Lucene search
K
PentestitMost viewed

154 matches found

pentestit
pentestit
added 2017/08/02 10:10 p.m.142 views

Koadic: An Advanced Windows JScript/VBScript RAT!

PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...

6.9AI score
Exploits0
pentestit
pentestit
added 2019/08/09 9:46 p.m.131 views

UPDATE: MITRE CALDERA 2.2.0

PenTestIT RSS Feed If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. Sometime back, an update - the MITRE CALDERA 2.2.0 was released. A lot of changes have been made to create this updated version and as always,...

1.6AI score
Exploits0
pentestit
pentestit
added 2019/08/27 4:42 a.m.126 views

UPDATE: MITRE CALDERA 2.3.0

PenTestIT RSS Feed A month ago, MITRE Caldera 2.2.0 was released and a couple of days back now MITRE CALDERA 2.3.0 was released as well. If you remember, I wrote briefly about this automated adversary emulation system in my post titled – List of Adversary Emulation Tools. A lot of changes have be...

7.8AI score
Exploits0
pentestit
pentestit
added 2019/08/13 8:56 p.m.126 views

UPDATE: FOCA v3.4.6.0

PenTestIT RSS Feed My last post about this Fingerprinting & Organisation with Collected Archives was almost two year ago. I also mentioned that this tool was open sourced. Now, FOCA v3.4.6.0 has been released! I missed a lot of the older updates to this tool. What is FOCA? FOCA stands for...

7.8AI score
Exploits0
pentestit
pentestit
added 2019/09/03 2:48 p.m.123 views

UPDATE: Kali Linux 2019.3 Release

PenTestIT RSS Feed Kali Linux 2019.3, the latest and the greatest Kali Linux release is now officially available! This is the third 2019 release, which comes after Kali Linux 2019.2. This release includes the normal bugs fixes, updates the kernel to version 5.2.9, and includes various new feature...

0.2AI score
Exploits0
pentestit
pentestit
added 2017/08/23 8:57 p.m.119 views

UPDATE: OSRFramework 0.17.2

PenTestIT RSS Feed My last post about this open sources research framework was approximately three weeks ago. Recently, two new versions were released in quick succession - 0.17.1 & OSRFramework 0.17.2. This post covers the changes and advancements made to both these versions. What is OSRFramewor...

7AI score
Exploits0
pentestit
pentestit
added 2017/08/23 6:20 a.m.118 views

TIH: The Open Source Threat Intelligence Hunter

PenTestIT RSS Feed The primary purpose of threat intelligence is to help you understand the risks of threats, such as zero-days, advanced persistent threats APTs and exploits. But how do you do that on a large scale in an automated manner? You now have a solution in TIH, the Threat Intelligence...

6.8AI score
Exploits0
pentestit
pentestit
added 2017/09/01 6:19 a.m.114 views

Gloom-Framework: Security Framework For Kali Linux

PenTestIT RSS Feed This short post is about a new penetration testing toolkit/framework in the market, which was specifically built for Kali Linux. The name is Gloom-Framework. It is coded in Python and is also open source with a few dependencies. What is Gloom-Framework? Gloom-Framework is an op...

6.9AI score
Exploits0
pentestit
pentestit
added 2017/08/30 3:3 a.m.112 views

How to: Uninstall MBRFilter?

PenTestIT RSS Feed If you remember about my older post about the open source tool to protect against MBR infections - MBRFilter. All of a sudden one of my test machines started dying with the famous BSOD. I was able to recover from the error as I figured the error was with MBRFilter.sys. However,...

6.8AI score
Exploits0
pentestit
pentestit
added 2019/10/26 12:15 a.m.110 views

UPDATE: AutoSploit 4.0

PenTestIT RSS Feed AutoSploit 4.0 was released a month ago. I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 3.0. This version primarily adds support for running nmap scans within the same terminal. What is...

0.4AI score
Exploits0
pentestit
pentestit
added 2019/01/31 6:4 a.m.110 views

BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...

0.5AI score
Exploits0
pentestit
pentestit
added 2019/06/29 12:49 a.m.106 views

Electronegativity: An Open Source Electron Security Auditor

PenTestIT RSS Feed Electron is a pretty recent framework for building desktop applications and there are not many tools that deal with the security part either. There is a electronjs security checklist, providing guidelines for building secure applications, but there is no tool per-se - atleast...

0.1AI score
Exploits0
pentestit
pentestit
added 2017/09/11 9:56 p.m.105 views

List of Portable Hardware Devices for Penetration Testing

PenTestIT RSS Feed All of us at some point or the other think of a possibility of "remoting" a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and mu...

