154 matches found
Koadic: An Advanced Windows JScript/VBScript RAT!
PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...
UPDATE: MITRE CALDERA 2.2.0
PenTestIT RSS Feed If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. Sometime back, an update - the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always,...
UPDATE: MITRE CALDERA 2.3.0
PenTestIT RSS Feed A month ago, MITRE Caldera 2.2.0 was released and a couple of days back now MITRE CALDERA 2.3.0 was released as well. If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. A lot of changes have be...
UPDATE: FOCA v3.4.6.0
PenTestIT RSS Feed My last post about this Fingerprinting & Organisation with Collected Archives was almost two year ago. I also mentioned that this tool was open sourced. Now, FOCA v3.4.6.0 has been released! I missed a lot of the older updates to this tool. What is FOCA? FOCA stands for...
UPDATE: Kali Linux 2019.3 Release
PenTestIT RSS Feed Kali Linux 2019.3, the latest and the greatest Kali Linux release is now officially available! This is the third 2019 release, which comes after Kali Linux 2019.2. This release includes the normal bugs fixes, updates the kernel to version 5.2.9, and includes various new feature...
UPDATE: OSRFramework 0.17.2
PenTestIT RSS Feed My last post about this open sources research framework was approximately three weeks ago. Recently, two new versions were released in quick succession - 0.17.1 & OSRFramework 0.17.2. This post covers the changes and advancements made to both these versions. What is OSRFramewor...
TIH: The Open Source Threat Intelligence Hunter
PenTestIT RSS Feed The primary purpose of threat intelligence is to help you understand the risks of threats, such as zero-days, advanced persistent threats APTs and exploits. But how do you do that on a large scale in an automated manner? You now have a solution in TIH, the Threat Intelligence...
Gloom-Framework: Security Framework For Kali Linux
PenTestIT RSS Feed This short post is about a new penetration testing toolkit/framework in the market, which was specifically built for Kali Linux. The name is Gloom-Framework. It is coded in Python and is also open source with a few dependencies. What is Gloom-Framework? Gloom-Framework is an op...
How to: Uninstall MBRFilter?
PenTestIT RSS Feed If you remember about my older post about the open source tool to protect against MBR infections - MBRFilter. All of a sudden one of my test machines started dying with the famous BSOD. I was able to recover from the error as I figured the error was with MBRFilter.sys. However,...
UPDATE: AutoSploit 4.0
PenTestIT RSS Feed AutoSploit 4.0 was released a month ago. I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 3.0. This version primarily adds support for running nmap scans within the same terminal. What is...
BEEMKA: Basic Electron Post-Exploitation Framework
PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...
Electronegativity: An Open Source Electron Security Auditor
PenTestIT RSS Feed Electron is a pretty recent framework for building desktop applications and there are not many tools that deal with the security part either. There is a electronjs security checklist, providing guidelines for building secure applications, but there is no tool per-se - atleast...
List of Portable Hardware Devices for Penetration Testing
PenTestIT RSS Feed All of us at some point or the other think of a possibility of "remoting" a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and mu...
UPDATE: Infection Monkey 1.6.3
PenTestIT RSS Feed Some days ago, Infection Monkey 1.6.3 was released. The first post about this tool can be found in a post titled the List of Adversary Emulation Tools. This is a small bugfix release, mostly around integration and packaging. It contains two user facing changes as well. What is...
Wordpwn: A Malicious WordPress Plugin Generator
PenTestIT RSS Feed I have covered about multiple tools that deal with WordPress vulnerability assessments and exploitation. A very good example of WordPress exploitation framework is the WPXF and the WordPress attack suite is aptly represented by WPForce & Yertle. This post is about Wordpwn, whic...
UPDATE: Prowler 1.3!
PenTestIT RSS Feed My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! What is Prowler? Prowler is a tool for AWS security assessment, auditing and hardening. It follows guidelines of the CIS Amazon Web Services Foundations...
UPDATE: Tsurugi Linux 2019.2
Tsurugi Linux 2019.2 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux such as bug fixes, updates and addition of new tools. What is Tsurugi Linux? Tsurugi Linux,...
UPDATE: Sysdig Falco v0.15.0
PenTestIT RSS Feed Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for...
UPDATE: Cameradar v3.0.1
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...
UPDATE: Cameradar v2.0.0
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update - Cameradar v2.0.0 was made available by the authors. What is Cameradar? Cameradar is an RTS...
nps_payload: Basic Intrusion Detection Avoidance Payload Generator!
PenTestIT RSS Feed This is a short post about npspayload, an open source, python script that helps you create basic payloads that help you avoid or bypass intrusion detection systems. This is a mix of @ben0xa's Not PowerShell nps frameworks and some features of @HackingDave’s unicorn tool. As you...
UPDATE: TrevorC2 version 1.3
TrevorC2 version 1.3 was just released yesterday! I briefly mentioned about TrevorC2 in my older post titled as the List of Open Source C2 Post-Exploitation Frameworks. Infact, there have been two updates which I missed blogging about and hence, this post will cover those changes as well. What is...
UPDATE: OSRFramework 0.17.3
PenTestIT RSS Feed My last post about this open sources research framework was approximately four weeks ago. Two days ago, a new version was released - OSRFramework 0.17.3. This post covers the changes, fixes and advancements made to this version. What is OSRFramework? OSRFramework is an open...
UPDATE: PoshC2 v5.0
A couple of days ago, PoshC2 v5.0 was released to the public. I briefly mentioned PoshC2 in my post titled – List of Open Source C2 Post-Exploitation Frameworks. Significant changes and improvements have been made to this version, most notably - PoshC2 has been completely rewritten in Python3. Wh...
