BOtB (Break out the Box) is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when […]
Ethical hacking experts report the arrest of two security specialists hired to evaluate a US court’s IT infrastructure; according to the reports, the two experts were caught while trying to physically access the court’s systems. Justin Wynn and Gary Demercurio, the two information security specialists involved, were arrested by police in Iowa, US, after they […]
SniffAir – Wireless security framework for wireless pentesting SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking […]
WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to inter-operate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this […]
Pentesters/ security researchers uses many devices for testing their hacking skills or finding new bugs in any web application. Mostly users uses Linux different flavors for testing purposes. But mostly Kali Linux is the most popular OS which is used by pentesters and it is also the part of ethical hacking & mobile hacking courses […]
Quick utility to craft executables for pentesting and managing reverse shells. Instructions Requires Python 3.5 or above. usage: usb.py [-h] [-b BAT] [-i ICON] [-o OUTPUT] [-t TARGET] [-l] [-p PORT] EvilUSB: Quick utility to craft executables for pentesting and managing reverse shells. optional arguments: -h, –help show this help message and exit -b BAT, […]
Linux enumeration tools for pentesting and CTFs. This project was inspired by https://github.com/rebootuser/LinEnum and uses many of its tests. Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view. What is it? This script will show relevant information about the security of the local Linux system. […]
A Penetration Testing OS BlackArch Linux 2019.06.01 Released with new ISOs and OVA image and set of high-quality updates for Penetration testers. BlackArch Linux is one of the Powerful Arch Linux-based penetration testing distribution which contains around 2200 Hacking tools. BlackArch Linux one of the widely using Distributions by hackers, penetration testers, and security researchers […]
Trigmap is a wrapper for Nmap. You can use it to easily start Nmap scan and especially to collect informations into a well organized directory hierarchy. The use of Nmap makes the script portable (easy to run not only on Kali Linux) and very efficient thanks to the optimized Nmap algorithms. Trigmap can performs several […]
Kaboom is a bash script that automates the first two phases of a penetration test. All informations collected are saved into a directory hierarchy very simple to browser (also in the case of multiple targets). Kaboom performs several tasks: Information Gathering Port scan (Nmap) Web resources enumeration (Dirb) Vulnerability assessment Web vulnerability assessment (Nikto – […]
When we require working with a functional operating system for security analysis and ethical hacking, cybersecurity experts consider that Parrot Linux is, together with BlackArch, one of the best options available, even though there are also Windows-based options. The developers of Parrot Linux have just launched version 4.6 of this operating system, which has some […]
Here we listed the best operating systems used today by hackers, pentesters, blue and red teamers. (basically anyone in the security sector) These include penetration testing distro’s, specialized OS’s that focus’ malware analysis, wifi hacking, forensic investigations, network monitoring and even a honeypot distribution. The choice is completely yours! In case you’re totally new to […]
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Let’s get started To clone the tool, type the following command: git clone https://github.com/1N3/Sn1per.git Then you type the following commands to change the directory to Sn1per, change mode of install.sh, and to list the files of […]
John the Ripper is a fast password cracker which is intended to be both elements rich and quick. It combines a few breaking modes in one program and is completely configurable for your specific needs for Offline Password Cracking. Out of the create, John the Ripper tool underpins (and autodetects) the accompanying Unix crypt(3) hash […]
To help the whitehat hackers easily test the security of its homegrown mobile apps, Facebook has launched a new feature called Whitehat Settings. This setting is applicable for Facebook, Instagram, and Messenger apps for Android; it’s currently unavailable for iOS platform. The company expects that whitehat hackers will use this feature on their accounts to hunt bug bounties. […]
Different automation & manual tools/ techniques are used in pentesting. Considering on the target web application scenario scanning is performed. Security researchers/ pentesters always tries to found the vulnerability in source code or ports which are vulnerable. Ethical hacking researcher, Delhi India of International Institute of Cyber Security, recently demonstrated a critical vulnerability using a […]
SniffAir is an open-source wireless security framework which allows you to collect, manage and analyze wireless traffic. It also provides the ability to perform sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws or malicious […]
If you are trying to hack the databases with methods like single quotes error based injection, Integer based injection or double quotes method but the databases are not vulnerable to those methods injection will fail and you cannot connect with database.In short, the error based Manual SQL injection will use single quote to break the query and […]
Recently HackerGiraffe and j3ws3r hijacked more than 70,000 Chromecasts to make people aware about the security risks of devices exposed to internet and promoted Pewdiepie. They took advantage of exposed UPnP ports of home routers to hijack Chromecast devices and play their content. Inspired from this hack, thewhiteh4t has created killcast, an open source tool […]
Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff. To achieve that, it combines open-source […]
BABYSPLOIT INTRO:- Babysploit is a pentesting tool kit used in initial phase of pentesting. BabySploit mostly covers each and every scan. This tool is a bundle of all the small tools. This tool is used for people who are new in hacking and want to learn initial phases of pentesting, as per ethical hacking expert […]