Brute forcing Gumroad Discount Codes

tl;dr - I notified Gumroad about a low-risk brute force attack against the discount voucher endpoint and it was fixed in a few weeks. Props to Sahil and his team at Gumroad for the quick fix!

Scantron - A Distributed nmap and masscan Scanning Framework

Original post can be found here: https://developer.rackspace.com/blog/scantron-a-distributed-nmap-scanner/ The Threat and Vulnerability Analysis team at Rackspace is charged with providing internal vulnerability scanning, penetration testing, and...

Review of "Automating OSINT - Master Class"

I had the opportunity to take Justin Seitz’s Automating OSINT (Open Source Intelligence) Master Course (https://register.automatingosint.com/) and wanted to write up my experience with it. I took the Master Course which bundled an introduction to...

OSCP Review

Overview I finally got the opportunity to take Penetration Testing with Kali Linux (PWK) and the accompanying Offensive Security Professional Certification (OSCP) exam. There are already lots of great reviews about the course, content, labs, etc....

pagodo.py - Passive Google Dorking

Introduction The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the...

rack-bob

Motivation Short for Rackspace bob-the-builder, this script builds servers with Rackspace's rack binary https://github.com/rackspace/rack. The goal of the project was to combine a number of DevOps concepts I've been learning lately. Minimize...

Edwards Aquabot with Beautiful Soup and TwitterAPI

Introduction Here in South Texas, outside water usage is dictated by the water level in the Edwards Aquifer, "a unique groundwater system and one of the most prolific artesian aquifers in the world"...

theHarvester Reboot

Introduction One of the most popular tools to collect email addresses and other target information during a pen test is theHarvester, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here:...

metagoofil File Download Rewrite

Introduction One of the best tools for conducting document and metadata reconnaissance during a pen test is metagoofil, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here:...

BASH Alias-like Shortcuts for Windows

Introduction Ever wanted to have persistent, BASH-like aliases for Windows? Unfortunately, Windows makes this a little more convoluted, but it is still possible! In the Unix world, users have the ability to create a file, usually called...