6.7AI score
Exploits0
pentestit
pentestit
added 2019/08/14 5:23 p.m.103 views

UPDATE: Infection Monkey 1.6.3

PenTestIT RSS Feed Some days ago, Infection Monkey 1.6.3 was released. The first post about this tool can be found in a post titled the List of Adversary Emulation Tools. This is a small bugfix release, mostly around integration and packaging. It contains two user facing changes as well. What is...

0.4AI score
Exploits0
pentestit
pentestit
added 2017/10/03 5:42 a.m.102 views

Wordpwn: A Malicious WordPress Plugin Generator

PenTestIT RSS Feed I have covered about multiple tools that deal with WordPress vulnerability assessments and exploitation. A very good example of WordPress exploitation framework is the WPXF and the WordPress attack suite is aptly represented by WPForce & Yertle. This post is about Wordpwn, whic...

7AI score
Exploits0
pentestit
pentestit
added 2017/07/21 7:15 p.m.102 views

UPDATE: Prowler 1.3!

PenTestIT RSS Feed My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! What is Prowler? Prowler is a tool for AWS security assessment, auditing and hardening. It follows guidelines of the CIS Amazon Web Services Foundations...

6.8AI score
Exploits0
pentestit
pentestit
added 2020/02/01 5:6 a.m.98 views

UPDATE: Tsurugi Linux 2019.2

Tsurugi Linux 2019.2 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux such as bug fixes, updates and addition of new tools. What is Tsurugi Linux? Tsurugi Linux,...

0.5AI score
Exploits0
pentestit
pentestit
added 2019/05/17 6:42 a.m.97 views

UPDATE: Sysdig Falco v0.15.0

PenTestIT RSS Feed Three days ago, an updated version – Sysdig Falco v0.15.0 – was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. This release incorporates a lot of rule updates that are now also tagged the for...

2.1CVSS5.7AI score0.0055EPSS
Exploits1
pentestit
pentestit
added 2019/01/30 1:7 a.m.94 views

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

1.4AI score
Exploits0
pentestit
pentestit
added 2017/10/09 11:24 p.m.93 views

UPDATE: Cameradar v2.0.0

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update - Cameradar v2.0.0 was made available by the authors. What is Cameradar? Cameradar is an RTS...

7.1AI score
Exploits0
pentestit
pentestit
added 2017/07/26 4:58 a.m.93 views

nps_payload: Basic Intrusion Detection Avoidance Payload Generator!

PenTestIT RSS Feed This is a short post about npspayload, an open source, python script that helps you create basic payloads that help you avoid or bypass intrusion detection systems. This is a mix of @ben0xa's Not PowerShell nps frameworks and some features of @HackingDave’s unicorn tool. As you...

7.2AI score
Exploits0
pentestit
pentestit
added 2019/12/06 11:39 p.m.92 views

UPDATE: TrevorC2 version 1.3

TrevorC2 version 1.3 was just released yesterday! I briefly mentioned about TrevorC2 in my older post titled as the List of Open Source C2 Post-Exploitation Frameworks. Infact, there have been two updates which I missed blogging about and hence, this post will cover those changes as well. What is...

1.5AI score
Exploits0
pentestit
pentestit
added 2017/09/19 5:53 a.m.91 views

UPDATE: OSRFramework 0.17.3

PenTestIT RSS Feed My last post about this open sources research framework was approximately four weeks ago. Two days ago, a new version was released - OSRFramework 0.17.3. This post covers the changes, fixes and advancements made to this version. What is OSRFramework? OSRFramework is an open...

7AI score
Exploits0
pentestit
pentestit
added 2019/11/12 10:39 p.m.90 views

UPDATE: PoshC2 v5.0

A couple of days ago, PoshC2 v5.0 was released to the public. I briefly mentioned PoshC2 in my post titled – List of Open Source C2 Post-Exploitation Frameworks. Significant changes and improvements have been made to this version, most notably - PoshC2 has been completely rewritten in Python3. Wh...

2.2AI score
Exploits0
pentestit
pentestit
added 2017/07/25 12:17 a.m.90 views

UPDATE: OWASP Dependency-Check 2.1.0!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...

