Vega has quickly become the first tool in my web vulnerability and pen testing arsenal. It’s fast and copiously comes up with more results than any other scanner I’ve come across. It’s also a free (open-source) tool, with a host of great features. It also runs sm on Mac OSX and Linux.
Due to the fact that WPS is an expanded EAP type, SecureState added support to the EAPScan tool of the EAPeak Suite to actively probe an access point to checkif WPS is enabled.
A quick step by step on installing the Metasploit 4 framework
Google dorks can be defined as keywords in a Google search that dig out juicy information like usernames , passwords , documents files , databases etc. from websites (simple and to the point). These google dorks can also be used in Intelligence Gathering.
I am preparing for for my Certified Ethical Hacker (CEH) certification and have compiled a handful of really helpful ‘Live’ Simulations that you can practice hacking into. Some are webpages, others are virtual environments. I recomend checking these out, even if you’re in the security field and just want to sharpen your skills.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Great tutorial on how to spoof your mac address in Mac OSX. This works in Lion.
Metasploit encompasses every aspect of a penetration test. Dozens of auxiliary modules assist with reconnaissance, more than two hundred others help with information gathering and discovery; hundreds of exploits get you a toe-hold on the network; and the newest addition to the module family, post modules, help simplify and automate increasing your access.
To summarise, a successfully exploited XSS vulnerability will allow the interception of ALL keystrokes, ALL mouse actions, ALL cookies (unless protected by scope) on ALL pages of the affect domain, regardless of whether or not the vulnerability is “reflected” or “persistent”.XSS-Harvest is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool.
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. OSX support has now been added.
A series of great video tutorial on cracking the WEP security protocol on wireless networks. Tutorials include methods using Windows 7 and Linux.
Track any target’s GeoLocation from their tweets and social media.
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst.
Live Hacking DVD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD’ runs directly from the DVD and doesn’t require installation on your hard-drive.
The mission: Infiltrate the highly advanced, securely guarded enemy headquarters where scientists in the clutches of an evil master are secretly building a weapon that can destroy the world. Then render that weapon harmless and escape undetected.
Simple tutorial to download all of your Facebook friends’ private email addresses.
Mass SQL Injection Attack Hits Sites Running IIS: “Trailrunner7 writes ‘There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear indication of who’s behind the campaign right [...]