Install w3af on Debian (Jessie)

W3AF is a free is a Web Application Attack and Audit Framework. This tutorial shows how to install w3af on Debian 8.6 (not by Debian package w3af-console).


Install and run w3af

Note: read the user guide on

Install v3n0m on Debian (Jessie)

V3n0m is a free penetration scanner. This tutorial shows how to install v3n0m on Debian 8.6.


Install and run v3n0m


Have fun but be careful!

Install YAWAST on Debian (Jessie)

This time i show YAWAST (Antecedent Web Application Security Toolkit) on Debian 8.6. YAWAST performs basic checks for penetration testers and security auditors.

System preparation

Install YAWAST


There is more! Read the documentation on GitHub adamcaudill/yawast.

Explain Shell direct from terminal rocks! Nevertheless, you lose time to leave the terminal (open browser, copy-paste). But there is a cool solution from ManKier. All what you need is curl.


Simpler usage

With a tiny script it will be more comfortable! Add the following to your .bashrc or .bash_profile (MAC OS X).

Now you can do …

… if you insert only “explain” an interactive mode will started!

Command-line fake data generator

In my search for a command-line fake data generator I’ve found phony. What can I say, the tool does exactly what it should! After installation, you no longer need to leave the terminal.



There is more! Look at the examples!

Record and share terminal sessions

Sometimes it is so boring to tell other software testers what to do … and nobody read documentations. Here now a easy solution! Just record and share your terminal sessions.


Note: read the documentation of asciinema for other OS!


Tip: Sensitive data should be shared directly (via JSON file)!

Visualization of package dependencies

Documentation takes time – sometimes a lot of time. Here a few examples how to create dependencies pictures with Graphviz via command line. These commands can then be easily transferred to a build-process to save your time.

Mac OS X

CentOS 7

Debian 8

Example graph for mtr on Mac OS X

mtr dependencies

Multiple hosts provisioning with Vagrant, Ansible and virtualenv

In this tutorial we use Ansible (installed in virtualenv) and Vagrant. Furthermore, we have different machines (Debian, CentOS). For all hosts we want to have Provisioning on startup and via command.


Folder structure




Check out the by Vagrant generated inventory file!