7.3AI score
Exploits0
pentestit
pentestit
added 2017/09/20 6:5 a.m.88 views

Kubebot: A Kubernetes Based Security Testing Slackbot

PenTestIT RSS Feed About a week ago, I blogged about List of Portable Hardware Devices for Penetration Testing. The tool that I am blogging about today - Kubebot - can be an awesome example and be installed very easily on a Raspberry Pi that you have lying around. Best part is that this is open...

6.9AI score
Exploits0
pentestit
pentestit
added 2017/07/21 6:19 a.m.86 views

Subdomain Enumeration Using Censys & Crtsh!

PenTestIT RSS Feed If you read my last post about V1D0m and liked it, I'm sure you will LOVE this post. As you will remember, the older post was about subdomain enumeration using VirusTotal, this post is about enumerating subdomains and DNS information using the following services: CloudFlare,...

6.9AI score
Exploits0
pentestit
pentestit
added 2017/08/17 4:55 a.m.84 views

BootStomp: Find Mobile Device Bootloader Vulnerabilities

PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...

7.2AI score
Exploits0
pentestit
pentestit
added 2019/11/25 3:14 a.m.83 views

UPDATE: Tsurugi Linux 2019.1

Tsurugi Linux 2019.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux, that was released at BlackHat USA. This release includes a lot of bug fixes, updates, additi...

6.9AI score
Exploits0
pentestit
pentestit
added 2018/11/28 11:4 p.m.83 views

TOOL UPDATE: Cameradar v2.1.0

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version - Cameradar v2.0.0. A lot has happened since then and an update – Cameradar v2.1.0 was made available by the author. This version comes...

1.7AI score
Exploits0
pentestit
pentestit
added 2017/08/21 12:12 a.m.83 views

CoMisSion: Open Source WhiteBox CMS Analysis Tool

PenTestIT RSS Feed Less than a week ago, an open source white-box CMS analysis tool was released - CoMisSion. I had covered a similar local web application vulnerability scanner - pyfiscan. This new tool tends to automate a lot of tasks that help you analyze a CMS setup and tend to be long, tedio...

6.9AI score
Exploits0
pentestit
pentestit
added 2019/08/08 5:7 a.m.81 views

UPDATE: SILENTTRINITY v0.3.0

PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...

1.7AI score
Exploits0
pentestit
pentestit
added 2018/07/28 9:35 p.m.81 views

UPDATED VERSION: AutoSploit 2.2

PenTestIT RSS Feed It has been some days since there was a lot of hue and cry about AutoSploit and eventually everything subsided. I wrote about it in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit too. Recently, an updated an improved updated version - AutoSploit 2.2 was released...

0.2AI score
Exploits0
pentestit
pentestit
added 2017/10/08 2:8 a.m.79 views

Skimmer Scanner: A Credit Card Skimmer Detection App

PenTestIT RSS Feed While browsing the Google app store, I stumbled upon a credit or debit card skimmer detection app - Skimmer Scanner. The icing on the cake is that the source code of this app is already available! As you know, credit or debit card skimmers are small innocuous devices that steal...

7AI score
Exploits0
pentestit
pentestit
added 2017/08/15 4:57 a.m.78 views

UPDATE: Leviathan Framework v0.1.2!

PenTestIT RSS Feed I seem to have missed about two updates made to the this mass audit toolkit. My last post about the Leviathan Framework can be found here. We now have the latest - Leviathan Framework v0.1.2! What is Leviathan Framework? Leviathan is a mass audit toolkit which has wide range...

7.9AI score
Exploits0
pentestit
pentestit
added 2019/01/03 12:9 a.m.77 views

UPDATE: XSStrike 3.1.2

PenTestIT RSS Feed My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update - XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped...

6.4AI score
Exploits0
pentestit
pentestit
added 2017/08/03 3:49 a.m.77 views

UPDATE: OSRFramework 0.17.0 BlackHat Arsenal Version!

PenTestIT RSS Feed Sometime early last month, I made a post about OSRFramework which was version 0.16.8. A new version of this open sources research framework was released at the recently concluded BlackHat 2017 conference. To be precise, it was released on Wednesday, July 26 in the OSINT Arsenal...

7.1AI score
Exploits0
pentestit
pentestit
added 2017/07/21 11:32 p.m.77 views

SmoothCriminal: Sandbox Detection Via Cursor Speeds!

PenTestIT RSS Feed It's that exciting time of the year folks when new people from the security walks of life throng to casinos in the desert. Yes! I am talking about Black Hat, BSidesLV, DefCon. Bringing to you a part of utility that will be completely released at BSidesLV - SmoothCriminal, which...

