Tools

  • Pocuito - A tiny chrome extension to record and replay your web application proof-of-concepts.
  • OWTF - Offensive Web Testing Framework is a try to make pentesting more efficient.
  • Garfield - An offensive attack framework for distributed layer of modern applications.
  • Flashriot - A shell script wrapper around flashbang for testing multiple flash files from the command line.
  • Flashbang - An open source flash security helper with a very specific purpose of finding flashVars of a naked swf.
  • NMDC Crawler - A python script for gathering metadata of shared files on NMDC networks.
  • thedumpster - A python script for passive recon on a domain using google.

Presentations

  • [Video] [Troopers 2017] - How we hacked DCMS.
  • [Slides] [Video] [NullCON 2016] - Tale of training a Web Terminator!
  • [Slides] [Video] [PyCON 2015] - Building Offensive Web Security Framework in Python.
  • [Slides] [Video] [BruCON 2014] - 5by5 OWASP OWTF.

Blog

Playing with python PEX files [Python]

Introduction

Recently I have been coming across lots of Python EXecutables. This seems to be a popular way of distributing python programs along with their dependencies. All that is necessary is a compatible python runtime. A very quick and a bit outdated WTF is PEX?. In most cases …