World cybersecurity news

TIPS WORLD

RiskAssessmentFramework – Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework’s Static Appilication Security Testing tool Testers will be able to analyse and review their code […]

TIPS WORLD

MassDNS – A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.Major changesThis version of MassDNS is currently experimental. In order to […]

TIPS WORLD

S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters

s3enum is a tool to enumerate a target’s Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don’t hit AWS directly.It was originally built back in 2016 to target GitHub.Installation BinariesFind the binaries on the Releases page. Go go get github.com/koenrh/s3enum UsageYou need to specify the base name […]

TIPS WORLD ВРАЗЛИВОСТІ

See-SURF – Python Based Scanner To Find Potential SSRF Parameters

A Python based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in web, I see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while doing bug hunting/web security testing. Tech/framework usedBuilt […]

TIPS WORLD

Blinder – A Python Library To Automate Time-Based Blind SQL Injection

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.InstallationYou can install Blinder using the following command:pip install blinderOr by downloading the source and importing it manually to your project. UsageTo use blinder you need to import Blinder […]

Android TIPS WORLD

Obfuscapk – A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscated app retains the same functionality as the original one, […]

Linux TIPS WORLD

Kali Linux 2020.1 Release – Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the first release of 2020, Kali Linux 2020.1. 2020.1 includes some exciting new updates: Non-Root by default Kali single installer image Kali NetHunter Rootless Improvements to theme & kali-undercover New tools Non-Root Throughout the history of Kali (and its predecessors BackTrack, WHAX, and Whoppix), the default credentials have been […]

TIPS WORLD

PythonAESObfuscate – Obfuscates A Python Script And The Accompanying Shellcode

Pythonic way to load shellcode. Builds an EXE for you too! Usage Place a payload.bin raw shellcode file in the same directory. Default Architecture is x86 run python obfuscate.py Default output is out.py Requirements Windows Python 2.7 Pyinstaller PyCrypto (PyCryptodome didn’t seem to work) Download PythonAESObfuscate

Cryptography TIPS WORLD

ApplicationInspector – A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question ‘What’S In It’ Using Static Analysis With A Json Based Rules Engine

Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does.Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns; […]

TIPS WORLD

CredNinja – A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter

This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below), it really shines when used at the scale of a large network. At the core of it, you provide it a list of credentials you […]