Penetration Testing Blog

brutespray

brutespray v1.8 released: Brute-Forcing from Nmap output

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap. Supported Services ssh ftp telnet vnc mssql mysql...

Prevent SSRF attacks

metabadger v0.1.9 releases: Prevent SSRF attacks on AWS EC2

Metabadger Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2). Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata...

OnionSearch

OnionSearch v1.3 releases: scrapes urls on different .onion search engines

OnionSearch OnionSearch is a Python3 script that scrapes urls on different “.onion” search engines. Currently supported Search engines ahmia darksearchio Onionland notevil darksearchenginer Phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosearch deeplink...

IOC scanner

spyre v1.2.3 releases: simple YARA-based IOC scanner

Spyre Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is the easy operationalization of YARA rules and other indicators of...