RustScan: Empowering Nmap One Scan at a Time
We all love Nmap, we really do. It’s one of the first and most famous OSINT-like security tools created, written almost 23 years ago (at the time of this writing) by Gordon “Fyodor” Lyon.
Recon-ng: An Open Source Reconnaissance Tool
The OSINT tools arsenal is now filled with more pieces of code that help “get things done” better, faster and more effectively than ever before. And Recon-ng, with its modular design, brings you a familiar way to operate a command line while its similar syntax to the Metasploit framework allows you to mount different purpose modules and configure them independently.
Subfinder: A Practical Subdomain Exploration Tool
In one of our previous posts about information gathering, we covered the basics on how to get the right intel information about any organization, and that of course includes DNS intelligence.
DNS Privacy: Minimizing end-to-end Exposure
The Domain Name System (DNS) is one of the most important services running behind the scenes that allows the Internet to work effectively every day. Also, it’s one of the most forgotten and abused which was covered previously in the “DNS attacks” article. Today we’ll address some of the ins and outs of its inner workings and review some helpful resources that will help minimize the chances of traffic sniffing (password leaking anyone?).
IVRE: A Versatile Network Reconnaissance Framework
Being an infosec researcher requires more than just installing Kali Linux and watching a few YouTube tutorials. Being able to navigate the hundreds of tools available at your fingertips and knowing which tool is best for the job requires a good amount of self-learning or, at the very least, finding in-depth reviews to help you figure things out.
Gophish: An Open-Source Phishing Framework
If you or any friend, family member, or acquaintance has ever used an email account, chances are that at some point, they’ve received a phishing email. And while during the early stages of the internet, such deception usually looked so fake and misaligned that you could spot it right away as an attempt to mislead you, this isn’t so true anymore.
DMitry: Diving Into an Old-School Information Gathering Tool
How much information about a target can you possibly get? Is there an invisible barrier that delimits when enough information is gathered? What about cross-checking results and looking for differences? Data retrieval results may vary, depending on the location source you’re running for the analysis.
Top 30+ Best Blue Team Tools
We’re back to enriching your security toolkit, and this time we’re moving to the defensive side of security. Whether the best defense is a good offense, or the other way around, the truth is one can’t work without the other. That’s why the importance of having both red and blue teams in place and challenging each other, as well as maintaining an organization’s security posture, is crucial.
Masscan: A Fast and Scalable IP Port Scanner
Researchers require tools to make their investigations not only more effective, but also less mundane. Some tools are designed to automate repetitive tasks and other tools are designed to do things that wouldn’t be practical to do manually.
Fighting Against Phishing Attacks: Top 18 Best Phishing Auditing Tools
Phishing is the most common type of social engineering attack, as well as one of the most frequent attack methods on the Internet in general. It’s a simple concept: creating a fake website that impersonates a legitimate one that the target frequents, and sending them a security notice that urges them to ‘click on the following link’—which then leads them to a fake website, where they’ll be prompted to log in.