Security Training Share
celerystalk celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs (aka tasks) while retaining full control of which tools you want to run. Configurable – Some common tools are in the default config, but...
Pown Recon Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between...
Sliver Sliver is a Command and Control (C2) system made for penetration testers, red teams, and advanced persistent threats. It generates implants (slivers) that can run on virtually every architecture out there, and securely...
sn0int sn0int is an OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. It is enumerating attack surface...
Gobuster v3.0 (OJ Reeves @TheColonial) Gobuster is a tool used to brute-force: URIs (directories and files) in websites. DNS subdomains (with wildcard support). Oh dear God.. WHY!? Because I wanted: … something that didn’t...
Orchestron Community Orchestron is an Application Vulnerability Management and Correlation Tool. One of the key challenges for organizations large and small is to manage vulnerabilities from applications in their environment. This has become a...
Zeebsploit Zeebsploit-Framework is a tool for pentesting the vulnerability of the web and searching for information-gathering on web and exploitation on a web. Features Installation git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install...
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular...
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
dnstwits See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and corporate...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
Pacu Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an...
fileGPS When you upload a shell on a web-server using a file upload functionality, usually the file gets renamed in various ways in order to prevent direct access to the file, RCE and file...
Krbrelayx – Unconstrained delegation abuse toolkit Toolkit for abusing unconstrained delegation. Requires impacket and ldap3 to function. It is recommended to install impacket from git directly to have the latest version available. Download git clone https://github.com/dirkjanm/krbrelayx.git Tools included addspn.py...
Suggested Reading TRENDING Linux news