Penetration Testing Blog


whapa: WhatsApp Parser Toolset

Whatsapp Parser Toolset Whapa is a toolset to analyze the WhatsApp app for android. All tools are written in Python 2.X. It is divided into three tools: Whapa (Whatsapp Parser) Whamerge (Whatsapp Merger) Whagodri (WhatsApp Google...


LaZagne v2.4.3 releases: Credentials recovery project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed...

Dupe Key Injector

Dupe Key Injector: new XML signature bypass technique

Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation. Dupe Key Confusion...