Kali
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. It can automatically detect and test login & logout (Authentication API), …
Continue reading “Astra : Automated Security Testing For REST API’s”
MultiJuicer is a tool used to run capture the flags and security trainings with OWASP juice shop . Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn’t intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own …
Continue reading “MultiJuicer : Run Capture Flags & Security Trainings With OWASP Juice Shop”
Ol4bs is a cross-site scripting labs for web application security enthusiasts. List of Chall ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4 | Referrer ~ Chall 5 | Cookie ~ Chall 6 | LocalStorage ~ Chall 7 | Login Page ~ Chall 8 | File …
Continue reading “0l4bs : Cross-Site Scripting Labs For Web Application Security Enthusiasts”
To avoid password attacks, Authentication and access management may be evolving, but passwords are not going to disappear in the near future. Experts believe that the number of passwords in use will reach 300 billion in 2020. Although IT professionals understand the significance of secure passwords, almost 70% of employees share passwords in a non-secure …
Continue reading “How to Protect Yourself Against Common Password Attacks”
GTFO is a tool used to search for Unix binaries that can be exploited to bypass system security restrictions. This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the f**k break …
Continue reading “GTFO : Search For Unix Binaries To Bypass System Security Restrictions”
HuskyCI is an open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics. It can perform static security analysis in Python (Bandit and Safety), Ruby (Brakeman), JavaScript (Npm Audit and Yarn Audit), Golang (Gosec), and Java (SpotBugs plus Find Sec Bugs). It can also audit repositories …
Continue reading “HuskyCI : Performing Security Tests Inside Your CI”
Haaukins is a highly accessible and automated virtualization platform for security education, it has three main components (Docker, Virtualbox and Golang), the communication and orchestration between the components managed using Go programming language. The main reason of having Go environment to manage and deploy something on Haaukins platform is that Go’s easy concurrency and parallelism …
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The main idea behind this tool is to find the JSONP endpoint(s) that would help you bypass content security policy for your target website in an automated way. JSONBee takes an …
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled “live fire” range events. …
Continue reading “DumpsterFire : Toolset – Security Incidents In A Box!”
PingCastle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise. The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools …
Continue reading “PingCastle : Get Active Directory Security At 80% In 20% Of The Time”
