Here's a new set of training wheels for MetaSploit. It's a little bumpy, but it is pretty decent as an intro to using scripting tools for exploitative pentesting.
https://github.com/M4cs/BabySploit/blob/master/README.md
A really good analysis of some PHP malware. Beneficial reading for red and blue teams. As usual, please be careful playing with malware on your corporate network (or any other network).
https://blog.manchestergreyhats.co.uk/2018/11/07/php-malware-examination/
A new XSS detection tool with some nice hand-written parsers.
https://github.com/s0md3v/XSStrike
And that's the news!