PenTools is a bundle of Python and Bash penetration testing tools for the recon and information gathering stage of a PT or VA. They are fairly simple scripts but might be interesting if you are new and want to see how some things are done, or how things can be automated using Python or Bash. […]
Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can identify general information, […]
Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info […]
Tags: automated pen-testing, automated penetration testing, automated-hacking, hacking tool, hacking toolkit, Hacking Tools, kali, kali hacking tools, pen-testing, penetration-testing, sn1per, sn1per hacking kit
Posted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a CommentNot long after releasing v11 of their scanner, Acunetix has decided to deliver free manual pen-testing tools. Previously these tools were only available to paying Acunetix customers, now anyone can use them to make their manual web application testing easier. Penetration testers can make use of an HTTP Editor to modify or craft HTTP requests […]
Tags: acunetix, acunetix free tools, http editor, http fuzzer, http sniffer, manual pen testing tools, pen testing tools, pen-testing
Posted in: Advertorial | Add a CommentBearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools, and re-execute those scans as needed. All tools can be executed in the cloud in docker containers. Bearded has a default web interface which integrates all core […]
Cyborg Hawk Linux is a Ubuntu (Linux) based Penetration Testing Linux Distro developed and designed for ethical hackers and penetration testers. Cyborg Hawk Distro can be used for network security and assessment and also for digital forensics. It also has various tools suited to the testing of Mobile Security and Wireless infrastructure. It’s clearly not […]
Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30 modules shape an extensible framework to […]
Tags: command line web shell, extensible web shell, pen-testing, penetration-testing, PHP, php web shell, Python, web-shell, weevely
Posted in: Hacking Tools, Web Hacking | Add a CommentHave you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that’s why we […]
Tags: data consolidation, external command execution, magictree, pen test report generation, pen test reports, pen-test, pen-testing, penetration tester productivity tool, penetration testing productivity tool, penetration testing report generation, penetration-testing, querying, report generation
Posted in: General Hacking, Security Software | Add a Commenthost-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment […]
Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and […]
