Home

Come here to discover where things are!

NOTE: Things are moving around a lot.

Design

Design: Choosing when data should be reactive/non-reactive

Automation

Python Scripts
.NET Core
Metasploit REST Endpoints: https://metasploit.help.rapid7.com/docs/rest-api-endpoints
Setup tech stack containers

Research & Development

New Architecture for next version

(Researching) New Architecture

OSINT (General)

Topics and articles covering the use of OSINT in a pen-test, the various types of OSINT, information gathering, etc. Trying to answer the questions:

Is OSINT a worthy goal of CPAT?
How is OSINT used in a penetration test?
Could OSINT have any applications outside of a penetration test (ex: AppSec, DevSecOps)

Generic and thorough explanation of OSINT and information gathering. Very useful for defining object models for the application, and expanding on the pre-existing models.

http://www.pentest-standard.org/index.php/Intelligence_Gathering#General

OSINT Tools

spiderfoot: https://securitytrails.com/blog/spiderfoot-osint-automation-tool

Reconnaissance

PDF Scraping: https://github.com/pdfminer/pdfminer.six

Capturing Wireless Packets with "iw": https://sandilands.info/sgordon/capturing-wifi-in-monitor-mode-with-iw

Capturing 2G/3G/4G data

The CPAT project may not be able to take a deep-dive into gathering this type of data due to financial and/or legal limitations. However, a cursory entry point, could be demonstrated with means like those in this article.

https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/

Useful Development Tools and Resources

JS-Sequence Diagrams

https://bramp.github.io/js-sequence-diagrams/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly