April 5, 2020
  • 5:30 pm Kaboom – Automatic Pentest Bash Script
  • 8:26 pm Archery – A Security Tool
  • 2:51 pm Commix – Automated All-in-One OS command injection and exploitation tool
  • 12:28 pm RouterSploit – Exploitation Framework for Embedded Devices
  • 12:23 pm Dunkin Donuts Hacked & User Information Stolen
kaboom

Kaboom is a bash script that automates the first two phases of a penetration test. All informations collected are saved into a directory hierarchy very simple to browser (also in the case of multiple targets). Details:Kaboom performs several tasks: Information Gathering Port scan (Nmap) Web resources enumeration (Dirb) Vulnerability assessment Web vulnerability assessment (Nikto – […]

READ MORE
archery

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize […]

READ MORE
commix

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos (@ancst) that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very […]

READ MORE
RouterSploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: [*]exploits – modules that take advantage of identified vulnerabilities [*]creds – modules designed to test credentials against network services [*]scanners – modules that check if a target is vulnerable to any exploit [*]payloads […]

READ MORE
Dunkin Donuts

Dunkin’ Brands Inc. in a warning presented on its site said that on Oct. 31, a malevolent performing artist endeavored to get to clients’ first and last names, email address, and additionally account data for DD Perks, Dunkin Donuts’ prizes program. That account data incorporate clients’ 16-digit DD Perks account number and DD Perks QR […]

READ MORE
0xwpbf

0xWPBF is an enumeration and bruteforce attack tool against WordPress Installation: Usage: DOWNLOAD: https://github.com/0xAbdullah/0xWPBF

READ MORE
LazyRecon

About: This script is intended to automate your reconnaissance process in an organized fashion by performing the following: [*]Create a dated folder with recon notes [*]Grab subdomains using Sublist3r and certspotter [*]Grab a screenshot of responsive hosts [*]Grab the response header [*]Perform nmap [*]Perform dirsearch [*]Generate a HTML report with output from the tools above […]

READ MORE
Cloudbunny

CloudBunny is a tool to capture the origin server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links: NOTE: In Zoomeye you need […]

READ MORE

LDAP_Search can be used to to enumerate Users, Groups, and Computers on a Windows Domain. In addition, this tool can brute force/password-spraying valid accounts via LDAP. It makes use of Impackets python36 branch (still in dev) to perform its main operations and allows authentication via traditional passwords or hashes. Note: ldap_search, although functional, is more […]

READ MORE
jok3r

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challenging stuff. To achieve that, it combines open-source […]

READ MORE