Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-04-22 10:18:34 |
Un guide détaillé sur PWNCAT A Detailed Guide on Pwncat (lien direct) |
PWNCAT se démarque comme un outil Python open source très apprécié pour sa polyvalence, offrant une alternative contemporaine à l'utilitaire traditionnel NetCAT.Adapté au réseau
Pwncat stands out as an open-source Python tool highly regarded for its versatility, providing a contemporary alternative to the traditional netcat utility. Tailored for network |
Tool
|
|
★★★
|
|
2024-04-10 13:43:47 |
Un guide détaillé sur RustScan A Detailed Guide on RustScan (lien direct) |
Dans le domaine de la cybersécurité, les outils de numérisation du réseau jouent un rôle vital dans la reconnaissance et l'évaluation de la vulnérabilité.Parmi la gamme d'options disponibles, RustScan a
In the realm of cybersecurity, network scanning tools play a vital role in reconnaissance and vulnerability assessment. Among the array of options available, Rustscan has |
Tool
Vulnerability
|
|
★★★
|
|
2024-04-03 20:12:31 |
Meilleure alternative de l'auditeur Netcat Best Alternative of Netcat Listener (lien direct) |
Les Pentesters comptent sur une variété d'outils pour établir des connexions et maintenir l'accès lors des évaluations de la sécurité.Un composant critique de leur boîte à outils est l'auditeur-A
Pentesters rely on a variety of tools to establish connections and maintain access during security assessments. One critical component of their toolkit is the listener-a |
Tool
|
|
★★★
|
|
2024-02-09 17:09:20 |
Un guide détaillé sur Ligolo-NG A Detailed Guide on Ligolo-Ng (lien direct) |
Ce guide complet plonge dans les subtilités du mouvement latéral utilisant Ligolo-NG, un outil développé par Nicolas Chatelain.L'outil Ligolo-NG facilite la création de
This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of |
Tool
|
|
★★
|
|
2023-10-30 09:00:59 |
Burpsuite pour Penter: Logger ++ Burpsuite for Pentester: Logger++ (lien direct) |
Dans cet article, nous apprendrons un puissant outil cool d'extension de burp appelé & # 8220; burp logger ++ & # 8221;.C'est comme un super détective pour les sites Web, toujours sur
In this article, we\'ll learn about a powerful Burp Extension cool tool called “Burp Logger++”. It is like a super detective for websites, always on |
Tool
|
|
★★
|
|
2023-10-27 17:26:21 |
Addons de Firefox pour la pentistation Firefox Addons for Pentesting (lien direct) |
Dans cet article, nous apprendrons à personnaliser le navigateur Firefox pour des tests de stylo efficaces ainsi que des extensions que vous pouvez utiliser dans le même but.
In this article, we will learn how to customise the Firefox browser for efficient pen-testing along with extensions you can use for the same purpose. |
Tool
|
|
★★★★
|
|
2023-01-16 15:39:59 |
A Detailed Guide on Evil-Winrm (lien direct) |
Background Evil-winrm tool is originally written by the team Hackplayers. The purpose of this tool is to make penetration testing easy as possible especially in |
Tool
|
|
★★★★
|
|
2023-01-08 18:03:09 |
A Detailed Guide on Kerbrute (lien direct) |
Background Kerbrute is a tool used to enumerate valid Active directory user accounts that use Kerberos pre-authentication. Also, this tool can be used for password |
Tool
|
|
★★★★
|
|
2022-07-11 16:51:29 |
MimiKatz for Pentester: Kerberos (lien direct) |
>This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is
|
Tool
|
|
|
|
2022-04-22 18:30:28 |
A Detailed Guide on Hydra (lien direct) |
Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent
|
Tool
|
|
|
|
2022-04-15 18:07:00 |
A Detailed Guide on Medusa (lien direct) |
Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of
|
Tool
|
|
|
|
2022-04-09 16:57:55 |
A Detailed Guide on Responder (LLMNR Poisoning) (lien direct) |
Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The
|
Tool
|
|
|
|
2022-04-07 17:50:31 |
A Detailed Guide on Cewl (lien direct) |
Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist.
|
Tool
|
|
|
|
2022-03-14 18:43:28 |
A Detailed Guide on httpx (lien direct) |
Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests
|
Tool
|
|
|
|
2022-02-28 11:50:14 |
File Transfer Filter Bypass: Exe2Hex (lien direct) |
Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can
|
Tool
|
|
|
|
2022-02-07 18:33:58 |
Linux Privilege Escalation: PwnKit (CVE 2021-4034) (lien direct) |
Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit's (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users.
