Security Training Share
histstat This is a cross-platform command line tool for obtaining live, rudimentary network connection data on a computer system. This tool was designed for network and security analysts to easily view connections on a...
dnstwits See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and corporate...
The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to...
Cloud Custodian Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well-managed cloud infrastructure, that’s both secure and cost optimized. It...
Pacu Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an...
Recaf Recaf is an open-source Java bytecode editor based on Objectweb’s ASM. ASM is a library that abstracts away the constant pool and class-file attributes. Since keeping track of the constant pool or managing proper...
fileGPS When you upload a shell on a web-server using a file upload functionality, usually the file gets renamed in various ways in order to prevent direct access to the file, RCE and file...
Krbrelayx – Unconstrained delegation abuse toolkit Toolkit for abusing unconstrained delegation. Requires impacket and ldap3 to function. It is recommended to install impacket from git directly to have the latest version available. Download git clone https://github.com/dirkjanm/krbrelayx.git Tools included addspn.py...
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is a penetration testing platform that enables you to find,...
FOCA FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. These documents may be on web pages and can be downloaded...
VAULT Swiss army knife for hackers Features Scan website for the following vulnerabilities XSS LFI RFI SQLi Scanner Port scanning : ACK, FIN, NULL, XMAS IP scanning : Ping Sweep, ARP SSL vulnerability scan...
Konan – Advanced Web Application Dir Scanner Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Features Features Konan dirsearch dirb gobuster MultiThreaded yes yes yes...
pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract the properties of a file to help during the triage process. The tool also...
WPScan is a black box WordPress vulnerability scanner. Changelog v3.5.4 Fixes an issue in Target#scope_url_pattern when the Target url was invalid according to PublicSuffix, such as an IPv6 address – #1341 Removes the vulnerabilities key from plugin...
Suggested Reading TRENDING Linux news