Two kits favored by red teams and penetration testers have been updated recently, namely hashcat and SpiderFoot. Hashcat and SpiderFoot together read like a Robert Redford/Paul Newman movie title (yes, Im that old). :-) Thanks to handler Rob Vandenbrink for the hashcat call out.
Hashcat v3.10: The worlds fastest password cracker, and the worlds first and only in-kernel rule engine
- Added some workarounds to deal with problems caused by broken OpenCL installation on the host system
- Improved rule-engine: Enabled support to use the missing @ rule on GPU
- Improved rule-engine: On Nvidia, the rule-engine got a small performance improvement
SpiderFoot 2.7.0: An open source intelligence automation tool to automate the process of gathering intelligence about a given target: IP address, domain name, hostname or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.
- Six (6) new modules:
- BotScout.com search for malicious e-mail addresses
- MalwarePatrol.net search
- IBM X-Force Threat Exchange search
- Amazon S3 bucket search
- Phone number identification
- Public vulnerability search (PunkSpider and XSSposed)
- Authentication and HTTPS support
- Scan by use case: e.g. use Passive">|">@holisticinfosec (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.