Scantron - A Distributed nmap and masscan Scanning Framework

Background Original post can be found here: https://developer.rackspace.com/blog/scantron-a-distributed-nmap-scanner/ The Threat and Vulnerability Analysis team at Rackspace is charged with providing internal vulnerability scanning, penetration testing, and red/purple teaming capabilities to reduce cyber-based threats, risk, and exposure for the company. One of our tasks, as…

Review of "Automating OSINT - Master Class"

I had the opportunity to take Justin Seitz’s Automating OSINT (Open Source Intelligence) Master Course (https://register.automatingosint.com/) and wanted to write up my experience with it. I took the Master Course which bundled an introduction to Python in addition to all of the OSINT focused modules. For…

OSCP Review

Overview I finally got the opportunity to take Penetration Testing with Kali Linux (PWK) and the accompanying Offensive Security Professional Certification (OSCP) exam. There are already lots of great reviews about the course, content, labs, etc. that you can find here: https://www.offensive-security.com/testimonials-and-reviews/ This is more of…

pagodo.py - Passive Google Dorking

Introduction The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the second portion is pagodo.py that leverages the information…

rack-bob

Motivation Short for Rackspace bob-the-builder, this script builds servers with Rackspace's rack binary https://github.com/rackspace/rack. The goal of the project was to combine a number of DevOps concepts I've been learning lately. Minimize building servers by hand/GUI and treat infrastructure-as-code by utilizing an API. Other cloud…

Edwards Aquabot with Beautiful Soup and TwitterAPI

Introduction Here in South Texas, outside water usage is dictated by the water level in the Edwards Aquifer, "a unique groundwater system and one of the most prolific artesian aquifers in the world" (https://en.wikipedia.org/wiki/Edwards_Aquifer). Home owners can only water their grass on…

theHarvester Reboot

Introduction One of the most popular tools to collect email addresses and other target information during a pen test is theHarvester, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here: https://github.com/laramies/theHarvester, but it comes with Kali by default. Motivated…

metagoofil File Download Rewrite

Introduction One of the best tools for conducting document and metadata reconnaissance during a pen test is metagoofil, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here: https://github.com/laramies/metagoofil, but it comes with Kali by default. The tool hasn't been…

BASH Alias-like Shortcuts for Windows

Introduction Ever wanted to have persistent, BASH-like aliases for Windows? Unfortunately, Windows makes this a little more convoluted, but it is still possible! In the Unix world, users have the ability to create a file, usually called .bash_aliases, that contains user-defined shortcuts for executing commands. The example below greps…