Tag Archives: pentest
Web application bruteforcer

Wfuzz is a tool designed to brutefore web applications, it’s very flexible, it supports: Recursion (when doing directory discovery) Post…

Passive information gathering

Search Engines Gather information using search engines results Google Bing Reverse IP lookup using Bing: IP:x.y.z.yIP:x.y.z.y Yahoo Social Networking Sites…

Exploit Database – a repository for exploits and PoCs

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and…

Prepare your Debian server to host a phishing site

It should be noted that the following guide has been tested and it is working for Debian 8.5-8.6. Update your…

Identify valid credentials within a network

CredNinja is a multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a…

Active Directory enumeration from non-domain system

ADEnumerator allows red teamers to query LDAP with a standard user account from a system not joined to a domain….

Nessus _qdb_open: invalid table of contents

1. You start Nessus and you get an error while connecting to https://127.0.0.1:8834. 2. You run nessuscli and you get…

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url |…

Bruteforce attacks against common database servers

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is…

Grabbing Passwords from Memory

* Using Powershell we can bypass AVs easier than using mimikatz.exe which normally is blocked from AVs. * Upload Invoke-Mimikatz.ps1…

Next Page