Brute forcing Gumroad Discount Codes

tl;dr - I notified Gumroad about a low-risk brute force attack against the discount voucher endpoint and it was fixed in a few weeks. Props to Sahil and his team at Gumroad for the quick fix!

Scantron - A Distributed nmap and masscan Scanning Framework

Original post can be found here: https://developer.rackspace.com/blog/scantron-a-distributed-nmap-scanner/ The Threat and Vulnerability Analysis team at Rackspace is charged with providing internal vulnerability scanning, penetration testing, and...

Review of "Automating OSINT - Master Class"

I had the opportunity to take Justin Seitz’s Automating OSINT (Open Source Intelligence) Master Course (https://register.automatingosint.com/) and wanted to write up my experience with it. I took the Master Course which bundled an introduction to...

pagodo.py - Passive Google Dorking

Introduction The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and applications on the Internet. There are 2 parts. The first is ghdb_scraper.py that retrieves Google Dorks and the...

rack-bob

Motivation Short for Rackspace bob-the-builder, this script builds servers with Rackspace's rack binary https://github.com/rackspace/rack. The goal of the project was to combine a number of DevOps concepts I've been learning lately. Minimize...

Edwards Aquabot with Beautiful Soup and TwitterAPI

Introduction Here in South Texas, outside water usage is dictated by the water level in the Edwards Aquifer, "a unique groundwater system and one of the most prolific artesian aquifers in the world"...

theHarvester Reboot

Introduction One of the most popular tools to collect email addresses and other target information during a pen test is theHarvester, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here:...

metagoofil File Download Rewrite

Introduction One of the best tools for conducting document and metadata reconnaissance during a pen test is metagoofil, written by Christian Martorella @laramies of the Edge-Security Group. The source code can be found here:...

dnmapR (dnmap revised)

For security processionals and penetration testers that want to distribute nmap scans to different clients, Seb Garcia created a great tool called dnmap, short for distributed nmap. There are two main parts to dnmap. The first is the server...

Release of batchconfig.py

batchconfig.py is a Python script to create customized Windows batch files for the purpose of conducting quick Incident Response, surveying a box post-exploitation, or assisting network administrators in managing their networks. batchconfig.py is...