Browsing tag
Defeating Google’s audio reCaptcha system with 85% accuracy. Inspiration Across the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots (in fact, Devpost uses reCaptcha when creating a new account). After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system […]
Fortify the security of any WordPress installation. This tool releases new versions on a regular basis. Make sure to update your dependencies frequently to get the latest version. Check out the changelog or CHANGELOG.md to learn about the new features. Installation Installing WPHardening requires you to execute one console command: $ pip install -r requirements.txt […]
BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. Installation pip install -r requirements.txt On Kali: apt-get install brutespray Usage First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml. Command: python brutespray.py -h Command: python brutespray.py –file nmap.gnmap […]
Securely-developed apps may be at risk due to security issues in popular interpreted programming languages. Even software that has been built with secure development procedures may still be vulnerable to attack, due to flaws in the interpreted programming languages they depend on. IOActive researcher Fernando Arnaboldi revealed at last week’s Black Hat Europe conference that […]
Tiredful API is intentionally designed broken app. The aim of this web app is to teach developers, QA or security professionals about flaws present in webservices (REST API) due to insecure coding practice. Who can use Tiredful API? Web developers Web Pentesters Security Professionals Student What is included in Tiredful API? I tried to cover […]
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled “live fire” range events. […]
What Is Buffer Overflow? In the area of computer security and programming, a buffer overflow or buffer overflow is an anomaly in which a program, when writing data in a buffer, invades the buffer boundary and overwrites the buffer overflow locations. memory. Buffers are memory areas reserved for storing data, often moving them from one […]
Let’s go over some basics to start off – a port is a place where information is transferred in and out of a computer. A port scanner is a software application intended to analyze a server or host for open ports. Most commonly, port scanners are used by IT professionals in order to validate the […]
This gets interesting when you find your way into a mail server, says dev who found it. Stop us if you’ve heard this one: Java and Python have a bug you can exploit to cross firewalls. Since neither are yet patched, it might be a good day to nag your developers for a bit. The […]
rePy2exe, a Reverse Engineering Tool for py2exe applications. cmake git python 2.7 Enter the following command to download rePy2exe file git clone https://github.com/4w4k3/rePy2exe.git Now to run rePy2exe type python rePy2exe.py python2.7 rePy2exe.py Download now – rePy2exe
mitmAP, is a simple python program to create a fake AP and sniff data SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results to file Kali Linux / Raspbian with root privileges Wireless card […]
Short Bytes: Python 3.6 is now officially available. This release brings many new syntax features, including formatted string literals and underscores in numeric variables. Significant improvements in CPython implementation and standard library have also been made. Today, Python is one of the most used programming languages, and it’s enjoying an extensive growth in different fields of […]
Short Bytes: If you want to check your internet speed using the Linux command Line, here are some utilities which can help you out. These tools use the nearest servers listed on speedtest.net to test the download and upload speed of your internet connection. You recently upgraded your broadband connection. Now, what’s better than testing […]
httpstat visualizes curl statistics in a way of beauty and clarity. It is a single file Python script that has no dependency and is compatible with Python 3. There are three ways to get httpstat : Step 1: Download the script directly: wget https://raw.githubusercontent.com/reorx/httpstat/master/httpstat.pyStep 2: Through pip: pip install httpstatStep 3: Through homebrew (macOS only): […]
Python keylogger with multiple features. Requirements: Install PyHook Install PyWin32 Install Microsoft Visual C++ Compiler for Python Install PyInstaller Install and Use: Step 1: Download the libraries if you are missing any.Step 2: Set the Gmail username and password and remember to check allow connection from less secure apps in gmail settings.Step 3: Set the […]
AutoBrowser is a simple tool designed in python for IT professionals to perform penetration testing. The purpose of this tool is to create report and screenshots of http/https based ports on the network, you can choose either analyze Nmap report or scan with Nmap and then the tool automatically check the results with http/https request […]
In writing the most recent Hack This (“Scrape the Web with Beautiful Soup”) I again found myself trapped between the competing causes of blog-brevity and making sure everything is totally clear for non-programmers. It’s a tough spot! Recapping every little Python (the default language of Hack This) concept is tiring for everyone, but what’s the […]
Features connect with direct session with no need for reverse connection . support password protection . can be binded to any file with no damage . using GET/POST request with error handling . Usage Remote shell python file : considered as Client to connect with target python remote shell.py url password php shell php file […]
sudo-snooper acts like the original sudo binary to fool users into entering their passwords. It will show a fake prompt just like the original to the user to enter their sudo password. This can be useful in penetration tests or security evaluations for testing user knowledge. Installation steps Option 1 – Install in place of […]
Recently we have been posting lot of new tools related to ‘steganography‘, a tool which is used to hide images or text in images. Matroschka, a steganography tool written in pure Python. You can use this tool to hide and encrypt images or text in the least significant bits of pixels in an image. HMAC-SHA256 […]
Pythem, a python pentesting tool developed in the hope that it will be useful and not for any illegal activities and works only for GNU/Linux OS. Also Read: Learn Python for FREE with this course How to: $sudo git clone https://github.com/m4n3dw0lf/PytheM/ $cd PytheM $sudo pip install -r requirements.txt $sudo ./pythem Also Read: The best python […]