For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.
In an effort to reproduce some of David’s advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us.
Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.
It’s something a lot of people will enjoy as many parts of a pen-test are very monotonous and don’t really take your full concentration, a semi-automated approach with a skillful eye watching for false-positives and false-negatives is always more effective and efficient than fully manual or fully automated testing.
Dependencies – Metasploit 3, SQLite, PYMSSQL, FreeTDS, Pexpect, ClientForms, Beautiful Soup, and Psycho.
Installation – When extracting the tarball, run the setup.py file by executing python setup.py install, this will install the needed dependencies MINUS SQLite and Metasploit 3, you should specify the metasploit path or it will default to the BackTrack 3 installation menu. Once the installation is completed, Fast-Track should be fully functional.
You can download Fast-Track 4.0 here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Cupid Media Hack Exposes 42 Million Passwords In Plain Text
- Linux Backdoor Fokirtor Injects Traffic Into SSH Protocol
- Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
- Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool
- SPIKE Proxy – Application Level Security Assessment
- OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 222,869 views
- AJAX: Is your application secure enough? - 118,521 views
- eEye Launches 0-Day Exploit Tracker - 84,955 views