|
Tool
Vulnerability
|
|
|
|
2021-10-31 17:43:10 |
Powercat for Pentester (lien direct) |
Introduction Powercat is a simple network utility used to perform low-level network communication operations. The tool is an implementation of the well-known Netcat in Powershell. Traditional anti-viruses are known to allow Powercat to execute. The installed size of the utility is 68 KB. The portability and platform independence of the
|
Tool
|
|
|
|
2021-08-15 09:36:02 |
Nmap for Pentester: Password Cracking (lien direct) |
We will process the showcase for Nmap Brute NSE Script for dictionary attack in this article since Nmap is such a large tool that it can’t be covered in one post. If you’re wondering whether or not a brute-force assault using Nmap is doable. Yes, Nmap includes an NSE-based script
|
Tool
|
|
|
|
2021-07-28 19:38:41 |
Wireless Penetration Testing: Wifipumpkin3 (lien direct) |
Wifipumpkin3 is a framework that is built on python to give rogue access point attacks to red teamers and reverse engineers. In this article, we would look at how we can use this tool to create a bogus Wi-Fi access point for our victims to connect and how to exploit
|
Tool
|
|
|
|
2021-07-17 11:11:29 |
Wireless Penetration Testing: Wifite (lien direct) |
Introduction Wifite is a wireless auditing tool developed by Derv82 and maintained by kimocoder. You can find the original repository here. In the latest Kali Linux, it comes pre-installed. It's a great alternative to the more tedious to use wireless auditing tools and provides simple CLI to interact and perform
|
Tool
|
|
|
|
2021-07-08 19:21:05 |
Wireless Penetration Testing: Aircrack-ng (lien direct) |
In our series of Wireless Penetration Testing, this time we are focusing on a tool that has been around for ages. This is the tool that has given birth to many of the Wireless Attacks and tools. Aircrack-ng is not a tool but it is a suite of tools that
|
Tool
|
|
|
|
2021-06-14 10:26:17 |
Wireless Penetration Testing: Fern (lien direct) |
Fern is a python based Wi-Fi cracker tool used for security auditing purposes. The program is able to crack and recover WEP/WPA/WPS keys and also run other network-based attacks on wireless or ethernet based networks. The tool is available both as open source and a premium model of the free
|
Tool
|
|
|
|
2021-05-09 15:47:35 |
Active Directory Enumeration: RPCClient (lien direct) |
In this article, we are going to focus on the enumeration of the Domain through the SMB and RPC channels. The tool that we will be using for all the enumerations and manipulations will be rpcclient. The article is focused on Red Teamers but Blue Teamers and Purple Teamers can
|
Tool
|
|
|
|
2021-04-30 18:41:41 |
Active Directory Enumeration: BloodHound (lien direct) |
In the article, we will focus on the Active Directory Enumeration tool called BloodHound. It takes the data from any device on the network and then proceeds to plot the graph that can help the attacker to strategize their way to the Domain Admins. Table of Content Introduction Linux Installation
|
Tool
|
|
★★★★★
|
|
2021-03-24 15:19:38 |
Comprehensive Guide to AutoRecon (lien direct) |
The AutoRecon tool is designed as a network reconnaissance tool. It is a multi-threaded tool that performs automated enumeration of services. The purpose of this tool is to save time while cracking CTFs and other penetration testing environments or exams. It is useful in real-world engagements as well. Table of
|
Tool
|
|
|
|
2021-02-24 19:00:36 |
Android Pentest: Automated Analysis using MobSF (lien direct) |
Introduction MobSF is an open-source tool developed by Ajin Abraham that is used for automated analysis of an APK. This is a collection of tools that run under one interface, perform their own individual tasks (like Jadx, apktool etc) and display their results under a common interface. These reports can
|
Tool
|
|
|
|
2021-01-24 17:08:14 |
Comprehensive Guide on Dirsearch (lien direct) |
In this article, we will learn how we can use Dirsearch. It is a simple command-line tool designed to brute force directories and files in websites. Which is a Python-based command-line website directory scanner designed to brute force site structure including directories and files. Table of Content Introduction to Dirsearch
|
Tool
|
|
|
|
2020-12-14 17:37:06 |
Comprehensive Guide on Autopsy Tool (Windows) (lien direct) |
Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence. The forensic investigation that is carried out on the disk image is displayed here. The results obtained here are of help to investigate and locate relevant information. This tool is used by law enforcement agencies, local... Continue reading →
|
Tool
|
|
|
|
2020-12-04 15:48:12 |
Nmap for Pentester: Output Format Scan (lien direct) |
