TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165 Python Exploit This is code to exploit CVE-2020...

GWTMap - Tool to help map the attack surface of Google Web Toolkit

GWTMap is a tool to help map the attack surface of Google Web Toolkit GWT based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application's obfuscated client-side code, and attempt to generate example GWT-RPC...

ShellGen - Reverse shell generator

This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 the IPv4. INFORMATION Update has been made from sys library to argparse library done in version 0.8 Usage For help: shellgen -h shellgen --help If you want to skip update and just get...

ManageEngine opManager 12.3.150 - Authenticated Code Execution

!/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/network-monitoring/download.html Version: 12.3.150 Test...

QRGen - Simple Script For Generating Malformed QRCodes

Simple Script For Generating Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner's parser or how the application handle QRCode data. Down side of this tool: you need to manually scan codes with camera. Proof Installation What do you need: python3 qrcode Pillow...

Joomla Joomanager 2.0.0 Component - com_Joomanager Arbitrary File Download Exploit

Exploit for php platform in category web applications !/usr/bin/python2 -- coding:utf-8 -- ''' GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright C 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it ...

CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. 1. Misconfigured DNS scan usin...

NETATTACK 2 - An Advanced Wireless Network Scan and Attack Script

NETATTACK 2 is a python script that scans and attacks local and wireless networks. Everything is super easy because of the GUI that makes it unnecessary to remember commands and parameters. FUNCTIONS SCAN-FUNCTIONS Scan for Wi-Fi networks Scan for local hosts in your network ATTACK-FUNCTIONS...

Server Side Bruteforce Module: brut3k1t

Server Side Bruteforce Module brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and servic...

brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook, and more)

Server-side brute-force module. Brute-force dictionary attack, jk attack that supports multiple protocols and services. 1. Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:...

HP Data Protector A.09.00 - Arbitrary Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

Dexter CasinoLoader SQL Injection

Exploit Title: Dexter CasinoLoader Panel SQLi Date: Feb, 13, 2014 Exploit Author: Brian Wallace @botnethunter Version: CasinoLoader Tested on: Windows 7, Ubuntu, Debian import pycurl import urllib import cStringIO import base64 import argparse import sys import string import pygeoip version =...