Recent Posts

Mobile Hacking Tricks for Penetration Testing


During Penetration tests we often need to conduct social engineering attacks on the Mobile phones of user . Social engineering is where any attack in a penetration test begins . This post is about how mobile tricks can be used for conducting the penetration tests .  Call Forging To call someone from their own number or any number. 1. Go to _9e52c24a_ and register there for an account. 2. During registration, remember to insert Victim mobile number in “Phone number “field . 3. Complete registration and confirm your email id and then login to your account. click on “Direct WebCall”. 4. You will arrive at page shown below. In “Enter a number” box, select your country and also any mobile number(you can enter yours). Now, …

Read More »

GoPhish : Open Source Phishing Toolkit


GoPhish : Open Source Phishing Toolkit Everyone needs to conduct phishing attacks to see the organisation’s defence against Phishing during a penetration test . Here is an Opensource Solution : GoPhish , an Open source Phishing Toolkit .  Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute hishing engagements and securityawareness training. What is Gophish? Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is currently open-source software that is completely free for anyone to use. Accessible – Gophish is written …

Read More »

Nipper : Android App for Penetration Testers


Nipper : Android App for Penetration Testers Android Devices are the choice of hackers today for conducting penetration tests on the Fly … This post is about a tool called Nipper that enables you to use your Android Device for Penetration testing . Nipper allows you to conduct Penetration tests on the Web applications that are running on some kind of CMS . Nipper is an android app for checking the security of CMS (Content Management System) websites. It is a simple scanner that has more than 15 different modules to gather information about a specific URL. Today, I’m going to show you how to use Nipper Toolkit. But first, take a look at the requirements. Requirements:  Internet access. Android 3.0 or higher. And Internet Access …

Read More »

How to use Msfvenom in Penetration Testing : MSFVENOM Tutorial


How to use Msfvenom in Penetration Testing Remember msfpayload and msfencode used for Metasploit payload generation and encoding of the payload ? Well Offensive security has removed msfpayload and msfencode from Metasploit Framework . What do you use to create the payloads then ? The Answer is MSFVENOM !! Msfvenom is the combination of payload generation and encoding. It will replace msfpayload and msfencode on June 8th 2015. To start using msfvenom, first please take a look at the options it supports: msfvenom --help Options: -p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads - l, --list [module_type] List a module type. Options are: payloads, encoders, nops, all -n, --nopsled <length> Prepend a nopsled of [length] size on to …

Read More »