Collaborate Disseminate
Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.
This project uses Redis/Celery, python, and vagrant with vir… Continue reading Metta – Information Security Adversarial Simulation Tool
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the u… Continue reading Powershell-RAT – Gmail Exfiltration RAT
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants, refineries and all kinds of other powerful and dangerous things.
The latest talk given on the s… Continue reading SCADA Hacking – Industrial Systems Woefully Insecure
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Airgeddon Wireless Security Auditing Features
Interface mode switcher (Monitor-Managed) keeping selection even on inte… Continue reading airgeddon – Wireless Security Auditing Script
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled wi… Continue reading Acunetix v12 – More Comprehensive More Accurate & 2x Faster
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions. This effectively allows for domain hijacking.
How CloudFrunt Work… Continue reading CloudFrunt – Identify Misconfigured CloudFront Domains
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are curr… Continue reading Airbash – Fully Automated WPA PSK Handshake Capture Script
XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.
Usage of XXEin… Continue reading XXEinjector – Automatic XXE Injection Tool For Exploitation
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million A… Continue reading Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.
Drupwn Drupal Enumeration Tool Hacking Features
Drupwn can be run, using two separate modes which are enum and exploit…. Continue reading Drupwn – Drupal Enumeration Tool & Security Scanner