The Bastion Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database admins, …) to securely connect to devices (servers, virtual machines, cloud instances,...
Network PenTest / Sniffing & Spoofing
by do son · Published May 17, 2017 · Last modified October 10, 2021
SSH MITM This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and a...
Exploitation / Information Gathering / Metasploit / Network PenTest / Vulnerability Analysis
by do son · Published November 29, 2016 · Last modified October 10, 2021
Description The SSH server on the remote host accepts a publicly known static SSH private key for authentication. A remote attacker can log in to this host using this publicly known private key. Solution...
Forensics / Network PenTest / Password Attacks / Reverse Engineering / Sniffing & Spoofing
by do son · Published July 2, 2018
pythem – Penetration Testing Framework pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. Usage Examples ARP spoofing – Man-in-the-middle. ARP+DNS...
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.The best known example application is for remote login to computer systems by users. SSH provides a secure...
Visual Basic GUI (VBG for short) uses an X11 forwarded SSH session to remotely execute commands on the client. Motivation On its usual mode of operation SSH requires the client to be trusted by...
pr0cks python script to transparently forward all TCP and DNS traffic through socks (like ssh -D option) or HTTPS (CONNECT) proxy using iptables -j REDIRECT target. Only works on Linux for now. Features: set...
Network PenTest / Vulnerability Analysis
by do son · Published April 17, 2017 · Last modified February 26, 2018
ssh-audit ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication...
As early as 2015, Microsoft announced that Windows will natively support SSH. Secure Shell (SSH) is a cryptographicnetwork protocol for operating network services securely over an unsecured network on Linux. SSH provides a secure channel over an unsecured network in a client-server architecture,...
Google Authenticator OpenSource The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms. One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth)....