UPDATE: OWASP Dependency-Check 2.1.0!
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...
Kubebot: A Kubernetes Based Security Testing Slackbot
PenTestIT RSS Feed About a week ago, I blogged about List of Portable Hardware Devices for Penetration Testing. The tool that I am blogging about today - Kubebot - can be an awesome example and be installed very easily on a Raspberry Pi that you have lying around. Best part is that this is open...
Subdomain Enumeration Using Censys & Crtsh!
PenTestIT RSS Feed If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare,...
BootStomp: Find Mobile Device Bootloader Vulnerabilities
PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...
UPDATE: Tsurugi Linux 2019.1
Tsurugi Linux 2019.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux, that was released at BlackHat USA. This release includes a lot of bug fixes, updates, additi...
TOOL UPDATE: Cameradar v2.1.0
PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version - Cameradar v2.0.0. A lot has happened since then and an update – Cameradar v2.1.0 was made available by the author. This version comes...
CoMisSion: Open Source WhiteBox CMS Analysis Tool
PenTestIT RSS Feed Less than a week ago, an open source white-box CMS analysis tool was released - CoMisSion. I had covered a similar local web application vulnerability scanner - pyfiscan. This new tool tends to automate a lot of tasks that help you analyze a CMS setup and tend to be long, tedio...
UPDATE: SILENTTRINITY v0.3.0
PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...
UPDATED VERSION: AutoSploit 2.2
PenTestIT RSS Feed It has been some days since there was a lot of hue and cry about AutoSploit and eventually everything subsided. I wrote about it in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit too. Recently, an updated an improved updated version - AutoSploit 2.2 was released...
Skimmer Scanner: A Credit Card Skimmer Detection App
PenTestIT RSS Feed While browsing the Google app store, I stumbled upon a credit or debit card skimmer detection app - Skimmer Scanner. The icing on the cake is that the source code of this app is already available! As you know, credit or debit card skimmers are small innocuous devices that steal...
UPDATE: Leviathan Framework v0.1.2!
PenTestIT RSS Feed I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! What is Leviathan Framework? Leviathan is a mass audit toolkit which has wide range...
UPDATE: XSStrike 3.1.2
PenTestIT RSS Feed My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update - XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped...
UPDATE: OSRFramework 0.17.0 BlackHat Arsenal Version!
PenTestIT RSS Feed Sometime early last month, I made a post about OSRFramework which was version 0.16.8. A new version of this open sources research framework was released at the recently concluded BlackHat 2017 conference. To be precise, it was released on Wednesday, July 26 in the OSINT Arsenal...
SmoothCriminal: Sandbox Detection Via Cursor Speeds!
PenTestIT RSS Feed It's that exciting time of the year folks when new people from the security walks of life throng to casinos in the desert. Yes! I am talking about Black Hat, BSidesLV, DefCon. Bringing to you a part of utility that will be completely released at BSidesLV - SmoothCriminal, which...
UPDATE: Tsurugi Linux 2020.1
Tsurugi Linux 2020.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT and my last post was about Tsurugi Linux 2019.2. This post discusses the updates made to the latest version of Tsurugi Linux such as bug fixes, updates and addition of ne...
UPDATE: Luckystrike 2.0!
PenTestIT RSS Feed My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM...
Comparison of Open Source Adversary Emulation Tools
PenTestIT RSS Feed If you liked my older post titled "List of Adversary Emulation Tools", I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools...
UPDATE: Nmap 7.60 Now Available!
PenTestIT RSS Feed About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon @calderpwn, addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover...
Automated Penetration Testing Toolkit UPDATE: APT2 v1.0-20170613!
PenTestIT RSS Feed Almost five months ago, I covered this automated penetration testing toolkit. I was updating my tools today and found that this toolkit was also updated some time ago. This is the APT2 v1.0-20170613 release, which was released almost 2 months ago. What is APT2? APT2 will perfor...
iBombShell: A Dynamic Post-Exploitation Remote Shell
PenTestIT RSS Feed Consider you have a shell on a system and other post-exploitation do not work for you as they are being caught by a security solution on the system. Worry not as we now have iBombShell, a dynamic remote shell that can be run on any system that supports PowerShell. The reason th...
UPDATE: OWASP Dependency-Check 5.3.0
My first post about this open source OWASP project was about an older version. A while ago, a new version - OWASP Dependency-Check 5.3.0 was released. This post discusses the changes made to the open source software composition analysis utility in the latest release that includes a lot of bug fix...
UPDATE: Covenant v0.4
Yesterday, Covenant v0.4 was released. My last about Covenant was titled Covenant v0.3.2. Majorly, this version provides options that allow developers to integrate custom C2 communication protocols into an operation within Covenant. This version really makes the development of new listeners is mu...
UPDATE: Sysdig Falco v0.14.0
PenTestIT RSS Feed Recently, an updated version - Sysdig Falco v0.14.0 - was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. What is Sysdig Falco? Sysdig Falco is an open source, behavioral activity monitor...
UPDATE: OWASP Dependency-Check 3.1.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...
ACLight: An Advanced Privileged Account Discovery Tool
PenTestIT RSS Feed Consider that you already have gotten inside a network and have compromised a system. Naturally, you would now want to spread across the network with least efforts. The question is - how? Answer is simple - ACLight. Using this tool you can atleast start looking at weaker target...
UPDATE: APfell 1.4
APfell 1.4 was released a few hours ago! If you remember, I briefly mentioned about this tool in my seven month old post titled – List of Open Source C2 Post-Exploitation Frameworks. When this project started out, it was targeted more at MacOS alone. But what excites me about this newer release i...