Browsing tag
Linus Torvalds has released Linux kernel 4.20 (it looks like we’re not getting Linux 5.0 anytime soon). This reminds me of last year’s Linux 4.9, which turned out to be the biggest ever kernel in terms of the number of commits. Talking about the latest Linux 4.20, it’s a big kernel as well. As per […]
w3brute is an open source penetration testing tool that automates attacks directly to the website’s login page. w3brute is also supported for carrying out brute force attacks on all websites. Features Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners: automatically detects target […]
The developers of Linux Mint, one of the most user-friendly open source distros out there, have shipped the freshly-baked Linux Mint 19.1. Codenamed Tessa, this operating system will remain supported until 2023. For those who don’t know, Linux Mint is a popular Ubuntu-based Linux distro that aims to make the transition from a closed world of […]
The development work of Ubuntu 19.04 Disco Dingo is going on in full progress. In a related development, according to a recent report from Phoronix, the Ubuntu developers are working to reduce the CPU usage of the open source operating system. Specifically, Canonical’s Daniel Van Vugt has shared his updates on different bug fixes that […]
Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog – Compressed File Upload And Command Execution and from OWASP – Test Upload of Malicious Files This script will create archive which contains files with “../” in […]
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable – Some common tools are in the default config, but you can add any tool you want Service Aware – Uses nmap/nessus service names rather than port numbers to decide […]
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and others via packet injection. Testing: Checking WiFi cards and driver […]
theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. […]
Various Linux distributions might be affected by this new vulnerability Digital forensics experts from the International Institute of Cyber Security report that, thanks to a recently discovered vulnerability, a user account with limited privileges on most Linux operating systems with a UID value greater than 2147483647 could run any SYSTEMCTL command without authorization. The […]
A couple of months ago, Linux creator Linus Torvalds took a brief break from the Linux development process (he’s back) and focus on improving his habit of getting into heated discussions. It was also followed by a new Code of Conducted adopted for code contributors and kernel maintainers. In a related development, to make the […]
The RISC-V Foundation is a non-profit corporation that works to encourage the adoption of RISC-V architecture for chip design. For those who don’t know, contrary to other CPU Instruction Set Architectures (ISA), RISC-V is free and open source. To further promote its adoption, the RISC-V Foundation has joined hands with The Linux Foundation. This partnership […]
The trojan also installs a rootkit and another malware variant that can lead to denial-of-service conditions Perhaps the malware variants that affect Linux users are not as common as threats to Windows users, but Linux malware becomes increasingly functional and complex, consider digital forensics specialists in the International Institute of Cyber Security. The most recent […]
Here’s the main new features and improvements in Faraday v3.3: Workspace archive You are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later on if needed. […]
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost-effective and secure, Linux is the server operating system of choice for many large organizations including Facebook, Twitter, and Google. Acunetix is one of the first commercial, automated web vulnerability scanners to be released […]
A tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. @MalwareCantFly Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with “_Change” execution triggers Fancy […]
Tested on Kali Linux. Should work with all Debian based distros (and other ones if you have the right packages installed) BabySploit is a penetration testing framework aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit. With a very easy to use UI and toolkit, anybody from any […]
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation: Manticore automatically generates inputs that trigger unique code paths Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations Execution Tracing: Manticore records an instruction-level trace of execution […]
Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn’t work with python < 3.4 Discover parameters To find GET parameters, you can simply do: python3 arjun.py -u https://api.example.com/endpoint –get Similarly, use –post to find POST parameters. Multi-threading Arjun uses 2 threads by default but […]
At the OpenStack Summit in Berlin last week, the Canonical founder Mark Shuttleworth made an announcement that would surely please developers and Linux users who rely heavily on Ubuntu for their daily chores. Shuttleworth announced that Ubuntu 18.04 LTS Bionic Beaver would be supported for one decade. Usually, the LTS Ubuntu releases enjoy a 5-year […]
Scrape/Parse Pastebin using GO and grammar expression (PEG). Installation $ go get -u github.com/edoz90/pastego Usage Search keywords are case sensitive pastego -s “password,keygen,PASSWORD” You can use boolean operators to reduce false positive pastego -s “quake && ~earthquake, password && ~(php || sudo || Linux || ‘<body>’)” This command will search for bins with quake but not earthquake words and […]
DEVELOPMENT BRANCH: The current branch is a development version. Go to the stable release by clicking on the master branch. Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is […]