Tag Archives: security

Mondoo : Native Security & Vulnerability Risk Management

Mondoo Cloud is a native security & vulnerability risk management. Quick Start Installing Workstation export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/download.sh | bash Service export MONDOO_REGISTRATION_TOKEN=’changeme’ curl -sSL http://mondoo.io/install.sh | bash For other installation methods, have a look at our documentation. Run a scan: # scan a docker image from remote registry mondoo vuln -t docker://centos:7 # scan …

Continue reading “Mondoo : Native Security & Vulnerability Risk Management”

Sublert : Security & Reconnaissance Tool Which Leverages Certificate Transparency

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. The tool is supposed to be scheduled to run periodically at fixed times, dates, or intervals (Ideally each day). New identified subdomains will be sent to Slack workspace with a notification …

Continue reading “Sublert : Security & Reconnaissance Tool Which Leverages Certificate Transparency”

Osmedeus : Security Framework For Reconnaissance & Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How To Use If you have no idea what are you doing just type the command below or …

Continue reading “Osmedeus : Security Framework For Reconnaissance & Vulnerability Scanning”

WPScan : WordPress Vulnerability Scanner Written for Security Professionals

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. Installation Prerequisites (Optional but highly recommended: RVM) Ruby >= 2.3 – Recommended: latest Ruby 2.5.0 to 2.5.3 can cause an ‘undefined symbol: rmpd_util_str_to_d’ error in some systems, see #1283 …

Continue reading “WPScan : WordPress Vulnerability Scanner Written for Security Professionals”

Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running & Configuring the Scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the toolchain’s files on top level. Roughly, this is what …

Continue reading “Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool”

IPv4Bypass – Using IPv6 to Bypass Security

IPv4Bypass bypass security using IPv6. Dependences python2.7 nmap python-nmap termcolor Example on how to run the tool $ python bypass.py -i eth0 -r 10.5.192.0/24 $ python bypass.py -h Usage: bypass.py [options] Options: -h, –help show this help message and exit -i INTERFACENO Network interface (e.g. eth0) -r IPRANGE Local network IP range (e.g. 192.168.0.1/24) Also …

Continue reading “IPv4Bypass – Using IPv6 to Bypass Security”

Delta – SDN Security Evaluation & Penetration Testing Framework

DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique. Agent-Manager is the control tower. It takes full control over all the agents deployed to the target SDN network. Application-Agent is a …

Continue reading “Delta – SDN Security Evaluation & Penetration Testing Framework”

Introspy-iOS : Security Tool For Profiling iOS Application at Runtime

Introspy-iOS is a blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues. This is the repository for the Introspy-iOS tracer. The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the …

Continue reading “Introspy-iOS : Security Tool For Profiling iOS Application at Runtime”

CTF – Some Setup Scripts For Security Research Tools

CTF is a collection of setup scripts to create an install of various security research tools. Of course, this isn’t a hard problem, but it’s really nice to have them in one place that’s easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly. Also Read XssPy – Web Application …

Continue reading “CTF – Some Setup Scripts For Security Research Tools”

Best Free Hacking Books PDF Related To Security and Pentesting

E-books security is an articulation that was made when the term digital book was first utilized, possibly around 1999. Here is the list of free Hacking Books PDF. Today it can be hard to perceive any distinction between the two, despite the fact that Adobe and Amazon may be the greatest clients of the term …

Continue reading “Best Free Hacking Books PDF Related To Security and Pentesting”