Automating the boring (pentest) stuff with Terraform and Ansible. Part 2: Scanning
A simple way to automate the repetitive parts of your pentest using typical DevOps tools.
Network Pentesting
Automating the boring (pentest) stuff with Terraform and Ansible. Part 1: Recon
A simple way to automate the repetitive parts of your pentest using typical DevOps tools.
Certificate Transparency as a recon technique
I’ve been using certificate transparency with increasing frequency during my network pentests. What a great source of information! I’ve found it so useful that I wrote a short standalone script to search for domains in a transparency log and resolve them to IP addresses. What’s certificate transparency? There’s an actual site dedicated to describing Certificate Transparency (https://www.certificate-transparency.org/), which I recommend you check out. In a nutshell, CT is a mechanism that provides real-time monitoring and auditing of certificate information. If you’ve ever clicked on that little padlock next to the URL of a site you’ve visited in your browser, chances are that you’ve used CT. ...