WPSeku is a Black-box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. What is a Black-box scanner? Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or […]
A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so the script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16). The […]
Useful during a pentest Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin. It’s developed using python, Selenium e geckodriver Features Automatically check found emails in haveibeenpwned.com Output in CSV format Installation Simply run setup.sh as root. The script resolves some python dependencies and installs geckodriver and xvfb: pip install […]
Designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations. It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool. Features Fingerprints Server Frameworks (CakePHP,CherryPy,Django,…) Firewall (Cloudflare,AWS,Barracuda,…) […]
Really useful in the first phases of a penetration test XRay is a tool for network OSINT gathering developed by Simone Margaritelli, useful to make initial tasks of information gathering and network mapping. It make a bruteforce of subdomains using a wordlist and DNS requests, and for every subdomain/ip found retrieves from Shodan the open […]