Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving […]
GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers […]
Haaukins Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox, and Golang), the communication and orchestration between the components managed using Go programming language. The main reason of having Go environment to manage and deploy something on the Haaukins platform is that Go’s easy concurrency […]
Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: https://latesthackingnews.com/2016/01/27/sublist3r-free-tool-to-enumerate-subdomains-for-pentester/ Installation and usage git clone https://github.com/fleetcaptain/Turbolist3r cd Turbolist3r/ pip3 install -r requirements.txt There are various options such as port scanning, brute force on subdomains, input and output files, dns resolvers: The following command shows how a typical […]
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Changelog v0.1 RC2 Fix a lot of bugs. Add new Generator and Detecition API. Variables can be used in fuzz signature now. Fuzz signature can be used in CLI mode (jaeles scan …) now. The documentation is […]
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details.Checkout Signature Repo for base signature. UsageMore usage hereExample commands. jaeles scan -u http://example.comjaeles scan -s signatures/common/phpdebug.yaml -U /tmp/list_of_urls.txtjaeles scan –retry 3 –verbose -s “signatures/cves/jira-*” […]
Automated Vulnerability Scanner for XSS | Written in Python3 | Utilizes Selenium Headless Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests. View the gif above to see a preview of the fastest type of […]
Router exploit shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The […]
SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system.A full installer for the application is available and can be downloaded here. The application supports windows 2000 – windows 10. Including x64 […]
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack. The tool is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the vicitim device off the network. It […]
Many privacy advocates have time and again raised questions about surveillance cameras and increasing usage of surveillance technology. They argue that the technology could be exploited for discriminatory targeting and it is also a direct attack on the privacy of citizens. To balance things out, a hacker and designer named Kate Rose has introduced a […]
Last week, Capital One breach shocked the IT security community after it was revealed that a wannabe hacker was able to steal and brag about personal and financial details of over 106 million users. The incident also highlighted the fact that penetration testing has become more critical than ever. If you’ve had the chance to […]
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames […]
There are many open source developers who want to show their skills by developing web applications. Every developer tries to show something new. Or some developers try to automate their tasks. According to ethical hacking researcher of international institute of cyber security there are many phases from developing web application to deploying it. But in […]
Yuki Chan is an Automated Penetration Testing tool that will be auditing all standard security assessment for you. It is one of the Best Penetration testing Tool which provides many Integrated Security Tools and Performing Many Penetration testing Operation into Target Network. There are more than 15 Modules has been Integrated with Yuki chan and it is […]
SQLMate is an advanced tool that you can use to run sql injection vulnerability check online using Dork and it will allow user to find admin panel on targeted system beside hash cracking. Online search engines are one of the advanced tools that many coders include in their scope cause it will allow to identify […]
JSHielder is an Open Source Bash Script developed to help SysAdmin and developers secure there Linux Servers in which they will be deploying any web application or services. This tool automates the process of installing all the necessary packages to host a web application and Hardening a Linux server with little interaction from the user. […]
AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading […]
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes. Seccubus […]
An improvised automated threat intelligent system with advanced vulnerability scanners and Opensource Intelligence Information gathering python scripts when integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform can defend against new and futuristic cyber attacks. ATD-MISP with OpenDXL This integration is focusing on the automated threat intelligence collection with McAfee ATD, OpenDXL and […]
HashCK is a Hash Cracking script that can crack the 10 most popular cryptographic hash algorithms. Hashck features – Bruteforce Md5 Hash – Bruteforce Sha-1 sha-224 sha-256 sha-384 sha-512 Mysql Hashes – Search Hash in 6 Biggest Online Hash Database – It Has 555372 Cracked Hashes Stored Offline – Fast Numeric Bruteforce Using Md5crack – […]