Blog Home

Recon-ng: An Open Source Reconnaissance Tool.
SecurityTrails Blog · Aug 13 2020 · by Nicolas Pence

Recon-ng: An Open Source Reconnaissance Tool

The OSINT tools arsenal is now filled with more pieces of code that help “get things done” better, faster and more effectively than ever before. And Recon-ng, with its modular design, brings you a familiar way to operate a command line while its similar syntax to the Metasploit framework allows you to mount different purpose modules and configure them independently.

DNS Privacy: Minimizing end-to-end Exposure.
SecurityTrails Blog · Jul 30 2020 · by Nicolas Pence

DNS Privacy: Minimizing end-to-end Exposure

The Domain Name System (DNS) is one of the most important services running behind the scenes that allows the Internet to work effectively every day. Also, it’s one of the most forgotten and abused which was covered previously in the “DNS attacks” article. Today we’ll address some of the ins and outs of its inner workings and review some helpful resources that will help minimize the chances of traffic sniffing (password leaking anyone?).

Top 30+ Best Blue Team Tools.
SecurityTrails Blog · Jul 02 2020 · by Sara Jelen

Top 30+ Best Blue Team Tools

We’re back to enriching your security toolkit, and this time we’re moving to the defensive side of security. Whether the best defense is a good offense, or the other way around, the truth is one can’t work without the other. That’s why the importance of having both red and blue teams in place and challenging each other, as well as maintaining an organization’s security posture, is crucial.

Fighting Against Phishing Attacks: Top 18 Best Phishing Auditing Tools.
SecurityTrails Blog · Jun 09 2020 · by Sara Jelen

Fighting Against Phishing Attacks: Top 18 Best Phishing Auditing Tools

Phishing is the most common type of social engineering attack, as well as one of the most frequent attack methods on the Internet in general. It’s a simple concept: creating a fake website that impersonates a legitimate one that the target frequents, and sending them a security notice that urges them to ‘click on the following link’—which then leads them to a fake website, where they’ll be prompted to log in.