• Subscribe to the low volume list for updates.

Archives of Tools

Security tools both offensive and defensive in nature.

Security Testing WordPress

Our scan does not perform brute forcing of accounts, passwords or plugins. Brute Forcing is more appropriate in a targeted pen-test or black-box vulnerability assessment. Simply put brute forcing: Plugins is achieved by testing URL's: http://myexampleblog.cm/wp-content/plugins/$pluginname Usernames can be brute forced with a POST request to the login form (Incorrect username) Passwords can be brute […]
Read More

Backdoor Corporate Networks with Metasploit

HD Moore announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. The purpose of this post is to raise awareness. Many IT folks are comfortable with a […]
Read More

Hydra 6.4 Password Brute Forcer

The latest version of Hydra has been released with some bug fixes. Problems noted in my post comparing hydra with ncrack and medusa have been addressed and after testing I can confirm these issues are no longer present. CHANGELOG for 6.4 ================= * Update SIP module to extract and use external IP addr return from […]
Read More

Testing WordPress Password Security with Metasploit

How easy is it to hack wordpress admin accounts? Poor WordPress password security is an ongoing issue, the purpose of this post is to highlight how easy it is to break into wordpress admin accounts that have weak passwords. Metasploit Framework is an open source penetration testing application that has modules for the explicit purpose […]
Read More

w3af web application security testing framework stable released

sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz tar jxvf w3af-1.0-stable.tar.bz2 ./w3af_gui The first thing to notice is the shiny new splash screen highlighting the new owner of the project that being Rapid7. A notice that I don't have the latest update appears, so auto update is performed after confirmation. Following some local testing […]
Read More

Brute Forcing Passwords with ncrack, hydra and medusa

Ready to test a number of password brute-forcing tools? Passwords are often the weakest link in any system. Testing for weak passwords is an important part of security vulnerability assessments. I am going to focus on tools that allow remote service brute-forcing. These are typically Internet facing services that are accessible from anywhere in the […]
Read More

PSAD Tutorial – Port Scan Detection in Ubuntu Linux

Using PSAD to Detect Port Scans in Ubuntu Linux can reveal who is hitting your servers and where they are coming from. In this short tutorial I will show you how to quickly get a port scan monitoring system in place. PSAD has been around since 2001. As is often the case a simple open […]
Read More

Security Onion LiveCD

Security based LiveCD distributions are a great way to quickly get your hands on some powerful security tools. Security Onion is no exception, if you are interested in playing with IDS or getting some intrusion detection tools up and running in a hurry you should definitely take a look at this. What is Security Onion? […]
Read More

Armitage – Cyber Attack Management for Metasploit

Metasploit development continues in leaps and bounds both from within Rapid7 and from the community. This is newly released tool puts the power of the Metasploit Framework into the hands of those who prefer point and clicky interfaces. Why does Armitage exist? "I've met too many security professionals who don't know how to use Metasploit. […]
Read More

Google builds lessons for Web Application Security

Google has put some web application security testing training lessons around a vulnerable application that you are allowed to (within the boundries) attack and test for the purpose of learning about application security threats, testing and how to develop more secure applications. This codelab is built around Gruyere /?ru??j??r/ - a small, cheesy web application […]
Read More