ReelPhish - A Real-Time Two-Factor Phishing Tool

ReelPhish simplifies the real-time phishing technique. The primary component of the phishing tool is designed to be run on the attacker’s system. It consists of a Python script that listens for data from the attacker’s phishing site and drives a locally installed web browser using the Selenium...

Selenium Crawl Succeeded

This is an informational notice that the scanner was able to successfully perform the crawling scripts provided in the policy. No source data...

Selenium Crawl Failed

This plugin is raised when the scanner has not been able to crawl the web application using the Selenium scripts provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

ReelPhish: A Real-Time Two-Factor Phishing Tool

Social Engineering and Two-Factor Authentication Social engineering campaigns are a constant threat to businesses because they target the weakest chain in security: people. A typical attack would capture a victim’s username and password and store it for an attacker to reuse later. Two-Factor...

Selenium Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web application using the Selenium script provided in the scan policy. No source data...

Selenium Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the Selenium script provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

Archery - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...

DorkNet - Selenium Powered Python Script To Automate Searching For Vulnerable Web Apps

Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save the...

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp see "Burp Suite Free Edition and NTLM authentication in ASP.net applications" for example, retrieve all necessary requests and learn how to use them. However, this is sometimes so...

raven - Linkedin Information Gathering Tool

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Please do not use this program to do stupid things. The author does not keep any responsability of what damage has been done by this program...

Linkedin Information Gathering Tool: raven

raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin. Usage of this is application is pretty simple. It requires at least three parameters. The first one is the company name , the second one is the count...

Snuck - Automatic XSS filter bypass

snuck is an automated tool that can definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection reflection context and relies on ...

Man In The Middle (MitM)

selenium-binaries is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binary resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Man-in-the-Middle (MitM) Attacks

selenium-download is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute...

Downloads Resources over HTTP

Overview Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting ...

Downloads Resources over HTTP

Overview Affected versions of selenium-standalone-painful insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP

Overview Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of selenium-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of selenium-binaries insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...