1326 matches found
Aragog - Facebook Invalid Email Checker
Aragog is a python 2.7 script which looks for Facebook Accounts that have invalid emails on their account. This script was only created for Gmail & Hotmail to be checked, but in the future this could be further upgraded in new features. The attack scenario through this script is if the email of t...
Cl0neMast3r - Git All Your Favorite Tools In One Click
Cl0neMast3r is a Python script that was coded to make your life easier. Now you can easily choose your favorite tools from GitHub and install them on your system with one click. Even better you can ensure that you have latest version of your favorite tools. All this and more you can do with Clone...
Concrete5 < 8.3.0 - Username / Comments Enumeration Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulat...
Threat Analysis: ROKRAT Malware
ROKRAT also referred to as DOGcall is a family of malware that has been used by attackers originating from North Korea. The family continues to evolve and adopt techniques from other families also used by the same attack group. The ROKRAT core payload is typically deployed by a loader, which has...
Concrete5 8.3.0 - Username Comments Enumeration
Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...
Concrete5 Username / Comments Enumeration
!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...
Concrete5 CMS 8.3.0 - Username Comments Enumeration
Concrete5 CMS 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate...
HPE iLO4 Add New Administrator User
!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...
ReelPhish: A Real-Time Two-Factor Phishing Tool
Social Engineering and Two-Factor Authentication Social engineering campaigns are a constant threat to businesses because they target the weakest chain in security: people. A typical attack would capture a victim’s username and password and store it for an attacker to reuse later. Two-Factor...
HiSilicon DVR Devices - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost',...
WordPress Core load-scripts.php Denial Of Service
import requests import sys import threading import random import re import argparse host='' headersuseragents= requestcounter=0 printedMsgs = def printMsgmsg: if msg not in printedMsgs: print "\n"+msg + " after %i requests" % requestcounter printedMsgs.appendmsg def useragentlist: global...
DarkComet (C2 Server) - File Upload Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python3 EDB Note: Source https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01/259944bd94a0d289ef80b9138c1e3f97a97aa9cd from time import sleep from socket import socket, AFINET, SOCKSTREAM, error from r...
DarkComet (C2 Server) - File Upload
!/usr/bin/env python3 EDB Note: Source https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01/259944bd94a0d289ef80b9138c1e3f97a97aa9cd from time import sleep from socket import socket, AFINET, SOCKSTREAM, error from re import search from Crypto.Cipher import ARC4 from binasci...
DNSExfiltrator - Data exfiltration over DNS request covert channel
DNSExfiltrator allows for transfering exfiltrate a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: 1. The server side , coming as a single python script dnsexfiltrator.py, which act...
Uber: ubernycmarketplace.com is vulnerable to the Heartbleed Bug
The Heartbleed Bug was a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. This allows attackers to eavesdrop on communications, stea...
Exploit for Out-of-bounds Write in Microsoft
CVE-2018-0802POC usage: cv...
Gespage 7.4.8 SQL Injection
CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
CVE-2017-10271 Weblogic wls-wsat Component Deserialization Vu...
Reposcanner - Python Script To Scan Git Repos For Interesting Strings
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required python-git on Debian. Usage ./reposcanner -r Options: optional arguments: -h, --help sho...
Gespage 7.4.8 - SQL Injection
CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...