6.9AI score
Exploits0
pentestit
pentestit
added 2020/03/19 4:51 a.m.75 views

UPDATE: Tsurugi Linux 2020.1

Tsurugi Linux 2020.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT and my last post was about Tsurugi Linux 2019.2. This post discusses the updates made to the latest version of Tsurugi Linux such as bug fixes, updates and addition of ne...

0.5AI score
Exploits0
pentestit
pentestit
added 2017/07/24 8:24 p.m.73 views

UPDATE: Luckystrike 2.0!

PenTestIT RSS Feed My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM...

7AI score
Exploits0
pentestit
pentestit
added 2018/09/04 7:31 a.m.70 views

Comparison of Open Source Adversary Emulation Tools

PenTestIT RSS Feed If you liked my older post titled "List of Adversary Emulation Tools", I am sure you must want to know what is the difference or comparison between the different tools. This post is an attempt to do just that -to list down the comparison of open source adversary emulation tools...

2.2AI score
Exploits0
pentestit
pentestit
added 2017/08/01 11:24 p.m.70 views

UPDATE: Nmap 7.60 Now Available!

PenTestIT RSS Feed About a month and half ago, Nmap 7.50 was released. Today, a few minutes ago - Nmap 7.60 was made available with SSH support, improved SMB2/SMB3 support by Paulino Calderon @calderpwn, addition of 14 NSE scripts and a new Npcap version. Nmap is now the default tool to discover...

8.7AI score
Exploits0
pentestit
pentestit
added 2017/08/28 9:25 p.m.69 views

Automated Penetration Testing Toolkit UPDATE: APT2 v1.0-20170613!

PenTestIT RSS Feed Almost five months ago, I covered this automated penetration testing toolkit. I was updating my tools today and found that this toolkit was also updated some time ago. This is the APT2 v1.0-20170613 release, which was released almost 2 months ago. What is APT2? APT2 will perfor...

6.9AI score
Exploits0
pentestit
pentestit
added 2018/09/06 6:51 a.m.67 views

iBombShell: A Dynamic Post-Exploitation Remote Shell

PenTestIT RSS Feed Consider you have a shell on a system and other post-exploitation do not work for you as they are being caught by a security solution on the system. Worry not as we now have iBombShell, a dynamic remote shell that can be run on any system that supports PowerShell. The reason th...

0.8AI score
Exploits0
pentestit
pentestit
added 2020/01/22 5:32 a.m.66 views

UPDATE: OWASP Dependency-Check 5.3.0

My first post about this open source OWASP project was about an older version. A while ago, a new version - OWASP Dependency-Check 5.3.0 was released. This post discusses the changes made to the open source software composition analysis utility in the latest release that includes a lot of bug fix...

3.4AI score
Exploits0
pentestit
pentestit
added 2019/11/01 12:18 a.m.63 views

UPDATE: Covenant v0.4

Yesterday, Covenant v0.4 was released. My last about Covenant was titled Covenant v0.3.2. Majorly, this version provides options that allow developers to integrate custom C2 communication protocols into an operation within Covenant. This version really makes the development of new listeners is mu...

1.7AI score
Exploits0
pentestit
pentestit
added 2019/04/16 4:42 a.m.62 views

UPDATE: Sysdig Falco v0.14.0

PenTestIT RSS Feed Recently, an updated version - Sysdig Falco v0.14.0 - was released. It has been some time since I last blogged about this open source behavorial activity monitor which has container support. What is Sysdig Falco? Sysdig Falco is an open source, behavioral activity monitor...

0.7AI score
Exploits0
pentestit
pentestit
added 2018/01/11 12:45 a.m.61 views

UPDATE: OWASP Dependency-Check 3.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...

7.2AI score
Exploits0
pentestit
pentestit
added 2017/09/15 5:50 a.m.61 views

ACLight: An Advanced Privileged Account Discovery Tool

PenTestIT RSS Feed Consider that you already have gotten inside a network and have compromised a system. Naturally, you would now want to spread across the network with least efforts. The question is - how? Answer is simple - ACLight. Using this tool you can atleast start looking at weaker target...

6.7AI score
Exploits0
pentestit
pentestit
added 2020/03/08 3:18 a.m.60 views

UPDATE: APfell 1.4

APfell 1.4 was released a few hours ago! If you remember, I briefly mentioned about this tool in my seven month old post titled – List of Open Source C2 Post-Exploitation Frameworks. When this project started out, it was targeted more at MacOS alone. But what excites me about this newer release i...

1.5AI score
Exploits0
Total number of security vulnerabilities154