Tag Archives: pen-testing

GetAltName – Discover Sub-Domains From SSL Certificates

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

GetAltName – Discover Sub-Domains From SSL Certificates

GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.

It’s useful in a discovery phase of a pen-testing assessment, this tool can provide you with more information about your target and scope.

Features of GetAltName to Discover Sub-Domains

  • Strips wildcards and www’s
  • Returns a unique list (no duplicates)
  • Works on verified and self-signed certs
  • Domain matching system
  • Filtering for main domains and TLDs
  • Gets additional sub-domains from crt.sh
  • Outputs to clipboard

GetAltName Subdomain Exctraction Tool Usage

You can output to a text file and also copy the output to your clipboard as a List or a Single line string, which is useful if you’re trying to make a quick scan with Nmap or other tools.

Read the rest of GetAltName – Discover Sub-Domains From SSL Certificates now! Only available at Darknet.

OWASP ZSC – Obfuscated Code Generator Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2018/01/owasp-zsc-obfuscated-code-generator-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

OWASP ZSC – Obfuscated Code Generator Tool

OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.

Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malware, bypassing antivirus software, obfuscating code for protection and so on.

This software can be run on Windows/Linux/OSX under Python.

Why use OWASP ZSC Obfuscated Code Generator Tool

Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used for pen-testing assignments.

Read the rest of OWASP ZSC – Obfuscated Code Generator Tool now! Only available at Darknet.

Yuki Chan – Automated Penetration Testing Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/10/yuki-chan-automated-penetration-testing-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Yuki Chan – Automated Penetration Testing Tool

Yuki Chan is an Automated Penetration Testing Tool that carries out a whole range of standard security auditing tasks automatically. It’s highly recommended to use this tool within Kali Linux OS as it already contains all the dependencies.

This tool is only designed for Linux OS so if you are not using Linux OS it won’t be much use, but if you have Android Smartphone or Tablet you can run this tool via Termux or GNURoot Debian.

Read the rest of Yuki Chan – Automated Penetration Testing Tool now! Only available at Darknet.

GitMiner – Advanced Tool For Mining Github

Post Syndicated from Darknet original https://www.darknet.org.uk/2017/08/gitminer-advanced-tool-mining-github/?utm_source=darknet&utm_medium=rss&utm_campaign=feed

GitMiner is an Advanced search tool for automation in Github, it enables mining Github for useful or potentially dangerous information or for example specific vulnerable or useful WordPress files. This tool aims to facilitate mining the code or snippets on Github through the site’s search page. What is Mining Github? GitHub is a web-based Git […]

The post GitMiner – Advanced Tool For Mining Github appeared first on Darknet.

dork-cli – Command-line Google Dork Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/wXT31MX7h2w/

dork-cli is a Python-based command-line Google Dork Tool to perform searches againsts Google’s custom search engine. A command-line option is always good as it allows you to script it in as part of your automated pen-testing suite. It will return a list of all the unique page results it finds, optionally filtered by a set […]

The post…

Read the full post at darknet.org.uk

PenTools – Penetration Testing Tools Bundle

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/LSfV9g_sP6g/

PenTools is a bundle of Python and Bash penetration testing tools for the recon and information gathering stage of a PT or VA. They are fairly simple scripts but might be interesting if you are new and want to see how some things are done, or how things can be automated using Python or Bash. […]

The post PenTools – Penetration Testing…

Read the full post at darknet.org.uk

snitch – Information Gathering Tool Via Dorks

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/i9qgH9CxYJ0/

Snitch is an information gathering tool which automates the process for a specified domain. Using built-in dork categories, this tool helps gather specified information domains which can be found using web search engines. It can be quite useful in early phases of penetration tests (commonly called the Information Gathering phase). snitch can…

Read the full post at darknet.org.uk

Sn1per – Penetration Testing Automation Scanner

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/7u7rGmLhYJc/

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning…

Read the full post at darknet.org.uk

mongoaudit – MongoDB Auditing & Pen-testing Tool

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/BzHrEqd_W6I/

mongoaudit is a CLI tool for MongoDB auditing of servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called…

Read the full post at darknet.org.uk

Free Manual Pen-Testing Tools

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/VmrUZONRQf8/

Not long after releasing v11 of their scanner, Acunetix has decided to deliver free manual pen-testing tools. Previously these tools were only available to paying Acunetix customers, now anyone can use them to make their manual web application testing easier. Penetration testers can make use of an HTTP Editor to modify or craft HTTP requests…

Read the full post at darknet.org.uk