Website Web Directory Brute Forcing Fuzzing Tools and Techniques Wordlist Strategies

Directory Brute Forcing Techniques:  Dirsearch is a simple command line tool designed to brute force directories and files in websites. This tool is available at GitHub you can download it from here and after installation in your Kali Linux type following to start dirsearch. dirsearch /opt/dirsearch/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://TARGETIP -e php -t 20 # Dirb dirb … Read more

HUGE List of the best Linux Unix Windows HoneyPots Available for Download

Honeypots Database Honeypots Delilah – Elasticsearch Honeypot written in Python (originally from Novetta). ESPot – Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. Elastic honey – Simple Elasticsearch Honeypot. HoneyMysql – Simple Mysql honeypot project. MongoDB-HoneyProxy – MongoDB honeypot proxy. MongoDB-HoneyProxyPy – MongoDB honeypot proxy by python3. NoSQLpot – Honeypot framework built on a NoSQL-style database. mysql-honeypotd – Low … Read more

Cowrie is a medium to high interaction SSH and Telnet honeypot UNIX Based

Download: Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker … Read more

WackoPicko Pen Testing Tool Web App is a website that contains known vulnerabilities

WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners Docker Image I recently created a wackopicko docker image, which is just about the easiest way to run wackopicko. Simply run the following, which will map your local port 8080 to the port 80 in … Read more