Purplemet Online Tool To Detect WebApp Technologies

Purplemet Security provides you an efficient and fast way to detect technologies used on web application as well their versions. It comes with 3 main features : Real-time Purplemet technology detection always analyzes your web application in real-time to give you an up-to-date status. Accuracy The detectors are updated every day to provide you the most [&hellip

Link: http://www.toolswatch.org/2018/04/purplemet-online-tool-to-detect-webapp-technologies/

List of Adversary Emulation Tools

PenTestIT RSS Feed
Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot’s of interest. One such word going around now-a-days is automated “adversary emulation“. Let’s first understand what this really means. Adversary emulation/simulation offers a method to test a network’s resilience against anRead more about List of Adversary Emulation Tools
The post List of Adversary Emulation Tools appeared first on PenTestIT.

Link: http://pentestit.com/adversary-emulation-tools-list/

UPDATE: OWASP Dependency-Check 3.1.2

PenTestIT RSS Feed
My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were updated. Earlier, they used to point to https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml.gz, which no longer works as the updatedRead more about UPDATE: OWASP Dependency-Check 3.1.2
The post UPDATE: OWASP Dependency-Check 3.1.2 appeared first on PenTestIT.

Link: http://pentestit.com/update-owasp-dependency-check-3-1-2/

AutoSploit = Shodan/Censys/Zoomeye + Metasploit

PenTestIT RSS Feed
I know, I know that you already have read about AutoSploit and used it probably since word got out about this auto exploitation tool some two months ago. However, between then and now, a lot has changed with the tool and this post is about that. What is AutoSploit? AutoSploit is an automated, mass exploitationRead more about AutoSploit = Shodan/Censys/Zoomeye + Metasploit
The post AutoSploit = Shodan/Censys/Zoomeye + Metasploit appeared first on PenTestIT.

Link: http://pentestit.com/autosploit-shodan-censys-zoomeye-metasploit/

UPDATE: Prowler 2.0 Beta

PenTestIT RSS Feed
My older post about Prowler was about a good NINE months ago. Since then, a lot has changed and hence, this post is about the recently released update made to the AWS CIS Benchmark tool – Prowler 2.0 Beta! This new beta version has lots of improvements which you shall read about pretty soon. What is Prowler? ProwlerRead more about UPDATE: Prowler 2.0 Beta
The post UPDATE: Prowler 2.0 Beta appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/M3aVHtUxbQM/

UPDATE: Sysdig Falco v0.9.0

PenTestIT RSS Feed
My last post from a almost nice months ago, was about an open source behavorial activity monitor which has container support. It was updated and we now have update – the Sysdig Falco v0.9.0! This release fixes a couple of driver and OSX build incompatibility issues. What is Sysdig Falco? Sysdig Falco is a behavioral activity monitorRead more about UPDATE: Sysdig Falco v0.9.0
The post UPDATE: Sysdig Falco v0.9.0 appeared first on PenTestIT.

Link: http://pentestit.com/update-sysdig-falco-v0-9-0/

Maltego Transforms

Creating Local Maltego Transforms for our DNS reconnaissance tools has been on my to do list for a while now. I am happy to say they are now available and it is a sweet way to perform infrastructure mapping from a domain. What is Maltego? Maltego is a cross platform application, for performing link analysis. […]
The post Maltego Transforms appeared first on HackerTarget.com.

Link: https://hackertarget.com/maltego-transforms/

T.rex_scan v0.2 – Integrate Tools to Audit Web Sites

T.rex_scan only facilitates the visualization when auditing a web page. With this script you can optimize your time, reducing the time you audit a page web since T.rex_scan executes the task you indicate and filters the results. Combining different tools you can: Shows vulnerabilities of the audited page Launch a port scan Shows the CVEs [&hellip

Link: http://www.toolswatch.org/2018/03/t-rex_scan-v0-2-integrate-tools-to-audit-web-sites/

OSSEC Introduction and Installation Guide

OSSEC is a Host Based Intrusion Detection and Prevention system. Best practice security management calls for a layered approach to security; security vulnerability scanning, a firewall, strong passwords, patch management and intrusion detection capabilities are all important layers. Using a HIDS allows you to have real time visibility into what security events are taking place […]
The post OSSEC Introduction and Installation Guide appeared first on HackerTarget.com.

Link: https://hackertarget.com/ossec-introduction-and-installation-guide/