Cloning an HTTP request is a typical requirement from Software Engineers that work in agile development life cycles and have requirement to actionable analytical data. From a security perspective, cloning HTTP requests is only a concern when the cloned HTTP request is sent to an environment that doesn’t meet your corporations’ server security policies so […]Read more "How To Clone an HTTP request with one condition"
How to install openvas in 5 min. kali 1. Install a fresh Openvas package via apt-get apt-get remove openvas apt-get install openvas 2. If no exceptions were returned by the installer, verify if the setup is correct. The open-vas check-setup script does a great job. Trust it. If it’s to noisy for you, pipe the […]Read more "How to install openvas in 5 minutes on kali"
discover.sh You’ll love this script. I incorporate this tool into penetration testing engagements that require tactical social engineering or on-demand targeted reconnaissance. Download, setup & usage Kali mini apt-get install windows-binaries git clone git://github.com/leebaird/discover.git /opt/discover/ All scripts must be ran from this location. cd /opt/discover/ && ./setup.sh &&./discover.sh RECON 1. Domain 2. Person 3. Parse […]Read more "discover.sh"
You’ve got a problem. After a recent Tomcat upgrade in your authentication server’s test environment, you noticed that authentication between your web application’s rest API calls and your authentication server fails. You decide to sniff the network with good ole’ tcpdump on the app (client) and authentication server. tcpdump -ni any port 80 or port 443 -A […]Read more "How To Force Client to use HTTPS"
Debugging Metasploit and Logging Metsploit Commands Some use cases for setting up metasploit to log commands include: your client needs these logs building smart-list of SQL queries echo “spool /root/msf_console.log” > /root/.msf4/msfconsole.rcRead more "Debugging Metasploit and Logging Metsploit Commands"