Online Malware & URL Analysis: MalSub

Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...

Simple Twitter Metadata Scraper

Simple Twitter Metadata Scraper The goal of this simple python script is to analyze a Twitter profile through its tweets by detecting: Average tweet activity, by hour and by day of the week Timezone and language set for the Twitter interface Sources used mobile application, web browser, …...

Malicious Host Intelligence: hostintel

Malicious Host Intelligence This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. Th...

datasploit - A tool to perform various OSINT techniques

A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data. Overview of the tool: Performs OSINT on a domain / email / username / phone and find out information from different sources. Correlates and...

New Relic: Sensitive information contained with New Relic APM iOS application

An issue was reported to us against the New Relic APM iOS app. Specifically, the issue was that the release version of the application contained some sensitive information, including internal email addresses and API keys. Versions newer then 3.20.3 released Aug 28, 2015 no longer contain this...

New Relic: CSRF - Regenerate all admin api keys

Hi The request to regenerate all admin api keys is a GET request without CSRF protection. As such, you can regenerate someone's keys using csrf. While not too big of an issue the admin can always see the keys and use them its certainly annoying and can cause business disruption. Additionally, a...

RhodeCode Information Disclosure Vulnerability

RhodeCode is a set of open source code base browsing and management tools , it is embedded push/pull server , support for LDAP/AD and permission system . A security vulnerability exists in RhodeCode 2.2.6 and earlier versions. A remote attacker can exploit this vulnerability to obtain sensitive...

CVE-2015-1613

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

Design/Logic Flaw

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

Design/Logic Flaw

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

PYSEC-2015-33

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

PYSEC-2015-32

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the getrepo API method...

PYSEC-2015-33

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...

Vimeo: CRITICAL full source code/config disclosure for Cameo

Hi! The server at https://ci.cameo.tv/ has directory listing on and seems to host quiet a few debian packages containing extremely sensitive information database paswords, API keys, you name it. One example is the config package containing 16 config files, even personal ones containing local...

Omeka 2.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting

Omeka 2.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting !-- Omeka 2.2 CSRF And Stored XSS Vulnerability Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the...

WordPress SolveMedia 1.1.0 CSRF Vulnerability

No description provided by source. Exploit Title: WordPress SolveMedia 1.1.0 CSRF Vulnerability Release Date: 24/01/13 Author: Junaid Hussain - illSecure Research Group - Contact: [email protected] | Website: http://illSecure.com Software Link:...

Passive Spider - Information Gathering from Search Engine Tool

Passive Spider uses search engines currently only Bing supported to find interesting information about a target domain. INSTALL git clone https://github.com/RandomStorm/passive-spider.git cd passive-spider gem install bundler && bundle install Place your search engine API keys in the apikeys.conf...

openSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)

Update to 26.0.1383 - Security fixes bnc798326 - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer...

Kadira: API keys being cached

Your API keys are cached on the client side.This will trigger client side attacks...

Bitly Developing Two Factor Authentication Following Compromise

The link-shortening service Bitly announced late last week that it’s ramping up its development of two-factor authentication following a compromise that leaked user information on Thursday. The breach, first discovered Thursday morning, spilled users’ email addresses, encrypted salted and hashed...