David Sopas – Web Security Researcher

Tools

27/08/20 Hardware , Tools # , , , , , ,

I printed a 3D box for my bettercap arsenal and I liked it

I printed a 3D box for my bettercap arsenal and I liked it

Looking at the title you might think that it’s Katy Perry new hit… It isn’t… I’m sorry…

One of my favourite tools when doing security assessments is bettercap. Its like “one tool to rule them all”. With that in mind, I needed something to carry my bettercap arsenal when going to a client. Using my self-taunted 3D skills (btw n00b level) I decided to design my own box.

I needed something to pack the following:

The first version I encounter some issues. It was too big; alfa card was a bit tight; lid didn’t closed correctly and not very appealing.

So I started working on my second version which I would reduce a bit by putting the slot for the two antennas (Alfa card and the CrazyRadio) and modify the BLE dongle slot to also reduce some space. Added 4 pinouts to better close the lid.

I was getting close of what I needed neitherless I wanted more specially because I had an hard time taking the antennas and the BLE dongle. Also, the pinouts were not a good option to accomodate the lid. So I decided to add a few things:

  • Small cuts to improve the removal of the antennas and the BLE dongle
  • New slot to put whatever I needed – you never know…
  • New lid that just slides into the box

And what about the lid? Besides helping to open – creating some friction –  its leet 🙂

If you are interested in printing it, I uploaded it to Thingiverse and feel free to ping me on Twitter for suggestions or modifications.

Have fun!

no responses
23/08/19 Hardware , Tools , Travel # , , ,

My Red Team assessment hardware

My Red Team assessment hardware

Many friends and colleagues are asking me what I use for red team assessments so I decided to write a post with my arsenal – which will could not reflect others Red Team approach.

Also, the hardware is task specific. For example, if you’re going on a Wifi hunt you might not need a set of lockpicking tools – well you never know 🙂

Other people lists can be found here:

Feel free to Tweet @dsopas with new lists or even recommend stuff for me to buy 🙂

no responses
16/08/18 Bug Bounty , Tools # , , ,

h1-search tool

h1-search tool

Me and Paulo Silva wrote a simple golang tool to check full disclosures on HackerOne. Why?

  • You can filter the results
  • You can see ALL the results (H1 has page limitations – 25 results)
  • Its coded in Go 😀

So if you guys want to give it a try, feel free to install it and participate – https://github.com/dsopas/h1-search

no responses
20/04/18 Tools # , , , ,

RFD Checker and Security Assessment Mindset

I recently published two repos on my Github account. One is RFD Checker, which I did with my colleague Paulo Silva, where it scans for Reflected File Download vulnerabilities and the other one is a security mindmap (you can also have other formats). This last one had pretty good success just because it a mindset for helping infosec peers and bug bounty hunters on their assessments.

Feel free to share it and participate on any of the projects. They are open-source and with the help of the infosec community they can become a better tool to your arsenal.

 

no responses