Obelix: Mitigating Side-Channels through Dynamic Obfuscation

Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...

commix

This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...

[SECURITY] Fedora 41 Update: selenium-manager-4.34.0-2.fc41

Selenium Manager is a command-line tool implemented in Rust that provides automated driver and browser management for Selenium...

Callisto - An Intelligent Binary Vulnerability Analysis Tool

Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the bina...

GSD-2023-1001996 ice: Add check for kzalloc

ice: Add check for kzalloc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit 96a9873188552ebb2afe76033d7329a5ecabef6e, it was...

HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...

GSD-2022-1007404 md: Replace snprintf with scnprintf

md: Replace snprintf with scnprintf This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.220 by commit 97238b88583c27c9d3b4a0cedb45f816523f17c3,...

Ultimate Facebook Scraper - A Bot Which Scrapes Almost Everything About A Facebook User'S Profile Including All Public Posts/Statuses Available On The User'S Timeline, Uploaded Photos, Tagged Photos, Videos, Friends List And Their Profile Photos

Tooling that automates your social media interactions to collect posts, photos, videos, friends, followers and much more on Facebook. Features A bot which scrapes almost everything about a facebook user's profile including uploaded photos tagged photos videos friends list and their profile photos...

SysAnalyzer - Automated Malcode Analysis System

SysAnalyzer is an open-source application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system. A full installer for the application is available and can be downloaded here. The application...

Cat-Nip - Automated Basic Pentest Tool (Designed For Kali Linux)

Cat-Nip Automated BasicPentest Tool this tool will make your basic pentesting task like Information Gathering, Auditing, And Reporting so this tool will do every task fully automatic. Usage Guide Download / Clone Cat-Nip git clone https://github.com/baguswiratmaadi/catnip Go Inside Cat-Nip Dir cd...

Automated Pentest Recon Scanner: Sn1per

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates open ports vi...

SQLMap v1.2.10 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Yuki Chan - Automate Pentest Tool

The Yuki Chan is an Automated Penetration Testing tool this tool will auditing all standard security test method for you. WARNING I highly recommend using this tool by using Kali Linux OS By using this tool it means you agree with terms, conditions, and risks By using this tool you agree that 1...

Commix 1.6 - Automated All-In-One OS Command Injection And Exploitation Tool

Commix short for comm and i njection e x ploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities...

Web Application Security Scanner: Netsparker

THE ONLY FALSE POSITIVE FREE WEB APPLICATION SECURITY AND VULNERABILITY SCANNER Almost every business entity on the market today is trying hard to stretch out this year’s budget and somehow fit ‘security’ in the environment. Preferably, with minimal cost. Business owners, board directors, stock...

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

Climber - Check UNIX/Linux Systems For Privilege Escalation

Automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation. Dependencies python = 2.7 python-crypto python-mako python-paramiko Note Climber needs Exscript, a Python module and a template processor for automating network connections over...

Cyberoam - Blind SQL Injection

Description The username field in the captive portal of Cyberoam NG firewall is vulnerable to SQL Injection and can be exploited to execute sql commands on the database. The username field is vulnerable to the following types of SQL Injections a Boolean-based blind sql injection b Stacked...

Cyberoam CR500iNG-XP - 10.6.2 MR-1 Blind SQL Injection

Exploit Title: Cyberoam : Blind SQL Injection Date: 31/Aug/2015 Exploit Author: Dharmendra Kumar Singh Contact: [email protected] Vendor Homepage: http://www.cyberoam.com Software Link: http://www.cyberoam.com/NGFW/ Version: CR500iNG-XP - 10.6.2 MR-1 Category: Firewall 1. Description The...

Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...