Dear PenTest Readers,
This open edition takes a special place in our hearts. Here, at PenTest Magazine, we deeply care about the community and knowledge-sharing. The edition you are reading right now reflects that.
Inside this free issue you’ll find articles featuring open source tools for pentesters. Many of them are written by the authors themselves - don’t forget to check their GitHub profile afterwards! We wanted to cover a broad spectrum of tools, ranging from useful scripts and Linux distributions to innovative tools.
Grab your favorite hot beverage (or something cold, we don’t forget about you, Southern Hemisphere!), find a comfortable position and learn something new about pentesting Android devices, how to weaponize reflected XSS, scan for vulnerabilities using Nuclei, get to know ropci and much more!
Please, don’t hesitate to contribute to the tools whenever you find room for improvement. Without a doubt this is the most powerful part of the open source community - you truly can make a difference.
Without further ado,
Enjoy the content!
PenTest Magazine’s Editorial Team
This magazine is free to download, just register as a free user and enjoy your reading!
Table of Contents
Weaponizing Reflected XSS
by Panagiotis Chartas
Nuclei Vulnerability Scanning in 2022... Or even earlier…
by Walter Cuestas
Nuclei is used to send messages (requests for HTTP and frames for other types of services) using templates that allow it to process the responses and find matches based on various conditions. In this way, it minimizes false positives and provides a way to quickly scan multiple test targets (the latter is stated in its repo and I can confirm that).
ropci, so, you think you have MFA?
by Johann Rehberger
This article discusses ropci, which is a tool that aids with identifying and abusing OAuth2 ROPC exposed applications in Microsoft AAD. In particular, the article explores what ROPC is, how to test for it, how to abuse ROPC enabled applications during security assessments and pen tests, as well as mitigation steps.
by Ashwini Sahu
ADB-Toolkit is a script purely written in Bash with 28 options and a Metasploit section that is used for a Metasploit type of attack by creating a payload to start the Metasploit listener and installing the payload to the victim device and general stuff like installing an .apk file or data pulling or pushing from or into the system.
by Edoardo Ottavineli
It had always bothered me when I picked up a FOSS tool, installed it locally, configured it, and then it didn't have the features I wanted, or it just worked in a way I didn't like. Luckily, I know how to code and what I want. During these years, I have played with code on GitHub so much (https://github.com/edoardottt), and I've built some tools specifically to satisfy my needs. These tools are focused on web/network targets and designed to automate boring or time-consuming tasks. I’m going to present to you some of the ones I use daily.
by Antonio Voza
Athena OS is born to offer a different experience than the most used pentesting distributions. While these OSes rely on the direct usage of hacking tools, Athena focuses on the user learning, indeed it connects the user, in a comfortable manner, to access training resources and security feeds.
by Pablo Santiago López
Rekono is a distributed platform that combines other hacking tools and their results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and can also be imported in Defect-Dojo if an advanced vulnerability management is needed. Note that, Rekono doesn’t exploit vulnerabilities, its goal is getting as much information as possible from the target.
by Kaan Gültekin
AutoPWN Suite automates the process of scanning and finding security issues in computer systems. It is a solution that automatically scans, detects, and exploits all known vulnerabilities in your system without any manual intervention. It is a fully automated penetration testing tool that helps you find hidden security holes in your system and fix them before a hacker can take advantage of them.
by Jafar Untar
Nmap is, in a straightforward way, the best tool on the scanning stage of a pentesting process, period. Just explaining a little bit, the “Network Mapping” is a tool created a while ago and released in 1997 by Gordon “Fyodor” Lyon, with the intent of being an open-source security scanner with “consistent interface and efficient implementation of all practical port scanning techniques”. As the time passed by, Nmap became a complex and powerful Swiss-army-knife with plenty of new features, such as OS fingerprint discovery, custom scripts for detection, and various parameters for evading filters and firewalls, with different output modes, and it is very versatile to automate and build its own scripts.
by David Utón Amaya
GooFuzz is written in Bash and only requires a terminal with Internet access to work. The execution of the tool is very simple, since it is only necessary to enter a target (URL/IP) and those extensions, file names, subdomains, folders or parameters that we want to find, either through a dictionary or through the terminal, separating them by commas.