Nmap which is also known as Network Mapper is one of the best open-source and the handiest tool that is widely used for security auditing and network scanning by pentesters. It also provides an additional feature where the results of a network scan can be recorded in various formats. Table of Contents Introduction- Scan Output... Continue reading →
|
Tool
|
|
|
|
2020-11-18 13:06:19 |
DNScat2: Application Layer C&C (lien direct) |
In today's world, IT infrastructure and network security devices are becoming more and more secure and hence, ports like 53 (DNS) is used as a communication channel between a client and a C2 server. In highly restricted environments, DNS always resolves domains. So, to serve our penetration testing purpose we might require a tool that... Continue reading →
|
Tool
|
|
|
|
2020-11-08 19:11:06 |
Memory Forensics using Volatility Workbench (lien direct) |
Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating system. You can download it from Here. You can refer to the previous article Memory Forensics: Using Volatility from here, ... Continue reading →
|
Tool
|
|
|
|
2020-11-02 14:40:17 |
Burp Suite for Pentester – Configuring Proxy (lien direct) |
Burp Suite, you might have heard about this great tool and even used it in a number of times in your bug hunting or the penetration testing projects. Though, after writing several articles on web-application penetration testing, we've decided to write a few on the various options and methods provided by this amazing tool which... Continue reading →
|
Tool
|
|
|
|
2020-09-01 19:43:43 |
Threat Hunting: Velociraptor for Endpoint Monitoring (lien direct) |
Velociraptor is a tool for collecting host-based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on https://www.velocidex.com/docs Table of Content Introduction to Velociraptor Architecture What is VQL Prerequisites Velociraptor Environment Velociraptor installation Addition of host forensics investigation / Threat Hunting Introduction to Velociraptor Velociraptor is a free... Continue reading →
|
Threat
Tool
|
|
|
|
2020-08-13 21:47:11 |
Forensic Investigation: Autopsy Forensic Browser in Linux (lien direct) |
Introduction Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is an open-source tool for digital forensics which was developed by Basis Technology. This tool is free to use and is very efficient in nature investigation of hard drives. It also consists of features like multi-user... Continue reading →
|
Tool
|
|
|
|
2020-07-16 19:17:10 |
Forensic Investigation: Ghiro for Image Analysis (lien direct) |
In this article, we will learn how we can use the Ghiro image analysis tool in forensic investigation. Ghiro is a digital image forensic tool. Which is fully automated and opensource. Table of Content What is Ghiro? Features of Ghiro Setup the Ghiro Working on case with Ghiro What is Ghiro? It is developed by... Continue reading →
|
Tool
|
|
|
|
2020-06-08 17:31:45 |
Evil-Winrm : Winrm Pentesting Framework (lien direct) |
In this post, we will discuss the most famous framework for PS Remote shell hacking tool named as “Evil-Winrm”. It is an opensource tool which is available on GitHub for winrm penetration testing. Table of Content Evil-winrm Features Installation Load PowerShell scripts Pass the Hash Install using its Docker image Evil-winrm This program can be... Continue reading →
|
Tool
|
|
|
|
2020-05-07 14:05:35 |
Lateral Moment on Active Directory: CrackMapExec (lien direct) |
In this article, we learn to use crackmapexec. This tool is developed by byt3bl33d3r. I have used this tool many times for both offensive and defensive techniques. And with my experience from this tool, I can say that the tool is so amazing that one can use it for situational awareness as well as lateral... Continue reading →
|
Tool
|
|
|
|
2020-04-28 11:18:16 |
Data Exfiltration using DNSSteal (lien direct) |
In this article, we will comprehend the working of DNSteal with the focus on data exfiltration. You can download this tool from here. Table of Content: Introduction to Data Exfiltration DNS Protocol and it’s working DNS Data exfiltration and it’s working Introduction to DNSteal Proof of Concept Detection Mitigation Conclusion Introduction to Data Exfiltration Data... Continue reading →
|
Tool
|
|
|
|
2020-04-17 06:02:30 |
Windows Persistence using Bits Job (lien direct) |
In this article, we are going to describe the ability of the Bits Job process to provide persistent access to the Target Machine. Table of Content Introduction Configurations used in Practical Manual Persistence Metasploit Persistence Metasploit (file-less) Persistence Mitigation Introduction Background Intelligent Transfer Service Admin is a command-line tool that creates downloads or uploads jobs... Continue reading →
|
Tool
|
|
|
|
