feed My last post pertaining to this Red Teaming Hardware Implant was about an updated version. This post also covers the changes made to two versions since my last post about the WarBerryPi v5. We now have an updated release for the Raspberry Pi based hardware implant allowing you ...
XSStrike: A XSS Detection & Exploitation Kit
PenTestIT RSS Feed If you remember a couple of weeks back, I blogged about XSS Radar, a Google Chrome extension to help you discover cross-site scripting vulnerabilities. This post is about - XSStrike, a similar tool to help you find cross-site scripting vulnerabilities, but it is coded in Python...
UPDATE: OWASP Dependency-Check 2.1.1!
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.1! This release contains a few...
TIH: The Open Source Threat Intelligence Hunter
PenTestIT RSS Feed The primary purpose of threat intelligence is to help you understand the risks of threats, such as zero-days, advanced persistent threats APTs and exploits. But how do you do that on a large scale in an automated manner? You now have a solution in TIH, the Threat Intelligence...
UPDATE: Leviathan Framework v0.1.2!
PenTestIT RSS Feed I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! What is Leviathan Framework? Leviathan is a mass audit toolkit which has wide range...
PowerSAP: A PowerShell SAP Security Assessment Tool!
PenTestIT RSS Feed This post is about PowerSAP, a tool that was included in this years BlackHat Arsenal. What I like about this tool is that it does not try to re-invent the wheel and yet keeps it's source code open for all of us to see and understand. The author @Sn0rkY is upfront about this and...
JexBoss: Java Deserialization Verification & EXploitation Tool!
PenTestIT RSS Feed I was working with a customers Red Hat JBoss server today and wanted to test for affected deserialization vulnerabilities. Though my favourite go-to tool - the Burp Suite has many extensions, I wanted to try something that I had not before. That's when I stumbled across JexBoss...