DoD Secure Host Baseline » CyberPunk

DoD Secure Host Baseline CyberPunk NSA Information Assurance configuration guidance and files in support of the DoD Secure Host Baseline The Secure Host Baseline (SHB) provides an automated and flexible approach for…

Security and Privacy Assurance Research: SPARTA Framework » CyberPunk

Security and Privacy Assurance Research: SPARTA Framework CyberPunk Security and Privacy Assurance Research Developed as a part of MIT Lincoln Laboratory’s test and evaluation role in the SPAR (Security and Privacy Assurance Research) program, SPARTA (SPAR…

Adding a Riving Knife for Table Saw Safety

What in the world is a riving knife? Just the one thing that might save you from a very bad day in the shop. But if your table saw doesn’t come with one, fret not — with a little wherewithal you can add a riving knife to almost any table saw.

For those who have never experienced kickback on a table saw, we can assure you that at a minimum it will set your heart pounding. At the worst, it will suck your hand into the spinning blade and send your fingers flying, or perhaps embed a piece of wood in your chest or forehead. Riving knives mitigate such catastrophes by preventing the stock from touching the blade as it rotates up out of the table. Contractor table saws like [Craft Andu]’s little Makita are often stripped of such niceties, so he set about adding one. The essential features of a proper riving knife are being the same width as the blade, wrapping closely around it, raising and lowering with the blade, and not extending past the top of the blade. [Craft Andu] hit all those points with his DIY knife, and the result is extra safety with no inconvenience.

It only takes a few milliseconds to suffer a life-altering injury, so be safe out there. Even if you’re building your own table saw, you owe it to yourself.

Filed under: tool hacks

[Python] Locust: open source load testing tool – Penetration Testing

Locust is a open source performance testing tool.

Define user behaviour with python code, and swarm your system with millions of simultaneous users.

Use Python code to define user behavior. Use it to simulate millions of concurrent users accessing your system.

If you often pay attention to my blog, probably will note that I have three or four years did not write about the performance test article, in fact, this year did not update a few decent blog, but I was the busiest year, because Write a book about interface automation.

Back to the theme, why suddenly focus on performance testing tools? In fact, I am simply interested in the Locust tool itself. 1, it is the current mainstream LoadRunner and Jmeter are not the same. 2, it is based entirely on Python development, with Python to write user behavior.

Well, if you want to use it, you have to have some knowledge of Web development. But also familiar with Python development.

Official website:

Locust installation

1, Install Python:


Install Python2 or Python3

2, Install Locuse

through the pip command to install /> pip install locustio

through the GitHub cloning project installation (Python3 recommended ):

3, Install pyzmq

If you intend to run Locust distributed across multiple processes/machines, we recommend you also also install pyzmq.

If you intend to run Locust distributed over multiple processes/machines, we recommend that you also install pyzmq.

Installed with the pip command. /> pip install pyzmq

4, the installation is successful, CMD typing command validation. /> locust -help

Write a simple performance test script

Create a file to write performance test scripts in Python.

from locust import HttpLocust, TaskSet, task

class UserBehavior(TaskSet):

def google(self):

class WebsiteUser(HttpLocust):
task_set = UserBehavior
min_wait = 3000
max_wait = 6000

Create the UserBehavior() class to inherit the TaskSet class for user behavior.

Create a google() method to represent a behavior, visit the google home page. Use @task() to decorate the method for a task. 1 indicates that a Locust instance is selected to execute the weight, the greater the value, the higher the execution frequency. There is only one google() task under the current UserBehavior() behavior, so the weight here is set to a few and has no effect.

The WebsiteUser() class is used to set performance tests.

task_set: points to a defined user behavior class.

min_wait: the lower bound of the wait time between the user’s tasks, in milliseconds.

max_wait: The upper bound of the wait time between the user’s tasks, in milliseconds.

Operational performance test

Switch to the directory where the performance test script is located, start the performance test:

…/> locust -f –host=

[2016-11-19 22:38:16,967] fnngj-PC/INFO/locust.main: Starting web monitor at *:8089

[2016-11-19 22:38:16,967] fnngj-PC/INFO/locust.main: Starting Locust 0.7.5 for the test script, for the tested site.

Open the browser to visit:

Number of users to simulate Sets the number of simulated users

Hatch rate (users spawned/second)? Do not know how to translate, generate (start) the number of users per second.

Click Start swarming to start the performance test.

If you have aroused your interest, the rest of your own play it! Difficulty in the preparation of performance test scripts.

The post [Python] Locust: open source load testing tool appeared first on Penetration Testing.

reGeorg: create a socks proxy for intranet penetration – Penetration Testing

ReGeorg is an upgraded version of reDuh. . It uses webshell to create a socks proxy for intranet penetration.


git clone


$ [-h] [-l] [-p] [-r] -u [-v]

Socks server for reGeorg HTTP(s) tunneller

optional arguments:
-h, –help show this help message and exit
-l , –listen-on The default listening address
-p , –listen-port The default listening port
-r , –read-buff Local read buffer, max data to be sent per POST
-u , –url The url containing the tunnel script
-v , –verbose Verbose output[INFO|DEBUG]

Step 1. Upload tunnel.(aspx|ashx|jsp|php) to a webserver (How you do that is up to you)

Step 2. Configure you tools to use a socks proxy, use the ip address and port you specified when you started the

** Note, if you tools, such as NMap doesn’t support socks proxies, use proxychains (see wiki)

Step 3. Hack the planet


After we upload webshell to the server, run the following command to create a socks proxy locally.

$ python -p 8080 -u

The post reGeorg: create a socks proxy for intranet penetration appeared first on Penetration Testing.