Search Results for "modular"

...While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. Pacu is the aggregation of all of the exploitation experience and research from our countless prior AWS red team engagements. Automating components of the assessment not only improves efficiency but also allows our assessment team to be much more thorough in large environments. ...

Pentest-Tools is a collection of penetration testing scripts and utilities designed to help security professionals and ethical hackers perform vulnerability assessments. It includes a wide range of tools for tasks like web scraping, reconnaissance, data extraction, and network analysis. The suite is modular, allowing users to choose the tools that best fit their specific pentesting needs, from web application analysis to network penetration testing.

Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web...

...It can detect a wide range of vulnerabilities, including improper SSL certificate validation, library misconfigurations, and downgrade or stripping attacks such as SSL and STARTTLS stripping. The system’s flexible architecture supports automated testing at scale, making it suitable for both single-device assessments and large network evaluations. Its modular structure also allows for customization and extension, enabling researchers to target specific network behaviors or encryption flaws.

MITMf aims to provide a one-stop-shop for Man-In-The-Middle and network attacks while updating and improving existing attacks and techniques. Originally built to address the significant shortcomings of other tools (e.g Ettercap, Mallory), it's been almost completely rewritten from scratch to provide a modular and easily extendible framework that anyone can use to implement their own MITM attack. The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass. As of version 0.9.8, MITMf supports active packet filtering and manipulation (basically what better filters did, only better), allowing users to modify any type of traffic or protocol. ...

...You can use OTP tokens, OTP cards, SMS, Smartphone Apps to incorparte the second factor. It can even manage SSH keys and supports Offline OTP. The latest version can manage and enroll user certificates. Its modular design makes it easily enhancable. It runs on Linux. Applications and workflows can be connected to privacyIDEA hence enabling two factor authentication in your system logon, web applications, SSL VPNs, firewalls and many more. A detailed audit log gives you full control of what happens when, where (why? ;-) and by whom. ...

RSA Public cryptosystem with efficient scaling with big prime numbers and thus secure keys..

STAT is a framework for building modular, stateful signature-based intrusion detection systems. STAT provides a means to develop sensors which operate in different domains and environments.