Navigation



Fast-Track 4.0 – Automated Penetration Testing Suite

Last updated: September 9, 2015 | 46,842 views

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when David Kennedy was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming.

In an effort to reproduce some of David’s advanced attacks and propagate it down to the team at SecureState, David ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us.

Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride.

It’s something a lot of people will enjoy as many parts of a pen-test are very monotonous and don’t really take your full concentration, a semi-automated approach with a skillful eye watching for false-positives and false-negatives is always more effective and efficient than fully manual or fully automated testing.

DependenciesMetasploit 3, SQLite, PYMSSQL, FreeTDS, Pexpect, ClientForms, Beautiful Soup, and Psycho.

Installation – When extracting the tarball, run the setup.py file by executing python setup.py install, this will install the needed dependencies MINUS SQLite and Metasploit 3, you should specify the metasploit path or it will default to the BackTrack 3 installation menu. Once the installation is completed, Fast-Track should be fully functional.

You can download Fast-Track 4.0 here:

fasttrack.tgz

Or read more here.

Share4
Tweet
Share
Share
Buffer
WhatsApp
Reddit
Flip
Vote
Email
4 Shares
Posted in: Exploits/Vulnerabilities, Hacking News, Hacking Tools

, , ,


Latest Posts:


SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
April 30, 2019 - 211 Shares
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
March 5, 2019 - 506 Shares
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
February 27, 2019 - 230 Shares
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
February 25, 2019 - 242 Shares
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
February 4, 2019 - 292 Shares
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
January 20, 2019 - 245 Shares


2 Responses to Fast-Track 4.0 – Automated Penetration Testing Suite

  1. Jacob February 19, 2009 at 3:53 am #

    David’s demo at Shmoocon was great, I don’t even remember how many boxes he “popped” during the presentation. I’ve used the new FastTrack a few times, and it’s fairly nice. The level of automation is great, and the built-in updating and metasploit db integration make life easy.

  2. Nero March 25, 2009 at 1:00 am #

    I loved the presentation too!

    Here is a video of the Shmoocon talk:

    Hacking with FastTrack (Shmoocon2009)

    Also a demo of the MS02-009 with Fast-Track

    http://securitytube.net/Exploiting-MS09002-with-FastTrack-video.aspx

    Love the tool. Its so easy to use.