Thursday, May 26, 2022
  • Quick Tips: Listening to Your Linux-based Splunk Installation Ports
  • More Than 1 In 3 Users In The Digital Conversation Express Discontent Toward U.S. Politicians And Alleged Corruption
  • Top Ten Most Cumbersome Website Infections to Remove in 2021
  • Zero Day Initiative’s Pwn2Own Miami 2022 – Daan Keupe’s And Thijs Alkemade’s ‘Computest Sector 7 Vs. The OPC Foundation OPC UA .NET Standard’
  • Are You Ready for a Penetration Test?

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Identity & Access Security Bloggers Network 

Home » Cybersecurity » Identity & Access » Pentest Toolbox Additions 2018

SBN

Pentest Toolbox Additions 2018

by Tripwire Guest Authors on December 9, 2018

I’m a red teamer,.I do work similar to pentesting and use many of the same tools. This year, I’ve added several tools to my toolbox. I’ll introduce them to you below. I hope you find them valuable, as well.

Cybersecurity Live - Boston

password spraying

DoubleTap (by @4lex)

I <heart> password spraying attacks where you guess a few common passwords against a large list of users. Why? Because it works! I used to get a little bummed when I would come up against a web application like Office365 where the login is a multi-step process. Such web apps required extra time to create a script to do the password spraying. In this case, DoubleTap is your best friend. DoubleTap is a password spraying tool that can be quickly configured to password spray any web portal no matter the number of steps it takes. You simply tell it the name of the username and password fields where it should substitute in your values and the names of the buttons to “push” after entering the data. It comes with a module already set up and ready to go for spraying Office365, and you can easily add your own modules. Check it out here.

GatherContacts (by @OrOneEqualsOne)

How do you build a list of usernames for use in your password spraying script? GatherContacts is a Burp Suite Extension that pulls employee names from Google and Bing search results. The searches specifically pulled names from LinkedIn for the company name you specify. Follow the link for tips and tricks for massaging this list into various user name formats.

Doxy Cannon (by @4lex)

Of course, if you are a password spraying addict, you will no doubt run into a situation where your IP address gets blocked from accessing the target server. In last year’s Toolbox Additions post, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/pentest-toolbox-additions/

December 9, 2018December 9, 2018 Tripwire Guest Authors Featured Articles, passwords, pentesting, security, Security Controls
  • ← 17 Technology, IT and Engineering Scholarships for Women in 2019-2020
  • The Quora Data Breach, Facebook’s Private Emails, Google Location Tracking – WB46 →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Flawed MFA Opens Doors to Ransomware
Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Oracle Adds Services to Strengthen Cloud Security
Is SaaS a Threat or a Boon to Cybersecurity?
What’s the Latest on Cyber Talent and Staffing Shortages?
BSides Prishtina 2022 – Arian Sheremeti’s ‘Understanding Cyber Security Threats And Challenges In Protecting Critical Infrastructure’
Why the Cybersecurity Industry Needs to Change Its Siloed Perception
MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward
Strava-cide? Top California Cyclist Allegedly Murdered by Jealous Texan

Upcoming Webinars

Tue 31

Leveraging a Cloud Data Platform to Respond to Cybersecurity Events

May 31 @ 11:00 am - 12:00 pm
Jun 01

The 2022 Guide to API Security

June 1 @ 11:00 am - 12:00 pm
Jun 01

Security From Code to Cloud and Back to Code

June 1 @ 1:00 pm - 2:00 pm
Jun 08

Beyond Unification: How CNAP Should Reduce Cloud Security Risk

June 8 @ 11:00 am - 12:00 pm
Jun 08

When Less Is More: Full Life Cycle Serverless Security

June 8 @ 1:00 pm - 2:00 pm
Jun 15

Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult

June 15 @ 1:00 pm - 2:00 pm
Jun 21

Why Cloud-Native Applications and APIs Are at Risk

June 21 @ 1:00 pm - 2:00 pm
Jun 28

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

June 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Security Awareness Security Boulevard (Original) Threat Intelligence 

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity

May 23, 2022 Mike Hodge | 3 days ago 0
Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT
Attorney-Client Privilege and Email Privacy
Cybersecurity Data Security Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Attorney-Client Privilege and Email Privacy

April 7, 2022 Mark Rasch | Apr 07 Comments Off on Attorney-Client Privilege and Email Privacy

Top Stories

Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Digital Driver’s License Fails Spectacularly — ‘Laughably Easy’ to Forge

May 26, 2022 Richi Jennings | Yesterday 0
Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money

May 24, 2022 Richi Jennings | 2 days ago 0
Oracle Adds Services to Strengthen Cloud Security
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Oracle Adds Services to Strengthen Cloud Security

May 24, 2022 Michael Vizard | 2 days ago 0

Security Humor

XKCD ‘Goofs’

XKCD ‘Goofs’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.

API Poll

Step 1 of 5

20%
Do you have an API security project in 2022?
Who is responsible for API Security?
What is your API security maturity?
What is your top 3 concerns regarding API security? (select 3)
Which API Security practices do you follow most? (select all that apply)
This field is for validation purposes and should be left unchanged.