TCP port scanner Brutescan

Brutescan is a fast and noisy TCP port scanner written in go.


Configure go (for user)

Install brutescan


HTTP benchmarking with Bombardier

Bombardier is a nice HTTP(S) benchmarking tool, written in Go language, for software performance testers.


Configure go (for user)

Install bombardier



HTTP inspection with Wuzz

Wuzz is a very easy command line tool for HTTP(S) inspection with very much potential. In this tutorial I will show the installation on Debian 8.7 (jessie).


Configure go (for user)

Install wuzz

If everything is going well, the terminal should look like this and you can start.

example wuzz cli

Install w3af on Debian (Jessie)

W3AF is a free is a Web Application Attack and Audit Framework. This tutorial shows how to install w3af on Debian 8.6 (not by Debian package w3af-console).


Install and run w3af

Note: read the user guide on

Install v3n0m on Debian (Jessie)

V3n0m is a free penetration scanner. This tutorial shows how to install v3n0m on Debian 8.6.


Install and run v3n0m


Have fun but be careful!

Install YAWAST on Debian (Jessie)

This time i show YAWAST (Antecedent Web Application Security Toolkit) on Debian 8.6. YAWAST performs basic checks for penetration testers and security auditors.

System preparation

Install YAWAST


There is more! Read the documentation on GitHub adamcaudill/yawast.

Explain Shell direct from terminal rocks! Nevertheless, you lose time to leave the terminal (open browser, copy-paste). But there is a cool solution from ManKier. All what you need is curl.


Simpler usage

With a tiny script it will be more comfortable! Add the following to your .bashrc or .bash_profile (MAC OS X).

Now you can do …

… if you insert only “explain” an interactive mode will started!

Command-line fake data generator

In my search for a command-line fake data generator I’ve found phony. What can I say, the tool does exactly what it should! After installation, you no longer need to leave the terminal.



There is more! Look at the examples!