2020-04-02 06:26:28 |
Comprehensive Guide on CryptCat (lien direct) |
In this article, we will provide you with some basic functionality of CryptCat and how to get a session from it using this tool. Table of Content Introduction Chat Verbose mode Protect with Password Reverse Shell Randomize port Timeout and Delay interval Netcat vs CryptCat Introduction CryptCat is a standard NetCat enhanced tool with two-way... Continue reading →
|
Tool
|
|
|
|
2020-03-29 10:34:41 |
Command & Control: PoshC2 (lien direct) |
PoshC2 is an open-source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while the implants are written in PowerShell. Although PoshC2 primarily focuses on Windows implantation, it does contain a basic Python dropper for Linux/macOS. Table of Content Introduction Features Installation... Continue reading →
|
Tool
|
|
|
|
2020-03-19 17:25:13 |
Comprehensive Guide to tcpdump (Part 2) (lien direct) |
In the previous article of tcpdump, we learned about some basic functionalities of this amazing tool called tcpdump. If you haven't check until now, click here. Hence, in this part, we will cover some of the advance options and data types. So that we can analyze our data traffic in a much faster way. Table... Continue reading →
|
Tool
|
|
|
|
2020-03-19 16:50:26 |
Comprehensive Guide to tcpdump (Part 1) (lien direct) |
In this article, we are going to learn about tcpdump. It is a powerful command-line tool for network packet analysis. Tcpdump helps us troubleshoot the network issues as well as help us analyze the working of some security tools. Table of Content Introduction Available Options List of interfaces Default working Capturing traffic of a particular... Continue reading →
|
Tool
|
|
|
|
2020-02-19 16:11:19 |
Beginners Guide to TShark (Part 2) (lien direct) |
In the previous article, we learned about the basic functionalities of this wonderful tool called TShark. If you haven't read it until now. Click here. TL; DR In this part, we will the Statistical Functionalities of TShark. We will understand different ways in which we can sort our traffic capture so that we can analyse... Continue reading →
|
Tool
|
|
|
|
2020-02-13 13:06:03 |
Steal Windows Password using FakeLogonScreen (lien direct) |
In this article, we are going to focus on a tool that caught my attention. This is a tool that creates a fake Windows Logon Screen and then forces the user to enter the correct credentials and then relay the credentials to the attacker. It can work in different scenarios. This tool was developed by... Continue reading →
|
Tool
|
|
|
|
2020-02-10 17:27:43 |
Multiple Ways to Crack WordPress login (lien direct) |
In this article, you will be learning how to compromise a WordPress website's credentials using different brute forcing techniques. Table of Content Pre-requisites WPscan Metasploit Burp Suite How to avoid a Brute Force Attack? Pre-requisites: Target: WordPress Attacker: Kali Linux (WPscan) Burp Suite (Intruder) WPscan WPscan is a command-line tool which is used as a black... Continue reading →
|
Tool
|
|
|
|
2020-01-07 07:08:10 |
Forensic Investigation of Social Networking Evidence using IEF (lien direct) |
In this article, we will learn about this amazing forensic tool called Magnet Internet Evidence finder (Magnet IEF) which is used to recover or extract evidence from the various data source of the system and then integrate them into a single case file for analysis and reporting. Table of Content Introduction Features of Magnet IEF... Continue reading →
|
Tool
|
|
|
|
2020-01-04 08:22:40 |
(Déjà vu) Windows for Pentester: BITSAdmin (lien direct) |
In this article, we are going to describe the utility of the BITSAdmin tool and how vital it is in Windows Penetration Testing. TL; DR BITSAdmin is a tool preinstalled on Windows OS that can be used to download malicious files. It is one of the Living Off Land (LOL) Binaries. Disclaimer The main objective... Continue reading →
|
Tool
|
|
|
|
2019-12-03 09:18:47 |
Windows for Pentester: Certutil (lien direct) |
In this article, we are going to describe the utility of Certutil tool and how vital it is in Windows Penetration Testing. TL; DR Certutil is a preinstalled tool on Windows OS that can be used to download malicious files and evade Antivirus. It is one of the Living Off Land (LOL) Binaries. Disclaimer The... Continue reading →
|
Tool
|
|
|
|
2019-08-22 09:20:02 |
Comprehensive Guide on fcrackzip Tool (lien direct) |
In this article, we are going to discuss fcrackzip which is a third-party tool for cracking zip files passwords. It is the best tool as it tries to search zipfile for encrypted files and tries to guess their password. Here, we have discussed each option available in fcrackzip so that we can use this tool... Continue reading →
|
Tool
|
|
|