List of SAP HTTP Resources to hack at…
Author: Jhaddix
nmap-onepage Utility to view, sort, filter and play with nmap output using a one-page javascript app. Clone this repository (size: 578.2 KB): HTTPS / SSH hg clone https://bitbucket.org/holiman/nmap-onepage via bitbucket.org More to play with over the weekend!
This is a program to parse a series of Nessus XMLv2 files into a XLSX file. The data from the XML file is placed into a series of tabs to for easier review and reporting. New features with this edition are better reporting of policy plugin families, user account reporting, summary graphs, and a home [...]
It seems that every time the topic of password cracking comes up, there is a question that quickly follows: “do you have a dictionary?” There are a number of websites that maintain lists of default passwords for equipment. Two that seem to receive a bit of attention are SearchLores and Liquid Matrix. However, Skull Security [...]
The quoting of this page has been removed, please visit: Vulnerability Assessment vs Penetration Testing for the full article.
Anyone who does web security testing knows that the browser is the most important tool in the arsenal. Scanners are nice and can help save time, but no technology is the equal of manually making requests to a page while passing through a good proxy. Linkclump is a Chrome extension (you are using Chrome, right?) [...]
In penetration testing, nowadays, you run into security testing folk who have a lot of experience running tools, but less who actually understand and can write their own. It’s a huge disconnect in the industry and this book addresses the problem head on. Coding for Penetration Testers takes the reader from general concepts in all [...]
Distributed Denial of Service (DDoS) Attacks/tools What’s new in DDoS? Nothing, really. (Some people are just late to the party. Wikileaks attacks, counter-attacks, counter-counter-attacks… Cyberattack Against Wikileaks was Weak, by Kevin Poulsen, Wired Threatlevel blog, November 2010 Operation Payback cripples MasterCard site in revenge for WikiLeaks ban, by Esther Addley and Josh Halliday, The Guardian, [...]
One of the more fun OSINT tactics I like is pulling GPS data off images on external sites, corporate intranet sites, or blogs. Every once and a while you find someone’s home GPS coordinates or can track their daily movement. This is always something neat to add to the report. If I can find an images store [...]
Easy-breezy but necessary to bypass the prying eyes of customers sometimes. When you’re on an internal test you don’t want them to see you googling how to hack thier network in their logs! Setup Putty for SSH Tunnel (Reason: sets up loopback port (7070) on your local PC and connects over port 22 to the remote shell): [...]