So Long, and Thanks for All the Fish
Just some random thoughts about the Meaning of Life, The Universe, and Everything
A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so the script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16). The…
Useful during a pentest Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin. It’s developed using python, Selenium e geckodriver Features Automatically check found emails in haveibeenpwned.com Output in CSV format Installation Simply run setup.sh as root. The script resolves some python dependencies and installs geckodriver and xvfb: pip install…
Designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations. It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool. Features Fingerprints Server Frameworks (CakePHP,CherryPy,Django,…) Firewall (Cloudflare,AWS,Barracuda,…)…
Really useful in the first phases of a penetration test XRay is a tool for network OSINT gathering developed by Simone Margaritelli, useful to make initial tasks of information gathering and network mapping. It make a bruteforce of subdomains using a wordlist and DNS requests, and for every subdomain/ip found retrieves from Shodan the open…
What do you do if you have a Netcat that doesn’t support the -e or -c options to run a shell or your target doesn’t support /dev/tcp? On SANS Penetration Testing Blog i’ve read a really useful article about Netcat, espacially about using this tool to create a reverse backdoor shell during a penetration test….