Two kits favored by red teams and penetration testers have been updated recently, namely hashcat and SpiderFoot. Hashcat and SpiderFoot together read like a Robert Redford/Paul Newman movie title (yes, I'm that old). :-) Thanks to handler Rob Vandenbrink for the hashcat call out.

Hashcat v3.10: The world's fastest password cracker, and the world's first and only in-kernel rule engine

• Added some workarounds to deal with problems caused by broken OpenCL installation on the host system
• Improved rule-engine: Enabled support to use the missing @ rule on GPU
• Improved rule-engine: On Nvidia, the rule-engine got a small performance improvement

SpiderFoot 2.7.0: An open source intelligence automation tool to automate the process of gathering intelligence about a given target: IP address, domain name, hostname or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.

• Six (6) new modules:
  • BotScout.com search for malicious e-mail addresses
  • MalwarePatrol.net search
  • IBM X-Force Threat Exchange search
  • Amazon S3 bucket search
  • Phone number identification
  • Public vulnerability search (PunkSpider and XSSposed)
• Authentication and HTTPS support
• Scan by use case: e.g. use "Passive" for gathering info without touching the target
• SpamCop, bitcash.cz, VXVault, VOIPBL and more added as malicious data sources
• Pastie and Notepad.cc added as data paste sources
• Data can be flagged as false positive in the UI (with trickle-down effect)
• Bunch of bug fixes and minor enhancements
• User manual updated: http://www.spiderfoot.net/documentation/