China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux hosts as part of an "aggressive" campaign. Google-owned Mandiant is tracking the activity under its...

Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...

Rbuster - Yet Another Dirbuster

yet another dirbuster Common Command line options -a - specify a user agent string to send in the request -c - use this to specify any cookies that you might need simulating auth. header. -f - force processing of a domain with wildcard results. -l - show the length of the response. -r - follow...

Commando VM 2.0: Customization, Containers, and Kali, Oh My!

The Complete Mandiant Offensive Virtual Machine “Commando VM” swept the penetration testing community by storm when it debuted in early 2019 at Black Hat Asia Arsenal. Our 1.0 release made headway featuring more than 140 tools. Well now we are back again for another spectacular release, this time...

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems

Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...

PenCrawLer - An Advanced Web Crawler And DirBuster

An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to using in penetration testing based on Windows Os. Web Crawler Features: Follow Redirects Rendering Javascript Extract links from custom HTML-Elements Extract links with Regex-Pattern Black-List...

Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...

Google Patches Gmail Token Vulnerability

Google has patched a vulnerability that exposes an indefinite number of Gmail addresses, a potential gold mine for phishing and advanced attacks. Researcher Oren Hafif of Israel disclosed details on how he was able to abuse a token exposed in a URL in order to reveal every Gmail address. His work...

DirBuster Security Scanner

DirBuster is a vulnerability scanning product. Remote attackers can use DirBuster to detect vulnerabilities on a target server...

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts...