A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so the script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16). The…
Category: Penetration Testing
Raven: a tool for gathering information about company employees using google and Linkedin
Useful during a pentest Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin. It’s developed using python, Selenium e geckodriver Features Automatically check found emails in haveibeenpwned.com Output in CSV format Installation Simply run setup.sh as root. The script resolves some python dependencies and installs geckodriver and xvfb: pip install…
“Spaghetti”, a Python Web Application security scanner
Designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations. It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool. Features Fingerprints Server Frameworks (CakePHP,CherryPy,Django,…) Firewall (Cloudflare,AWS,Barracuda,…)…
XRay: a great network OSINT gathering tool
Really useful in the first phases of a penetration test XRay is a tool for network OSINT gathering developed by Simone Margaritelli, useful to make initial tasks of information gathering and network mapping. It make a bruteforce of subdomains using a wordlist and DNS requests, and for every subdomain/ip found retrieves from Shodan the open…
Reverse shell with Netcat: some use cases
What do you do if you have a Netcat that doesn’t support the -e or -c options to run a shell or your target doesn’t support /dev/tcp? On SANS Penetration Testing Blog i’ve read a really useful article about Netcat, espacially about using this tool to create a reverse backdoor shell during a penetration test….