APTRS – Automated Penetration Testing Reporting System

APTRS (Automated Penetration Testing Reporting System) is an automated reporting tool in Python and Django. The tool allows Penetration testers to create a report directly without using the Traditional Docx file. It also provides an approach to keeping track of the projects and vulnerabilities. Documentation Documentation Prerequisites Python 3.8 and above (https://www.python.org/downloads/release/python-3810/) wkhtmltopdf 0.12.6 andRead More

REST-Attacker – Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool’s focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process – including test generation, access control handling, and report generation – with minimal configuration effort. Additionally, REST-Attacker is designed to be flexibleRead More

Kali Linux 2022.4 – Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates. A summary of the changelog since August’s 2022.3 release: Microsoft Azure – We are back on the Microsoft Azure store More Platforms – Generic Cloud, QEMU VM image & Vagrant libvirt Social Networks – New homes, keeping in touchRead More

Threatest – Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post: https://securitylabs.datadoghq.com/articles/threatest-end-to-end-testing-threat-detection/ Concepts Detonators A detonator describes how and where an attack technique is executed. Supported detonators: Local commandRead More

SteaLinG – Open-Source Penetration Testing Framework Designed For Social Engineering

The SteaLinG is an open-source penetration testing framework designed for social engineering After the hack, you can upload it to the victim’s device and run it disclaimers: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes How can I benefitRead More

CATS – REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints

REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and constraints; each Fuzzer have specific expectations depending on the scenarioRead More

GraphCrawler – GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology’s powerful Graphinder tool. Just point it towards a domain and add the ‘-e’ option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler willRead More

Faraday Community – Open Source Penetration Testing and Vulnerability Management Platform

Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve further work. This new update brings: New scanning, reportingRead More

Kali Linux 2022.3 – Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates. The highlights for Kali’s 2022.3’s release: Discord Server – Kali’s new community real-time chat option has launched! Test Lab Environment – Quickly create a test bed to learn, practice, and benchmark tools and compare their results Opening Kali-Tools RepoRead More

VAmPI – Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API (Based on OpenAPI 3)  VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a switch on/off toRead More