It's not often that one organization has two tools mentioned here in as many months, but CISA has pulled it off. We think that their CSET tool will be the basis for cyber-security insurance issuance as early as next year. Probably the most exciting thing is that CISA also offer training for you to learn the detail of the current tool offering.
It's not quite at commercial product levels of refinement, but it certainly is good, and worth your time to get to know. So what are you waiting for? Time to get going! https://www.cisa.gov/downloading-and-installing-cset Arsenal is just a quick inventory, reminder and launcher for pentest commands. This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands. As a note, do this on a Linux endpoint, a quick test on a windows machine indicated a number of missing libraries. find it here In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionality is independent of the shell used. Indeed arsenal emulates real user input (with TTY arguments and IOCTL) so arsenal works with all shells and your commands will be in the history.
You have to enter arguments if needed, but arsenal supports global variables. For example, during a pentest we can set the variable ip to prefill all commands using an ip with the right one. To do that you just have to enter the following command in arsenal: >set ip=10.10.10.10 Authors:
|
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |