Responder: Capturing Credentials Like a Network Bandit Responder is a powerful LLMNR, NBT-NS, and MDNS poisoner designed for internal network attacks. It listens on a network interface and responds to broadcast name resolution requests, tricking machines into sending authentication attempts to the attacker’s machine — often handing over NTLMv1/v2 hashes or even clear-text creds if […]
CMSmap: Enumerating WordPress, Joomla, and Drupal Like a Pro When you’re testing a Content Management System (CMS) like WordPress, Joomla, or Drupal, your recon needs to go deeper than default credentials and login forms. This is where CMSmap comes in. It’s a Python-based scanner designed specifically for enumerating and testing known vulnerabilities in popular CMS
Nmblookup: NetBIOS Name Resolution in Action When you’re dealing with older Windows environments or internal networks, NetBIOS name resolution can still be in play. One lightweight tool for this is nmblookup, which lets you perform NetBIOS queries to identify hosts, workgroups, and domain names—especially when DNS isn’t available or reliable. This post breaks down: What
Enum4linux: SMB Enumeration for Pentesters When you come across an SMB service on a target, enum4linux is one of your go-to tools for fast and detailed enumeration. It’s basically a wrapper around smbclient, rpcclient, net, and nmblookup, automating the dirty work of probing Windows shares and services. This post will cover: What is enum4linux? enum4linux
FFUF: Fuzzing for Hidden Web Paths Like a Pro When it comes to web fuzzing, ffuf is that blunt instrument sharpened to a scalpel’s edge. It’s a lightning-fast tool used to find hidden directories, files, subdomains, parameters, and more — the kind of things developers meant to hide but left hanging like a secret door
Amass: The Subdomain Enumeration Powerhouse for Pentesters In recon, subdomain enumeration is where you turn over digital rocks looking for hidden doorways. And when it comes to finding every last dusty corner of a target’s web presence, Amass is your go-to bloodhound. This post will cover: What Is Amass? Amass is an advanced open-source tool
Scanning Web Servers with Nikto: A Pentester’s Guide When it comes to web server reconnaissance, speed is good, stealth is better — but awareness is everything. That’s where Nikto comes in. It’s loud, it’s obvious, and it’s supposed to be. Nikto isn’t built for silent ops; it’s built for uncovering known vulnerabilities fast. In this
SQLMap for Pentesters: Automating SQL Injection Like a Pro SQL injection is one of the oldest — and still one of the most devastating — vulnerabilities in web applications. And when it comes to automating SQLi attacks, SQLMap is king. This post breaks down what SQLMap does, how it works, and how to wield it
GoBuster for Pentesters: Brute-Forcing the Web Like a Pro When you’re on an engagement and staring down a web server, one of the first things you should be thinking is: What’s hidden behind this HTTP service? That’s where GoBuster comes in — a fast, flexible tool designed to brute-force URIs, directories, files, and DNS subdomains.
WPScan: WordPress Enum and Exploitation WordPress powers a massive portion of the internet — and with that popularity comes a wide attack surface. Vulnerable plugins, outdated themes, exposed usernames, and misconfigured installations are all common weaknesses. This post covers how to use wpscan to enumerate a WordPress site and then walks through a real-world exploitation
