• Subscribe to the low volume list for updates.

Archives of Security News

Recon-NG Tutorial

article revised and updated Nov 2022 The interactive console provides a number of helpful features such as command completion and contextual help. Recon-ng Installation Installing Recon-ng is very simple and there are a few common ways. Below are a few examples; Kali: At the time of this article version 5.1.2 comes pre-installed with Kali Linux. […]
Read More

Nessus 10 On Ubuntu 20.04 Install And Mini Review

Nessus v10.0.0 was released in Nov 2021. A name change in 2019 saw Nessus Home become Nessus Essentials. Nessus Essentials is Tenable's free version of its vulnerability scanner. Limited to 16 IPs with unlimited time usage. If you need more than that, there is an option for a free trial for seven days to Nessus […]
Read More

Detection of Log4j Vulnerability

On the 9th of December 2021, the world became aware of a critical RCE vulnerability in the Log4j open source package that is buried in the software stacks of many organisations (CVE-2021-44228). Versions of Log4j2 >= 2.0-beta9 and
Read More

Attacking and Enumerating Joomla

Discover the tips and techniques used to attack and break into Joomla based websites. An understanding of these hacker techniques will enable you to be prepared to keep your sites secure. Additionally, penetration testers or red teams needing to exploit Joomla targets will also find practical hints in this guide. Enumeration | Recon 1. Joomla […]
Read More

Download Top 1 Million Sites

Data sets of the top 1 million Internet sites are simply compiled lists of web sites (or domains) that are found to have the most traffic. What follows are some of the most popular and well known data sets of the Top 1 Million Sites. Depending on the methodology used, the results can have significant […]
Read More

PHP End of Life (a reminder)

As of December 2018 PHP 5 and 7.0 became End of Life. It is now July 2019 and up to 74% of PHP powered sites in the top 1 million are running software that is End of Life. This means there is no support and more importantly if new vulnerabilities are discovered, there will be […]
Read More

Install OpenVAS (GVM) on Kali 2019

In this setup guide, we step through the process of getting OpenVAS (GVM) running on Kali 2019. Installing OpenVAS into a Kali-based system is made much easier by the inclusion of a quick setup script. When using Kali Linux for OpenVAS scanning, resource usage should always be taken into account. Whether running Kali in a […]
Read More

Using Nmap on Windows

Running Nmap on Windows is not as difficult or problematic as it was in the past. Nmap is supported on Windows 7 and higher with performance close to if not quite as good as Linux based operating systems. The majority of users still do use *nix based systems however a good number of people use […]
Read More

DataSploit Tutorial

DataSploit Installation Often used with the Kali Linux penetration testing distribution, installing within Kali or Ubuntu Linux is a simple process. Ensure you have git and pip installed. test@ubuntu:~/$ git clone https://github.com/datasploit/datasploit test@ubuntu:~/$ cd datasploit test@ubuntu:~/datasploit/$ pip install -r requirements.txt test@ubuntu:~/datasploit/$ mv config_sample.py config.py test@ubuntu:~/datasploit/$ python datasploit.py -h True usage: datasploit.py [-h] [-i SINGLE_TARGET] [-f […]
Read More

Testing Heartbleed with the Nmap NSE script

Everywhere is buzzing with news of the Heartbleed vulnerability in OpenSSL. This is a quick tutorial to show how to test for the vulnerability using a handy Nmap NSE script ssl-heartbleed.nse). First, a working version of Nmap (at least version 6.25), this is not difficult to find or install. So lets jump ahead to running […]
Read More
  • 1
  • 2