AWS Recon – Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata

August 25, 2020 ~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- A multi-threaded AWS inventory collection tool.The creators of this tool have a recurring need to be able to efficiently collect a large amount of AWS resource attributes and metadata to help clients understand their cloud security posture.There are a handful of tools (e.g. AWS Config, CloudMapper, CloudSploit, Prowler) that do some … Continue reading AWS Recon – Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata

Yeti – Your Everyday Threat Intelligence

August 24, 2020August 24, 2020 ~ Dade Murphy ~ Leave a comment

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that … Continue reading Yeti – Your Everyday Threat Intelligence

Parth – Heuristic Vulnerable Parameter Scanner

August 24, 2020August 24, 2020 ~ Dade Murphy ~ Leave a comment

Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs or it's own disocovered URLs to … Continue reading Parth – Heuristic Vulnerable Parameter Scanner