April 5, 2020
  • 5:30 pm Kaboom – Automatic Pentest Bash Script
  • 8:26 pm Archery – A Security Tool
  • 2:51 pm Commix – Automated All-in-One OS command injection and exploitation tool
  • 12:28 pm RouterSploit – Exploitation Framework for Embedded Devices
  • 12:23 pm Dunkin Donuts Hacked & User Information Stolen
tidos

Highlights: [*]A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. [*]Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules. [*]Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules). [*]Scanning & Enumeration Phase has got 16 modules (including port scans, […]

READ MORE
mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic […]

READ MORE
gitdump

GitDump dumps source code from website/.git directory when directory traversal is disabled. How it works: Requirements: Usage: Download: https://github.com/Ebryx/GitDump

READ MORE
wifiphisher

Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials […]

READ MORE
fluxion

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s […]

READ MORE
subscraper

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTP(S) requests and DNS “A” record lookups during the enumeration process to validate discovered subdomains. This provides further information to help prioritize targets and aid in potential next steps. Post-Enumeration, “CNAME” lookups […]

READ MORE
facebook

Facebook Breach On September 28, 2018 Facebook made a press release regarding the breach in security which affected 50 million of its users. The attack took place through the “View as” option that Facebook uses to allow users to see what their profile looks like to other users. The attackers exploited that feature to steal […]

READ MORE
wifivoid

Wifivoi is a ruby script for continuously jam all wifi clients and access points within range. The effectiveness of the script depends on your wireless card. Requirements: How to use: Download: https://github.com/SValkanov/wifivoid

READ MORE
nikto

Below is a helpful infographic for basic commands and usage with the tool Nikto

READ MORE
wifibroot

WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on scapy, a well-featured packet manipulation library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the wireless interface on a different channel. That will be done via native Linux […]

READ MORE