Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882): What You Need to Know
What’s up? As if October 2020 hasn’t been scary enough, Rapid7 Labs, the SANS Internet Storm Center (ISC), and other...
hacking
How Maria Barsallo Lynch Helps Combat the Spread of Misinformation and Disinformation Ahead of the Election
In our most recent episode of Security Nation, we spoke with Maria Barsallo Lynch, Executive Director of the Defending Digital...
Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year
Spooky season is in full swing, and we’re not just talking about Halloween. Security vulnerabilities can range from tiny errors...
Awesome Android Security – A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
A curated list of Android Security materials and resources For Pentesters and Bug Hunters.BlogAAPG - Android application penetration testing guide...
iSH – Linux Shell For iOS
A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current...
Rapid7 Announces Improvements to Goals and SLAs in InsightVM
We know that proving the efficacy of your vulnerability management program is no easy task. But with the Goals and...
Grype – A Vulnerability Scanner For Container Images And Filesystems
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Features Scan the contents...
TASER – Python3 Resource Library For Creating Security Related Tooling
TASER (Testing And SEecurity Resource) is a Python resource library used to simplify the process of creating offensive security tooling,...
2021 Detection and Response Planning, Part 3: Why 2021 Is the Year for SOC Automation
In this third installment of our series around 2021 security planning, we’re focused on SOC automation. In part one, we...
JWT-Hack – Tool To En/Decoding JWT, Generate Payload For JWT Attack And Very Fast Cracking(Dict/Brutefoce)
jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and...
Decoder++ – An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats
An extensible application for penetration testers and software developers to decode/encode data into various formats.SetupDecoder++ can be either installed by...
Scan Template Best Practices in InsightVM
When you start out with one of our vulnerability management solutions, Nexpose or InsightVM, one of the first things you...
CobaltStrikeScan – Scan Files Or Process Memory For CobaltStrike Beacons And Parse Their Configuration
Scan files or process memory for Cobalt Strike beacons and parse their configuration. CobaltStrikeScan scans Windows process memory for evidence...
Manuka – A Modular OSINT Honeypot For Blue Teamers
Manuka is an Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue...
Pesidious – Malware Mutation Using Reinforcement Learning And Generative Adversarial Networks
Malware Mutation using Deep Reinforcement Learning and GANsThe purpose of the tool is to use artificial intelligence to mutate a...
AutoGadgetFS – USB Testing Made Easy
What’s AutoGadgetFS ?AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without...
NoSQLi – NoSql Injection CLI Tool
NoSQL scanner and injector. About NosqliI wanted a better nosql injection tool that was simple to use, fully command line...
GitDorker – A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks
GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled...
Oregami – IDA Plugins And Scripts For Analyzing Register Usage Frame
""" What is this register used for? Hmm.. I'll just rename it to veryuniquename, do a textual search, and find...
NTLMRawUnHide – A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format....
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers...
MalwareSourceCode – Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages
Malware Source Code Collection!!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in...
Pwndoc – Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx...
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
