If you are looking for a nice checklist for your web app pentest, this one can help you a lot. In this case, user @CristiVlad25 published on X a checklist based on the OWASP Web Security Testing Guide (WSTG). As CristiVlad25 explain, this checklist includes many test cases explain and how to test them.Also can be great when your client asks you to test against a methodology. WSTG Checklist
Caido.io
Caido.io is a lightweight web security auditing toolkit. According to the documentation: Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs. Pricing The basic version of this tool is free to use but has some limitations. Install Here we will cover the Desktop version, for more installation options (VPS or
Cvemap from ProjectDiscovery
Introduction Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases. It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at aspects like how likely a vulnerability can be exploited, critical deadlines, probability assessments, and real-world exploit data. Cvemap integrates diverse and high-value
Parrot OS 6.0 Revealed
Last week, one of the premier security-oriented operating systems received a significant upgrade to version 6.0. Updates Main System Raspberry Pi Images Alternate Install Script Architect Upgrading from a Previous Version Now, it’s time to either upgrade your existing system or install Parrot OS 6.0 if you haven’t already. For more details, visit the official Parrot website and explore the documentation site.
Packet Crafting and Network Exploration with Scapy
According to its main page, Scapy is a powerful interactive packet manipulation library written in Python. Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. https://scapy.net/ Install Depending on your OS and the installation method you want to use there are several options to install Scapy. pip install scapy sudo apt
ZXPY – Shell scripts made simple
Zxpy is a tool that simplifies the integration of shell commands into Python, making your scripting experience smoother and more efficient. Installation ❯ pip install zxpy If you have pipx installed, you can try out zxpy without installing it, by running: ❯ pipx run zxpy If you have an Arch-like distro you can as well use AUR ❯ yay -Ss zxpy ❯ yay -S zxpy Basic Usage ❯ nvim script.py❯
OWASP Juicy Shop – Score Board Challenge
Some time ago we explained how to install the OWASP Juicy Shop. This first post of 2024 will explain how to start with this nice vulnerable application. The first step is finding the scoreboard. To find it, we observe several matches in the Javascript files using the browser inspector just searching for «score».Checking some of those matches we can find a promising option: /score-board If we test it: http://localhost:3000/#/score-board we
Merry Catmas! See You After the Holidays
Hi everyone! We wish you a wonderful pawsome Christmas. Thank you for being part of our community this year. To celebrate the holidays, we’re taking a short break. There are no new articles for now, but we’ll return with fresh content soon! Have a merry Christmas and a happy New Year! See you in 2024. Warm wishes from rffuste.com
AWS Penetration Testing Checklist
Today I will share a nice AWS pentest checklist I found at https://guide.offsecnewbie.com/cloud-pentesting. You can find on this site much information and notes from many other aspects such as Recon phases, attack types, shells, SQL, password cracking… It is worth checking out.
Kali 2023.4
2023 is coming to its end but before that, it’s time again to update our Kalis with version 2023.4 What can be found in this new version? How to update an existing installation:(As described in the Kali blog post)