PenQ - The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and many more. PenQ is not just ...

Ruggedization Framework For Security Testing: Gauntlt

Gauntlt is a ruggedization framework that is enables security testing that is usable by devs, ops and security. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testin...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

Fast and Full Featured SSL Scanner: SSLyze

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...

NASA Cross Site Scripting

Exploit Title : NASA Subdomain XSS Vulnerability Exploit Author : 4TT4CK3R Date : 2015/12/27 Tested on : Kali linux , Windows 8.1 Vendor HomePage : https://ghrc.nsstc.nasa.gov/ Google Dork : No Category : Web Application : Vulnerable Location :https://ghrc.nsstc.nasa.gov/hydro/search.pl : Using...

Modern Vulnerable Web App: Hackazon

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...

Burp Suite Professional 1.6.26 - The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security...

Dharma - A generation-based, context-free grammar fuzzer

A generation-based, context-free grammar fuzzer. Requirements None Examples Generate a single test-case. % ./dharma.py -grammars grammars/webcrypto.dg Generate a single test case with multiple grammars. % ./dharma.py -grammars grammars/canvas2d.dg grammars/mediarecorder.dg Generating test-cases a...

某政务服务中心系统通用型任意文件下载

简要描述： 详细说明： 深圳太极软件有限公司开发系统比较多；这款是政务服务中心系统；存在任意文件下载漏洞;这个系统的案例实在太多，都不需要我多说了 任意文件下载： /servlet/fileOpenforms?filename=/WEB-INF/WEB.xml Case: http://...//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://...//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml...

At least one into the subject of mobile software vulnerabilities, some companies to grab the market does not consider security 9 0 after hacks said the hand tour“9 9% has a vulnerability” insiders suggested that the state of mobile software development of a unified standard of review-vulnerability warning-the black bar safety net

“It is a problem of the APP.” Xuhui Public Security Bureau network security detachment Bob Sergeant, record this phone the name of the software and is the“Black”of the symptoms. This is Bob the police officer and his colleagues made an experiment: they selected a certain influence of mobile phone...

IBM Security AppScan 9.0.2 remote code execution vulnerability-vulnerability warning-the black bar safety net

IBM Security AppScan Standard is the United States, IBM company a Web application security testing tool. The tool is available in the application development life cycle for automated static and dynamic security vulnerability scanning. The vulnerability is based on the Windows OLE Automation array...

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested :...

XDcms订餐网站系统单店版注入(demo测试)

简要描述： rt 详细说明： 黑盒demo测试 首先注册一个用户，然后修改用户资料 http://dd.xdcms.cn/index.php?m=member&f=edit 修改完成之后，下单点餐。 然后报错了。二次注入 由于demo有安全狗，就没用深入测试了。 漏洞证明：...

Wireless Toolsuite: WRAITH

Wireless reconnaissance, collection and exploitation toolsuite Attack vectors, rogue devices, interfering networks are best visualized and identified over time. Current tools i.e. Kismet, Aircrack-ng and Wireshark are excellent tools but none are completely suitable for collecting and analyzing t...

AppUse - Android Pentest Platform Unified Standalone Environment

AppUse Virtual Machine, developed by AppSec Labs, is a unique and free system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools. Faster & More Powerful The system is a blessing to security teams, who from now on can easily...

Dropbox: Unvalidated Redirects and Stored XSS

Hi, This bug might interest you. In the process of testing , I uploaded a file which contained the scripts: window.opener.location.replace'http://blackhorse.x10host.com/test.php'; alertdocument.domain alertdocument.cookie On opening of the uploaded file through the events section, the XSS pop-ups...

Videos Tube 2.0 SQL Injection / XSS / Shell Upload

Videos Tube 2.0 / || / / / KnocKout, Septemb0x , BARCOD3 , UnDeRTaKeR / /\ /\ \ \ \ | / \ / Turkey / \ | \ \ / // / \ / / / / Software info |Web App. : Videos Tube |Price : FREE |Version : 2.0, updated the lastest version. |Software: http://www.phpscriptlerim.com/ucretsiz/videos-tube.html...

某OA系统通用SQL注入（SA权限）

简要描述： RT 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注射点： /ZhuanTi/OAWordDocDisplay.asp?OAID=1 漏洞证明： 案例： mask 区域 1.http://.. /ZhuanTi/OAWordDocDisplay.asp?OAID=1 mask 区域 1.http://.. /ZhuanTi/OAWordDocDisplay.asp?OAID=1 mask 区域 1.http://../oa...

某OA系统通用SQL注入（SA权限）

简要描述： RT 详细说明： 海天OA存在一处sql注入 海天OA官网：http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了，下面就用5个案例来做安全测试！ SQL注入点： /include/user/treedata.asp?bumenid=70 漏洞证明： 案例 http://180.166.7.94/include/user/treedata.asp?bumenid=70 http://oa.tjfsu.edu.cn/include/user/treedata.asp?bumenid=70...

A General campus of the system to the presence of multiple high-risk vulnerabilities(registration logic&getshell)-vulnerability warning-the black bar safety net

About Beijing Chong star weiye software Technology Co., Ltd. development of the education system vulnerability report 1. A large cattle submitted to such a vulnerability : the versatility of the SQL injection vulnerability of 1influence of Beijing, all kindergarten schools, etc., a SQL injection...