Collaborate Disseminate
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
There are various ‘egg’ modules which contain patterns to scan for, it can scan through files recursively limit… Continue reading Mosca – Manual Static Analysis Tool To Find Bugs
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebo… Continue reading Slurp – Amazon AWS S3 Bucket Enumerator
Surprise, surprise, surprise – an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
US Government security has often been called into quest… Continue reading US Government Cyber Security Still Inadequate
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
Attackers can use BloodHound to easily identify highly complex atta… Continue reading BloodHound – Hacking Active Directory Trust Relationships
SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place.
List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, a… Continue reading SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract secret files directly from audio files or audio CD tracks.
This audio steganography tool can be used as c… Continue reading DeepSound – Audio Steganography Tool
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
Well luckily for you Acunetix compiles an annual web application vulnerability report which is a fairly hefty piece of… Continue reading What are the MOST Critical Web Vulnerabilities in 2019?
GoBuster is a Go-based tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (with wildcard support) – essentially a directory/file & DNS busting tool.
The author built YET ANOTHER directory and DNS brute forcing to… Continue reading GoBuster – Directory/File & DNS Busting Tool in Go
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads (software updates for example) from vendors that don’t validate data integrity.
The Backdoor Factory allo… Continue reading BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.
This produces categorized screenshots, server response h… Continue reading Domained – Multi Tool Subdomain Enumeration