Lucene search
K

812 matches found

Check Point Advisories
Check Point Advisories
added 2016/08/18 12:0 a.m.2 views

Netsparker Web Scanner

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Netsparker to detect vulnerabilities on a target server...

2.9AI score
Exploits0
n0where
n0where
added 2016/08/16 4:34 p.m.26 views

A Modular Recon Tool: RECON

Low Hanging Fruit: a Modular Recon Tool for Penetration Testing Reconnaissance is the absolute most important step in a penetration test. A good recon of the target could net you some vital information and low hanging fruit. Thus RECON was created. A set and forget type of recon scanner. No need ...

0.2AI score
Exploits0References1
Kitploit
Kitploit
added 2016/07/05 11:44 p.m.26 views

Fierce - A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase. The original description was very apt, so I'll include it here: Fierce is a semi-lightweight scann...

7.2AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2016/06/26 12:0 a.m.0 views

Hmap Web-Server Fingerprint Tool

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Hmap web application fingerprint tool to detect vulnerabilities on a target server...

1.7AI score
Exploits0
Cisco
Cisco
added 2016/05/23 9:20 p.m.28 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability

A vulnerability in the application programming interface API web interface of the Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, remote attacker to perform privilege escalation on the affected device. The attacker can escalate privileges to...

6.5CVSS9AI score0.0162EPSS
Exploits0References1
n0where
n0where
added 2016/05/11 11:43 p.m.16 views

DNS reconnaissance tool: Fierce

Fierce is a DNS reconnaissance tool for locating non-contiguous IP space Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require...

Exploits0References1
n0where
n0where
added 2016/04/07 6:51 p.m.32 views

Windows File Shares Reconnaissance: SMBCrunch

One of the most time consuming tasks during a security auditing process is diving into file-systems and shares, attempting to identify any potentially sensitive information. SMBCrunch helps penetration testers to quickly identify Windows File Shares on a network, perform a recursive directory...

0.6AI score
Exploits0References1
FireEye
FireEye
added 2016/03/23 8:0 a.m.165 views

99 Problems but Two-Factor Ain’t One

Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...

4.3CVSS0.1AI score0.01995EPSS
Exploits0
n0where
n0where
added 2016/02/26 5:17 p.m.26 views

Cross Platform DNS Recon Tool: Sonar

Sonar is a reconnaissance tool for enumerating sub domains. It was modeled after Knock and DNSRecon though explicitly not written in Python to avoid the limitations of threading and dependencies. Sonar is statically compiled meaning it has no dependencies and even dynamically builds the default...

7.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2016/02/24 2:11 p.m.41 views

Five-Year 'Dust Storm' APT Campaign Seen Targeting Japanese Critical Infrastructure

A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm .PDF by researchers at Cylance, the campaign has managed to stay persistent over the years, and...

9.3CVSS8.8AI score0.9941EPSS
Exploits26References5
Kitploit
Kitploit
added 2016/01/15 9:30 p.m.432 views

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt wa...

9.8AI score
Exploits0References1
n0where
n0where
added 2016/01/15 5:19 p.m.121 views

Kali Linux: Kill Chain

Kill Chain for Kali Linux 2.0 is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependencies: Tor — For the console build in anonymizer. Set — Social-Engineer Toolkit SET,...

1AI score
Exploits0References1
Kitploit
Kitploit
added 2016/01/13 10:21 p.m.97 views

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependant tool sets are: 1 Tor -- For the console build in anonymizer. 2 Set -- Social-Engineer Toolkit SET,...

9.9AI score
Exploits0References1
Cisco
Cisco
added 2015/12/09 10:30 a.m.27 views

Cisco FirePOWER Management Center Software Version Information Disclosure Vulnerability

A vulnerability in Cisco FirePOWER Management Center could allow an unauthenticated, remote attacker to obtain information about the version of Cisco FirePOWER Management Center software that is running on an affected system. An attacker could use this information to conduct reconnaissance attack...

5CVSS6.1AI score0.01196EPSS
Exploits0References1
FireEye
FireEye
added 2015/11/24 12:1 a.m.15 views

ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns

Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale POS systems at US-based retailers. We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help...

Exploits0
FireEye
FireEye
added 2015/11/16 1:0 p.m.26 views

Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims

Over the past year, FireEye Threat Intelligence has identified suspected nation-state sponsored cyber-actors engaged in a large-scale reconnaissance effort. This effort makes use of web analytics—the technologies to collect, analyze, and report data The individuals behind this activity have amass...

0.3AI score
Exploits0
n0where
n0where
added 2015/11/12 2:18 a.m.17 views

Email Reconnaissance Tool: SimplyEmail

This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Current Platforms Supported: Kali Linux 2.0 A few...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2015/11/10 10:2 p.m.26 views

Bluto - DNS Recon, DNS Zone Transfer, and Email Enumeration

BLUTO DNS recon | Brute forcer | DNS Zone Transfer | Email Enumeration The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto wil...

7.5AI score
Exploits0References1
Cisco
Cisco
added 2015/11/02 10:0 a.m.37 views

Cisco Unified Computing System Blade Server Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Unified Computing System UCS Blade Server could allow an unauthenticated, remote attacker to obtain information about the UCS software version. The vulnerability is due to the verbose output that is returned when a specific URL is submitted to an...

5CVSS6.2AI score0.01693EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/10/05 12:0 a.m.129 views

APPLE-SA-2015-09-21-1 watchOS 2

APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...

10CVSS0.6AI score0.2447EPSS
Exploits6
Rows per page
Query Builder