20 matches found
Exploit for Path Traversal in Fortinet Fortiproxy
CVE-2018-13379 — Mass Exploit for Fortine...
EUVD-2017-13053
Malware in sbrugna...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms
Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...
Spartacus - DLL Hijacking Discovery Tool
Why "Spartacus"? If you have seen the film Spartacus from 1960, you will remember the scene where the Romans are asking for Spartacus to give himself up. The moment the real Spartacus stood up, a lot of others stood up as well and claimed to be him using the "I AM SPARTACUS" phrase. When a proces...
SMBeagle - Fileshare Auditing Tool That Hunts Out All Files It Can See In The Network And Reports If The File Can Be Read And/Or Written
SMBeagle is an SMB fileshare auditing tool that hunts out all files it can see in the network and reports if the file can be read and/or written. All these findings are streamed out to either a CSV file or an elasticsearch host, or both!? SMBeagle tries to make use of the win32 APIs for maximum...
PeTeReport - An Open-Source Application Vulnerability Reporting Tool
PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...
PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable
An open source tool to perform malware static analysis on P ortable E xecutable Installation eva@paradise:$ git clone https://github.com/Th3Hurrican3/PEpper/ eva@paradise:$ cd PEpper eva@paradise:$ pip3 install -r requirements.txt eva@paradise:$ python3 pepper.py ./malwaredir Screenshot...
Youzer - Fake User Generator For Active Directory Environments
Fake User Generator for Active Directory Environments Introduction The goal of Youzer is to create information rich Active Directory environments. This uses the python3 library 'faker' to generate random accounts. pip3 install faker You can either supply a wordlist or have the passwords generated...
H8Mail v2.0 - Email OSINT And Password Breach Hunting
Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...
Hostintel - A Modular Python Application To Collect Intelligence For Malicious Hosts
This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format an...
Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...
H8Mail - Email OSINT And Password Breach Hunting
Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...
Munin - Online Hash Checker For Virustotal And Other Services
Munin is a online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based on the script "VT-Checker", which has been maintained in the LOKI repository...
Microsoft Windows DNS Cache Output (Windows SMB Login)
This plugin creates a comma-separated CSV output of the target SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-1000222
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data...
CVE-2016-1000222
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data...
CVE-2016-1000222
Elastic Logstash before version 2.1.2 is vulnerable to input crafted to place malicious formulas in CSV output, as described by CVE-2016-1000222. The issue arises in the CSV writer when processing engineered input. Affected product: Elastic Logstash (CSV output). Root cause: CSV generation accept...
BBQSQL - A Blind SQL Injection Exploitation Tool
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues. BBQSQL is a blind SQL injection framework written in Python. It is...
Internet Explorer Typed URLs
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92421; scriptversion"1.6";...