Invoke-Antivm – Powershell Tool For VM Evasion
Invoke-AntiVM is a set of modules to perform VM detection and fingerprinting (with exfiltration) via Powershell.CompatibilityRun the script check-compatibility.ps1 to...
tools
Bulwark – An Organizational Asset And Vulnerability Management Tool, With Jira Integration, Designed For Generating Application Security Reports
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports. Jira IntegrationNotePlease keep in...
Doctrack – Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)
Tool to manipulate and insert tracking pixels into Office Open XML documents. FeaturesInsert tracking pixels into Office Open XML documents...
Kali Linux 2020.4 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2020.4. This release has various impressive updates:ZSH is the new default...
Announcing the 2020 December Metasploit community CTF
It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing...
This One Time on a Pen Test: CSRF to Password Reset Phishing
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Teler – Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources...
OpenEDR – Open EDR Public Repository
We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and...
Congress unanimously passes federal IoT security law
The US Senate unanimously passed the IoT Cybersecurity Improvement Act (H.R.1668) yesterday. The US House passed the bill in September,...
Behind the Scenes: Under the Hoodie 2020 Video Series
Longtime fans of our Under the Hoodie video series may have noticed that this year’s videos looked, well, a little...
Rehex – Reverse Engineers’ Hex Editor
A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else.FeaturesLarge (1TB+) file support Decoding of integer/floating point...
Gping – Ping, But With A Graph
Ping, but with a graph.InstallFYI: The old Python version can be found under the python tag. Homebrew (MacOS + Linux)brew...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post.This blog post aims to increase...
MacC2 – Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities
MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed...
Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters....
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans...
Go_Parser – Yet Another Golang Binary Parser For IDAPro
Yet Another Golang Binary Parser For IDAPro NOTE: This master branch is written in Python2 for IDAPython, and tested only...
FinalRecon v1.1.0 – The Last Web Recon Tool You’ll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the...
Herpaderping – Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process
Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the...
Linux-Evil-Toolkit – A Framework That Aims To Centralize, Standardize And Simplify The Use Of Various Security Tools For Pentest Professionals
Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for...
Tfsec – Security Scanner For Your Terraform Code
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example OutputInstallationInstall...
Scripthunter – Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note...
FAMA – Forensic Analysis For Mobile Apps
LabCIF - Forensic Analysis for Mobile AppsGetting StartedAndroid extraction and analysis framework with an integrated Autopsy Module. Dump easily user...
Leonidas – Automated Attack Simulation In The Cloud, Complete With Detection Use Cases
Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker...
