Webantix - Evolution of Security

Webshot: Screenshot every web server during your pen test

During an internal pen test you can find a large number of internal web servers. Some of these servers are running on some weird and wonderful ports and are hidden away. Without having to manually visit each and every web page to find that low hanging fruit I have built a bash script to go off and do this automagically for you.

All you need is your Nessus scan exported as an NBE file. Once you have this file you can use webshot.sh to collect all of the web servers found during your nessus scan. To download this new script please find it at https://github.com/webantix/webshot. Once you have used it and have some feedback just let me know in the comments below or on the issues log on github.

Read More

Sonicwall netExtender on ubuntu x64 missing libssl or libcrypto

Wow, over a year since my last post. Work has been crazy and personal life is even worse. If any of you are wondering where i have been hiding head over to upSploit.

Well I have just rebuilt my laptop to Xubuntu 11.10 as I could not stand the Unity on Ubuntu and decided to use 64bit OS now too. Don't worry with the Xubuntu bit this fix should work for any of the Ubuntu family.

Read More

Penetration Testing for Business Reasons

Now during my time as a Penetration Tester I have learnt that these days pen testing is not for the IT department it should be for the whole business. A quote from CISSP for dummies (stop laughing) says "Executives seem to understand This will cost us $3 million better than This will cause an unspecified loss at an undetermined future date".

Read More

upSploit - Public Beta Release

upSploit is a new and free Advisory Management Solution. The aim is for upSploit to become a service/framework that security researchers can depend on when disclosing vulnerabilities to vendors. After 5 months of development we are now ready to unleash to the world the Public Beta. This version is fully functional and automated to allow for speedy fixes to all the security holes that are out in the world to be found.
Read More

Setup Postgres for Metasploit on Ubuntu

I have been playing with Metasploit over the last few days and going through the Metasploit Unleashed course and while installing Metasploit I have found that some of the database features do not work out of the box. So below is how I managed to install and configure Postgres to work with Metasploit on Ubuntu 10.04(Lucid Lynx).

Read More