Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

Mercury is a hacking tool used to collect information and use the information to further hurt the target. Installation Requires Python2 Linux apt-get install python2 git clone https://www.github.com/MetaChar/Mercury pip install -r requirements.txt Features BruteForce Mercury uses Selenium to...

trib.utahrealestate.com XSS vulnerability

Open Bug Bounty ID: OBB-564289 Description| Value ---|--- Affected Website:| trib.utahrealestate.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Debian DSA-4116-1 : plasma-workspace - security update

Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted. C Tenabl...

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts. The game...

New Android Trojan malware discovered in Google Play

A new piece of mobile malware has been discovered in Google Play masquerading as multiple apps: an alarm clock app, a QR scanner app, a compass app, a photo editor app, an Internet speed test app, and a file explorer app. According to Google Play data, all were last updated between October and...

Node.js VoIP penetration testing framework : Bluebox-ng

Bluebox-ng : Node.js VoIP penetration testing framework Features Auto VoIP/UC penetration test Report generation Performance RFC compliant SIP TLS and IPv6 support SIP over websockets and WSS support RFC 7118 SHODAN, exploitsearch.net and Google Dorks SIP common security tools scan,...

Augmented Reality games and real-world trolling

Augmented Reality games—where you wave a device around and the digital collides with reality— have been booming in popularity ever since Pokemon GO! rolled into mobile storefronts. However, many AR games haven't really been designed with the possible consequences of real-world safety in mind. Tak...

CyberScan - Tool To Analyse Packets, Decoding , Scanning Ports, And Geolocation

CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including latitude, longitude , region , country ... Operating Systems Supported Windows XP/7/8/8.1/10 GNU/Linux MacOSX Installation You can download CyberSc...

Twitter OSINT Tool Tinfoleak

tinfoleak is an open-source tool within the OSINT Open Source Intelligence and SOCMINT Social Media Intelligence disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic...

New Snowden Doc Exposes How NSA's Facility in Australia Aids Drone Strikes

The new documents leaked by former NSA contractor Edward Snowden has exposed a United States secretive facility located near a remote town in Australia's Northern Territory for covertly monitoring wireless communications and aiding US military missions. The leaked documents have come from the...

IPS as a Service Blocks WannaCry Spread Across the WAN

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1. Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers...

Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain

Over the last few months, we have been keeping an eye on the Magnitude exploit kit which is mainly used to deliver the Cerber ransomware to specific countries in Asia. Our telemetry shows that South Korea is most impacted via ongoing malvertising campaigns. When a visitor goes to a website that...

Security Flaws in 4G VoLTE

Research paper: "Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone," by Patrick Ventuzelo, Olivier Le Moal, and Thomas Coudray. Abstract: VoLTE Voice over LTE is a technology implemented by many operators over the world. Unlike previous 2G/3G technologies, VoLTE...

Tinfoleak v2.0 - Get detailed information about a Twitter user activity

Are you interested in OSINT tools? Tinfoleak is the best OSINT tool for Twitter, and is open-source! The new version includes a lot of new and improved features: Search by coordinates Geolocated users Tagged users User conversations Identification in other social networks More powerful and flexib...

Man In The Middle (MitM)

ipip-coffee is vulnerable to man-in-the-middle MitM attacks. It downloads geolocation resources over HTTP, which leaves it vulnerable to MitM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

ip-geolocation-map-kml NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and produces a KML file of points representing the targets. See also: ip-geolocation-geoplugin.nse ip-geolocation-ipinfodb.nse ip-geolocation-map-bing.nse ip-geolocation-map-google.nse...

ip-geolocation-map-google NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and renders a Google Map of markers representing the targets. Additional information for the Google Static Maps API can be found at: - See also: ip-geolocation-geoplugin.nse...

Downloads Resources over HTTP

Overview Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation...

Downloads Resources over HTTP

Overview Affected versions of ipip-coffee insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decision...

Targeted Geolocation Framework: HoneyBadger v2

HoneyBadger is a framework for targeted geolocation. While honeypots are traditionally used to passively detect malicious actors, HoneyBadger is an Active Defense tool to determine who the malicious actor is and where they are located. HoneyBadger leverages “agents” built in various technologies...