nullsploit: A Custom Python Exploitation Framework Built From Scratch
Metasploit is great. It’s also a black box that a lot of people use without ever thinking about what’s happening underneath. nullsploit exists for …
Tool
ConScan v1.2: Username Disclosure and Brute-Force Added to Concrete5 Scanner
ConScan has been updated. If you’ve been using the Concrete5 black-box scanner since its initial release last October, version 1.2 adds two features that …
ConScan v1.2: Username Disclosure and Brute-Force Added to Concrete5 Scanner
ConScan has been updated. If you’ve been using the Concrete5 black-box scanner since its initial release last October, version 1.2 adds two features that …
ConScan: A Black-Box Vulnerability Scanner for Concrete5 CMS
Web application pentests almost always involve a CMS. WordPress, Drupal, Joomla — the big names have decent tooling. But spend enough time in this space and …
HTTP Enum: Automated HTTP Enumeration and Web Server Fingerprinting Tool
Web server enumeration is one of those tasks that every pentester does, but almost nobody enjoys doing manually. Checking HTTP methods, looking for enabled …
TFTP Fuzzer: Finding Vulnerabilities in UDP-Based Protocols with Python
Most people learning pentesting focus on TCP. Makes sense — HTTP, FTP, SMB, that’s where a lot of the action is. But UDP protocols are a different beast, …
FTP Fuzzer: How I Found Real Bugs in FTP Servers with This Python Tool
If you want to find vulnerabilities in software, fuzzing is one of your best friends. The idea is simple: you throw a massive amount of unexpected, malformed, …