Kali Linux 2024.2 released

The latest release of Kali Linux, version 2024.2, brings significant updates and improvements. Key highlights include: As usual, you can update your existing Kali Linux by doing: For detailed information and to download the update, visit the Kali Linux Blog.

WSTG Checklist

If you are looking for a nice checklist for your web app pentest, this one can help you a lot. In this case, user @CristiVlad25 published on X a checklist based on the OWASP Web Security Testing Guide (WSTG). As CristiVlad25 explain, this checklist includes many test cases explain and how to test them.Also can be great when your client asks you to test against a methodology. WSTG Checklist

Caido.io

Caido.io is a lightweight web security auditing toolkit. According to the documentation: Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs. Pricing The basic version of this tool is free to use but has some limitations. Install Here we will cover the Desktop version, for more installation options (VPS or

Cvemap from ProjectDiscovery

Introduction Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases. It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at aspects like how likely a vulnerability can be exploited, critical deadlines, probability assessments, and real-world exploit data. Cvemap integrates diverse and high-value

Parrot OS 6.0 Revealed

Last week, one of the premier security-oriented operating systems received a significant upgrade to version 6.0. Updates Main System Raspberry Pi Images Alternate Install Script Architect Upgrading from a Previous Version Now, it’s time to either upgrade your existing system or install Parrot OS 6.0 if you haven’t already. For more details, visit the official Parrot website and explore the documentation site.

Packet Crafting and Network Exploration with Scapy

According to its main page, Scapy is a powerful interactive packet manipulation library written in Python. Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. https://scapy.net/ Install Depending on your OS and the installation method you want to use there are several options to install Scapy. pip install scapy sudo apt

ZXPY – Shell scripts made simple

Zxpy is a tool that simplifies the integration of shell commands into Python, making your scripting experience smoother and more efficient. Installation ❯ pip install zxpy If you have pipx installed, you can try out zxpy without installing it, by running: ❯ pipx run zxpy If you have an Arch-like distro you can as well use AUR ❯ yay -Ss zxpy ❯ yay -S zxpy Basic Usage ❯ nvim script.py❯

OWASP Juicy Shop – Score Board Challenge

Some time ago we explained how to install the OWASP Juicy Shop. This first post of 2024 will explain how to start with this nice vulnerable application. The first step is finding the scoreboard. To find it, we observe several matches in the Javascript files using the browser inspector just searching for «score».Checking some of those matches we can find a promising option: /score-board If we test it: http://localhost:3000/#/score-board we

Merry Catmas! See You After the Holidays

Hi everyone! We wish you a wonderful pawsome Christmas. Thank you for being part of our community this year. To celebrate the holidays, we’re taking a short break. There are no new articles for now, but we’ll return with fresh content soon! Have a merry Christmas and a happy New Year! See you in 2024. Warm wishes from rffuste.com

AWS Penetration Testing Checklist

Today I will share a nice AWS pentest checklist I found at https://guide.offsecnewbie.com/cloud-pentesting. You can find on this site much information and notes from many other aspects such as Recon phases, attack types, shells, SQL, password cracking… It is worth checking out.