search
top

Tools

Namechk – A Domain Searching & Recon Tool

Posted by on Feb 5, 2019 in blog, Information Security, pen testing, social engineering, Tools | 0 comments

Namechk –  A Domain Searching & Recon Tool

Namechk –  A Domain Searching & Recon Tool So I came across a new tool that I found particularly interesting. And, especially for someone that may be working on a pen test during the recon stage. Recon is very important, since it allows you to gather as much intel as possible before you start to look for weaknesses. What is the tool? I came across a website called Namechk (https://namechk.com). And, started to realize the power it gives you when conducting recon for particular companies or people. This site basically allows you to search...

read more

Automating NMAP Scans

Posted by on Jun 25, 2018 in blog, Featured, Information Security, Linux, pen testing, Tools | 0 comments

Automating NMAP Scans

Automating NMAP Scans   Why do I need automation ? Security analysts just don’t have the time to always run manual tests. Let’s say I wanted to monitor my ports and services open on my external lab IP address. It is not feasible for me to run a scan at 3am every day for the rest of my life. Therefore, if I had a tool that could automatically run a scan, check to see if anything suspicious is found and can alert me if that is the case would be hugely beneficial. In my case, I have created a method to do this and it is a very...

read more

Wappalyzer – Identify technology on websites

Posted by on Apr 6, 2018 in blog, Information Security, pen testing, Tools | 0 comments

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself. Finding technologies on a website One of...

read more

DNSTwist – Domain Phishing Enumeration

Posted by on Apr 2, 2018 in blog, Information Security, Tools, Tutorial | 0 comments

DNSTwist – Domain Phishing Enumeration

DNSTwist – A Look at Domain Phishing Enumeration A few weeks ago, I happened to stumble upon a tool called DNSTwist. And, like every tool I ever encounter, I always like investigate more into a tools capabilities and what it can offer. After reading more about the tool through another blog I was reading at that time. I was pointed towards the official Github page for DNSTwist. The tool itself is great and something every company should at least look at on a yearly basis. Phishing attacks are on a rise, and the expectation is that they...

read more

BurpSuite & ZAP Bypass Proxy

Posted by on Apr 24, 2017 in blog, Featured, Information Security, Tools, Tutorial | 0 comments

BurpSuite & ZAP Bypass Proxy

BurpSuite & ZAP Bypass Proxy I wanted to make this tutorial for users that might get stuck in a similar situation. I was security testing a website using Burpsuite and would end up with SSL Handshake failures. And, it really made no sense at first since Burpsuite uses Java. And, I had the latest version of Java installed on my machine. Burpsuite was giving me SSL Handshake failure alerts and was asking me to install JCE Strong Cipher policies. Turns out the website was using VERY strong ciphers (which is a very good thing). And, they were...

read more

Default Passwords for IP Cameras

Posted by on Feb 5, 2017 in cheatsheets, Quick Tips, Tools | 0 comments

Default Passwords for IP Cameras   So, I decided to post a list of default passwords for most IP camera’s. I will try to update this list as specifications change or are added over time. This list is very useful for conducting penetration testing. I’ve found that many camera devices will either not ask the user to “create” a password or a “new” non-default password. The camera I ended up purchasing for testing ended up asking and forcing the users to enter a new password upon setup. Major IP camera...

read more

Why No Padlock?

Posted by on Jan 12, 2017 in Encryption, Quick Tips, Reviews, Tools | 0 comments

Why No Padlock?

SSL Scanning Websites So today, I came across a website that does a quick SSL test on your website. Anyone with a website should really be running this tool. I actually did find a few minor issues and was able to gather some info about it. Our Results Here is what we got for our results:   It’s looking good for us and especially since we have forced all our internal links to make use of HTTPS I also wanted to list a bad result as shown below.   Go ahead and scan your own website!   Check out – Why No Padlock...

read more
top