1367 matches found
Exploit for SQL Injection in Zabbix
It is an offensive tool for Vulnerability Exploitation and Research. The repository contains a collection of vulnerability exploitation tools and research materials, including exploits for various vulnerabilities, proof-of-concept PoC code, and research notes. The tools are organized by...
Misp-Extractor - Tool That Connects To A MISP Instance And Retrieves Attributes Of Specific Types (Such As IP Addresses, URLs, And Hashes)
This code connects to a given MISP Malware Information Sharing Platform server and parses a given number of events, writing the IP addresses, URLs, and MD5 hashes found in the events to three separate files. Usage To use this script, you will need to provide the URL of your MISP instance and a...
Darkdump2 - Search The Deep Web Straight From Your Terminal
About Darkdump Recent Notice - 12/27/22 Darkdump is a simple script written in Python3.11 in which it allows users to enter a search term query in the command line and darkdump will pull all the deep web sites relating to that query. Darkdump2.0 is here, enjoy! Installation 1. git clone...
EAST - Extensible Azure Security Tool - Documentation
Extensible Azure Security Tool Later referred as E.A.S.T is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information JSON content can then be used in various reporting tools,...
Unblob - Extract Files From Any Kind Of Container Formats
unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats , extracts their content recursively , and carves out unknown chunks that have not been accounted for. Unblob is free to use ,...
autoSSRF - Smart Context-Based SSRF Vulnerabiltiy Scanner
autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features : Smart fuzzing on relevant SSRF GET parameters When fuzzing, autoSSRF only focuses on the common parameters related to SSR...
Prefetch-Hash-Cracker - A Small Util To Brute-Force Prefetch Hashes
Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The followi...
Exploit for Uncontrolled Resource Consumption in Quic-Go_Project Quic-Go
QUIC-attacks CVE-2022-30591 The current repository serves t...
Puwr - SSH Pivoting Script For Expanding Attack Surfaces On Local Networks
Easily expand your attack surface on a local network by discovering more hosts, via SSH. Using a machine running a SSH service, Puwr uses a given subnet range to scope out IP's, sending back any successful ping requests it has. This can be used to expand out an attack surface on a local network, ...
Zi - A Swiss Army Knife for Zsh - Unix Shell
A Swiss Army Knife for Zsh - Unix Shell. Roadmap See the open issues for a list of proposed features and known issues. Top Feature Requests Add your votes using the reaction Top issues Add your votes using the reaction Newest issues Contributing First off, thanks for taking the time to...
GoSH - Golang Reverse/Bind Shell Generator
Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism unique functions' names and can use UDP protocol instead of the...
Skanuvaty - Dangerously Fast DNS/network/port Scanner
Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains from root domain Finds IPs for subdomains Checks what ports are open on those IPs Notice: not yet implemented Outputs a handy .json file with all the data for...
S3Sec - Check AWS S3 Instances For Read/Write/Delete Access
Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs. Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot...
Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode (133 bytes)
; Shellcode Title: Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode 133 bytes ; Description: ; This shellcode is a new method to find kernel32 base address by parsing .text section of memory to find a pointer to kernel32 API. ; Shellcode Author: Tarek Ahmed ; Tested on:...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
SnapAttack Log4j / CVE-2021-44228 / log4shell Resources Wh...
Redherd Framework -A Collaborative And Serverless Framework For Orchestrating A Geographically Distributed Group Of Assets
RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets capable of conducting simulating complex offensive cyberspace operations. --- Getting Started Take a look at the RedHerd documentation for instructions on how to getting started with...
Exploit for SQL Injection in Zabbix
This is an offensive tool repository for Vulhub, a web application vulnerability training platform. The repository contains various tools and exploits for testing and demonstrating vulnerabilities in different web applications and frameworks. The primary classification of this repository is: "It ...
My Movie Collection Sinatra App Movie Cross Site Scripting
Document Title: =============== My Movie Collection Sinatra App - Movie XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2294 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ====================================...
My Movie Collection Sinatra App Login Cross Site Scripting
Document Title: =============== My Movie Collection Sinatra App - Login XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2293 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ==================================...
vulhub
This is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is a community-driven project that aims to provide a safe and controlled environment for users to practice and improve their skills in web application security. The repository...