More results...
What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A bad guy will able to view files on the application server filesystem which the bad guy can escalate an XML attack to compromise the vulnerable […]
The post Learning Series: XML External Entity Injection Attack appeared first on Threatninja.net.
If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and Strategy Off…
XRay is a software for recon, mapping and OSINT gathering from public networks.
XRay for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
How Does it Work?
XRay is a ve…
Penta (PENTest + Automation tool) is Pentest automation tool using Python3.
Installation
Install requirements
penta requires the following packages.
Python3.7
pipenv
Resolve python package dependency.
$ pipenv install
If you dislike pi…
Dolos Cloak- Automated 802.1x Bypass
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack.
The script is able to piggyback on the wired…
PostShell – Post Exploitation Bind/Backconnect Shell
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control.
The stub size is around 14kb and ca…
Burp Scope Monitor Extension
A Burp Suite Extension to monitor and keep track of tested endpoints.
Main Features
Simple, easy way to keep track of unique endpoints when testing an application
Mark individual endpoints as analyzed or not
Inst…
Slurp- Blackbox/Whitebox S3 Bucket Enumerator
To Evaluate the security of S3 buckets
Overview
Credit to all the vendor packages to develop Slurp possible.
Slurp is for pen-testers and security professionals to perform audits of s3 bucke…
This shell is the ultimate WinRM shell for hacking/pentesting.
WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol.
A standard SOAP based protocol that allows hardware and operating systems from d…
Seccubus- Easy Automated Vulnerability Scanning, Reporting And Analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans….