CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2017/10/05 9:0 p.m.•23 views

CVE-2017-15041

9.7AI score0.02363EPSS

Exploits0References10

pentestit•added 2017/09/12 4:52 a.m.•48 views

UPDATE: Gloom-Framework v1.7.5

PenTestIT RSS Feed Update time guys! Please refer my initial blog post about this open source penetration testing framework for Kali Linux. I just saw that it has been updated and we now have Gloom-Framework v1.7.5 with new features and a lot of bug fixes. Actually, it was updated quiet a number ...

pentestit•added 2017/09/01 6:19 a.m.•114 views

Gloom-Framework: Security Framework For Kali Linux

PenTestIT RSS Feed This short post is about a new penetration testing toolkit/framework in the market, which was specifically built for Kali Linux. The name is Gloom-Framework. It is coded in Python and is also open source with a few dependencies. What is Gloom-Framework? Gloom-Framework is an op...

pentestit•added 2017/08/29 8:26 p.m.•158 views

Pharos: A Static Binary Analysis Framework

PenTestIT RSS Feed All of us know what static binary analysis means. It means that the analysis of the binary is performed without actually executing it. Almost two years ago, an open source framework - Pharos, was created by the Carnegie Mellon SEI, CERT Division in collaboration with the Lawren...

pentestit•added 2017/08/23 8:57 p.m.•117 views

UPDATE: OSRFramework 0.17.2

PenTestIT RSS Feed My last post about this open sources research framework was approximately three weeks ago. Recently, two new versions were released in quick succession - 0.17.1 & OSRFramework 0.17.2. This post covers the changes and advancements made to both these versions. What is OSRFramewor...

7AI score

pentestit•added 2017/08/03 3:49 a.m.•77 views

UPDATE: OSRFramework 0.17.0 BlackHat Arsenal Version!

PenTestIT RSS Feed Sometime early last month, I made a post about OSRFramework which was version 0.16.8. A new version of this open sources research framework was released at the recently concluded BlackHat 2017 conference. To be precise, it was released on Wednesday, July 26 in the OSINT Arsenal...

7.1AI score

Kitploit•added 2017/07/17 11:12 p.m.•17 views

nWatch - Tool for Host Discovery, PortScanning and Operating System Fingerprinting

nWatch is a handy tool for host discovery, portscanning and operating system fingerprinting. Demo video Requirements nmap scapy colorama ctypes Installation and execution Install the requirements Then you can download nWatch by cloning the Git repository: git clone...

7.3AI score

Kitploit•added 2017/07/13 11:30 p.m.•16 views

smap - Shellcode Mapper

Handy tool for shellcode analysis. Demo video Requirements objdump Installation and execution Then you can download smap by cloning the Git repository: git clone https://github.com/suraj-root/smap.git cd smap/ python smap.py -h get shellcodes @ http://shell-storm.org/shellcode/,...

7.4AI score

Exploits0References2

Hacker One•added 2017/07/12 12:46 p.m.•30 views

Grab: Git repository found

Git metadata directory .git was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source...

6.8AI score

CNVD•added 2017/05/08 12:0 a.m.•2 views

GitLab Cross-Site Scripting Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

6.1CVSS5.9AI score0.00074EPSS

Exploits1References1

Kitploit•added 2017/05/03 2:28 p.m.•16 views

Web Exploit Detector - Tool To Detect Possible Infections, Malicious Code And Suspicious Files In Web Hosting Environments

The Web Exploit Detector is a Node.js application and NPM module used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of...

6.5AI score

Hacker One•added 2017/04/15 9:22 p.m.•22 views

Nextcloud: GIT Detected

Hello team, While i was testing nextcloud.com, I've detected GIT repository files. GIT repository files can disclose GIT repository usernames and file lists. While disclosures of this type do not provide direct attack vectors, they can be useful for an attacker when combined with other...

0.9AI score

n0where•added 2017/02/13 8:0 p.m.•24 views

WAF Security Benchmark: WAFPASS

WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...

7AI score

myhack58•added 2016/11/05 12:0 a.m.•14 views

GitLab unauthorized access vulnerability can lead to remote command execution-vulnerability warning-the black bar safety net

GitLab is a use of Ruby on Rails development, Open Source Application, to achieve a self-hosted Git project repository, through a Web interface to access the public or private projects. 2 0 1 6 years 1 1 months to 3 December, the United States the congregation measured platform HackerOne announce...

1.6AI score

Hacker One•added 2016/10/04 10:5 a.m.•24 views

Boozt Fashion AB: Git available containing passwords.

Hi, I've found .git repository available on http://████/.git/ Using https://github.com/kost/dvcs-ripper you can download source files, even if directory listing is forbidden. I've managed to download some object files from repository. One of them...

OSV•added 2016/05/12 8:0 p.m.•6 views

MGASA-2016-0172 Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...

8.8CVSS9.2AI score0.0118EPSS

Exploits0References4

OSV•added 2016/05/09 8:59 p.m.•1 views

DEBIAN-CVE-2016-3105

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name...

8.8CVSS7.5AI score0.0118EPSS