Linkedin Information Gathering Tool: raven

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...

Simple Twitter Metadata Scraper

Simple Twitter Metadata Scraper The goal of this simple python script is to analyze a Twitter profile through its tweets by detecting: Average tweet activity, by hour and by day of the week Timezone and language set for the Twitter interface Sources used mobile application, web browser, …...

Linux Embedded Firmware Dynamic Analysis: FIRMADYNE

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components: modified kernels MIPS: v2.6.32 , ARM: v4.1 , v3.10 for instrumentation of firmware execution; a userspace NVRAM library to emulate a...

WordPress 4.4 User Enumeration Vulnerability

WordPress versions 4.4 and below leak whether or not a username exists in their login flow. Affects: WordPress =v4.4 Vulnerability: Information Disclosure CVE-ID: Pending Impact: Username exists disclosure on /wp-login.php ----- By default, WordPress =4.4 discloses whether a username is registere...

1.2 Million Credit Cards Lost in Staples Data Breach

Retailer Staples has confirmed that point-of-sale malware had been used at 115 of its retail locations in the United States and criminals were able to access 1.16 million payment card numbers during a six-month-long intrusion. Staples said it removed the malware in September from the affected...

UPS Admits 51 Stores Hit With Malware For Five Months

The list of corporations that have been victimized by credit card stealing malware in 2014 grew a little longer this week as UPS announced that 51 of its stores suffered a “broad-based malware intrusion” earlier this spring. The company disclosed the breach – which affected franchised locations o...

RAM Scrapers and the Target Data Breach

The retail and hospitality industries have a painful history with wonky point-of-sale systems and malware known as RAM scrapers. These attacks, which date back as many as six years, are designed to be injected into running processes and steal payment card data before it’s encrypted by a...

HTTP Page Scraper

Scrape defined data from a specific web page based on a regular expression This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Page Scraper', 'Description' = 'Scrape defined data from a specif...

Asterisk IAX2 - Attacked IAX Fuzzer Resource Exhaustion (Denial of Service)

!/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploits found with this code can be found at http://www.securityscraper.com/ Released under the VoIPER project Do not hesitate to show enthusiasm and support and help develop this further. use strict; use IO::Socket; use...