More results...
Databases typically store sensitive data or data that is important for the company. Mongoaudit helps to audit several technical aspects of running a MongoDB instance and get it properly secured. Usage and Audience Mongoaudit is commonly used for Application security or Database security. Target users for this tool are pentesters, security professionals, and system administrators. […]
What is Docker Escape Method? Firstly, we are required to understand the importance of Docker escape or also containers escape which was infrastructure that is used by virtual or day-to-day operations for all enterprises. The case of cybersecurity incidents is been risen nowadays, especially the docker escape which we will be able to learn on […]
The post Learning Series: Docker Escape Method appeared first on Threatninja.net.
What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A bad guy will able to view files on the application server filesystem which the bad guy can escalate an XML attack to compromise the vulnerable […]
The post Learning Series: XML External Entity Injection Attack appeared first on Threatninja.net.
If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it. We talked to Jim O’Gorman, Chief Content and Strategy Off…
XRay is a software for recon, mapping and OSINT gathering from public networks.
XRay for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
How Does it Work?
XRay is a ve…
Penta (PENTest + Automation tool) is Pentest automation tool using Python3.
Installation
Install requirements
penta requires the following packages.
Python3.7
pipenv
Resolve python package dependency.
$ pipenv install
If you dislike pi…
Dolos Cloak- Automated 802.1x Bypass
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack.
The script is able to piggyback on the wired…
PostShell – Post Exploitation Bind/Backconnect Shell
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control.
The stub size is around 14kb and ca…
Burp Scope Monitor Extension
A Burp Suite Extension to monitor and keep track of tested endpoints.
Main Features
Simple, easy way to keep track of unique endpoints when testing an application
Mark individual endpoints as analyzed or not
Inst…
Slurp- Blackbox/Whitebox S3 Bucket Enumerator
To Evaluate the security of S3 buckets
Overview
Credit to all the vendor packages to develop Slurp possible.
Slurp is for pen-testers and security professionals to perform audits of s3 bucke…