Archive | Tools

Security tools both offensive and defensive in nature.

WPScan Install on Ubuntu

WPScan can test a WordPress installation for security vulnerabilities. The tool is a scanner, it allows remote testing of a WordPress installation. Find vulnerable plugins and themes, security configuration issues and attack users by brute forcing passwords. Take a look at our FREE WordPress testing tool. Discover a range of security related information about your […]

Continue Reading

Defending WordPress with OSSEC

In a recent post I covered the ways a WordPress site can be attacked. Using the open source OSSEC the majority of those attacks can be detected and even blocked at the system level. Note that using OSSEC requires you to have full control of your server, generally this means either hosting on a dedicated […]

Continue Reading

Install Suricata on Ubuntu in 5 minutes

Building a network based intrusion detection capability can be done in just 5 minutes. Suricata is a tool that has been developed to monitor network traffic and look for security events that can indicate an attack or compromise. Suricata is based around the Snort IDS system, with a number of improvements; it is able to […]

Continue Reading

Attacking WordPress

These techniques can be used to attack and break into WordPress based websites. By providing details on these types of attacks the aim is to raise awareness about the need for hardening and security monitoring of WordPress. Of course any penetration testers wishing to pop a WordPress based site may also find some helpful pointers […]

Continue Reading

WordPress User Enumeration

A common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner. In many WordPress installations it is possible to enumerate usernames through the author archives, (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools. Here […]

Continue Reading

ngrep and tcpflow – packet capture on a shoestring

The Ngrep and TCPflow packet capture tools are useful for fast access to packets on the wire. As you will see they make grabbing text out of the network stream a piece of cake. You may have heard of Wireshark (formerly Ethereal), a powerful network packet capture tool that enables a user to grab packets […]

Continue Reading

Firewall Testing with a remote Port Scanner

A Firewall Test conducted by an external port scanner will quickly identify open services and weakness in firewall configurations. In this post I will revisit some of the benefits of a remote firewall test and cover the basics of why a firewall is still an important part of any Internet connected system. Why you need […]

Continue Reading

Update GeoIP data for Splunk App

If you are using the GeoIP app for Splunk you will find that it has not been updated recently. The last update was June 2011. Following my recent post regarding the installation of Splunk on an Ubuntu based system I started to dig into this app and found that it is a simple matter to […]

Continue Reading

Install Splunk on Ubuntu in 5 mins

Splunk is a powerful log database that can be used for analysis of any sort of log data through its easy to use search engine. Security logs, Syslog, Web server logs and Windows logs are just the beginning. One of the great features of Splunk is that you can feed pretty much any log into […]

Continue Reading

11 Offensive Security Tools for SysAdmins

Offensive security tools are used by security professionals for testing and demonstrating security weakness. Systems Administrators and other IT professionals will benefit from having an understanding of at least the capabilities of these tools. Benefits include preparing systems to defend against these types of attacks and being able to identify the attacks in the case […]

Continue Reading