| Blog | https://www.rffuste.com |
Kali Linux 2024.2 released
The latest release of Kali Linux, version 2024.2, brings significant updates and improvements. Key highlights include:
t64 Transition: Full implementation of 64-bit time_t type for better future compatibility, especially for 32-bit ARM architectures.
Desktop Enhancements: GNOME 46 update and Xfce improvements for a more polished user experience.
New Tools: Addition of 18 ne
https://www.rffuste.com/2024/06/10/kali-linux-2024-2-released/
#Noticias #kali
WSTG Checklist
If you are looking for a nice checklist for your web app pentest, this one can help you a lot.
In this case, user @CristiVlad25 published on X a checklist based on the OWASP Web Security Testing Guide (WSTG).
As CristiVlad25 explain, this checklist includes many test cases explain and how to test them.Also can be great when your client asks you to test against a methodology.
WSTG Checklist
https://www.rffuste.com/2024/03/25/wstg-checklist/
#Pills #checklist #WSTG
Caido.io
Caido.io is a lightweight web security auditing toolkit.
According to the documentation:
Caido is available as both a desktop application and a standalone command-line interface (CLI) binary, offering users the flexibility to choose the installation method that best suits their needs.
Pricing
The basic version of this tool is free to use but has some limitations.
Up to 2 projects
Up to 5
https://www.rffuste.com/2024/02/19/caido-io/
#Tutoriales #caido #tools
Cvemap from ProjectDiscovery
Introduction
Cvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases.
It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at
https://www.rffuste.com/2024/02/05/cvemap-from-projectdiscovery/
#General #Tutoriales #cve #cvemap #projectDiscovery #tools
Parrot OS 6.0 Revealed
Last week, one of the premier security-oriented operating systems received a significant upgrade to version 6.0.
Updates
Main System
Debian 12
Linux Kernel 6.5
Advanced DKMS and Wi-Fi Drivers
Updated Pentesting Tools
Updated Libraries and Python 3.11
Refreshed System Appearance
Experimental Containerization for Unsupported Tools
Grub Fail-Safe Boot Options
https://www.rffuste.com/2024/01/29/parrot-os-6-0-revealed/
#Noticias #parrot
Packet Crafting and Network Exploration with Scapy
According to its main page,
Scapy is a powerful interactive packet manipulation library written in Python. Scapy is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.
https://scapy.net/
Install
Depending on your OS a
https://www.rffuste.com/2024/01/22/packet-crafting-and-network-exploration-with-scapy/
#General #Tutoriales #scapy #tools
ZXPY – Shell scripts made simple
Zxpy is a tool that simplifies the integration of shell commands into Python, making your scripting experience smoother and more efficient.
Installation
❯ pip install zxpy
If you have pipx installed, you can try out zxpy without installing it, by running:
❯ pipx run zxpy
If you have an Arch-like distro you can as well use AUR
❯ yay -Ss zxpy
https://www.rffuste.com/2024/01/15/zxpy-shell-scripts-made-simple/
#Tutoriales #python #zxpy
OWASP Juicy Shop – Score Board Challenge
Some time ago we explained how to install the OWASP Juicy Shop.
This first post of 2024 will explain how to start with this nice vulnerable application.
The first step is finding the scoreboard.
To find it, we observe several matches in the Javascript files using the browser inspector just searching for "score".Checking some of those matches we
https://www.rffuste.com/2024/01/08/owasp-juicy-shop-score-board-challenge/
#CTFs #juicyshop
Merry Catmas! See You After the Holidays
Hi everyone!
We wish you a wonderful pawsome Christmas. Thank you for being part of our community this year.
To celebrate the holidays, we're taking a short break. There are no new articles for now, but we'll return with fresh content soon!
Have a merry Christmas and a happy New Year! See you in 2024.
Warm wishes from rffuste.com
https://www.rffuste.com/2023/12/25/merry-catmas-see-you-after-the-holidays/
#Noticias
AWS Penetration Testing Checklist
Today I will share a nice AWS pentest checklist I found at https://guide.offsecnewbie.com/cloud-pentesting.
You can find on this site much information and notes from many other aspects such as Recon phases, attack types, shells, SQL, password cracking... It is worth checking out.
Test for Unauthenticated Bucket Access
Test for Semi-Public Bucket access
https://www.rffuste.com/2023/12/18/aws-penetration-testing-checklist/
#Wiki #aws #checklist
