PT-2026-46374

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

Vulnerability Assessment vs Penetration Testing: What Security Leaders Need to Know

Your organization runs quarterly vulnerability scans. You get a report with hundreds, sometimes thousands, of findings. Your team patches what they can and moves on. Six months later, you bring in a penetration testing firm, and they walk right through your defenses using a chain of...

prima-incident-response-security-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

devops-security-pipeline-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

Advanced Vulnerability Scanning for Open Source Software: Detection and Mitigation of Log4j Vulnerabilities

Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe vulnerability Log4Shell was disclosed before being fully...

kerma

This repository is an exploit toolkit for a critical vulnerability in Mikrotik RouterOS Winbox. The vulnerability is present in all versions from 6.29 to 6.42. The toolkit includes several scripts and tools to exploit the vulnerability and extract user credentials. The PoC.py script is the main...

Exploit for CVE-2017-0144

🔥 AKUMA'S ADVANCED LOW-HANGING FRUIT SCANNER v2.0 "Your i...

ebram_web_scanner

EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...

Exploit for CVE-2025-3102

Vanda CVE-2025-3102 💣 Exploit com interface gráfica para a vuln...

Exploit for CVE-2024-47176

CVE-2024-47176 Vulnerability Scanner for CUPS A simple tool t...

RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid...

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star...

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: 1. Access/Refresh token 2. Token replacement in XML,JSON body 3. Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become...

Efficient Infrastructure Testing

Before we start lets set the scene regarding vulnerability assessment. It is imperative that enterprises conduct their own continuous automated scanning, to have up-to-date assessments of threats that their networks may be susceptible to. Infrastructure penetration testing discussed in this blog...

[SECURITY] Fedora 36 Update: webanalyze-0.3.1-7.fc36

Port of Wappalyzer uncovers technologies used on websites in Go to automate scanning...

[SECURITY] Fedora 35 Update: webanalyze-0.3.1-6.fc35

Port of Wappalyzer uncovers technologies used on websites in Go to automate scanning...

Lazy-RDP - Script For AutomRDPatic Scanning And Brute-Force

Script For AutomRDPatic Scanning And Brute-Force. Demo Video: Lazy-RDP over SSH: Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. The script is tuned for Kali linux 2.0, Kali linux 2016...

Bug hunting for a quick buck using WebLogic vulnerability (CVE-2020–14882)

Introduction Popular within the commercial sphere, Oracle WebLogic Server is a scalable enterprise Java platform application server for Java-based web applications. When a vulnerability is discovered in WebLogic, hackers will try to exploit it ASAP. And it’s not only hackers - bug hunters also wa...

RIPS 3.3: Scaling Security Testing to Large Teams

Data Center Edition Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a...

Continuous Web Security Assessment for Production and DevOps Environments

Web applications have become essential for business, as they simplify and automate key functions and processes for employees, customers and partners, making organizations more agile, innovative and efficient. Unfortunately, many web applications are also unsafe due to latent vulnerabilities and...