RHEL 7 : docker-distribution (RHSA-2017:2603)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2603 advisory. The docker-distribution package provides the tool set to support the Docker Registry version 2. The following packages have been upgraded to a later...

Docker Daemon Unprotected TCP Socket

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Daemon - Unprotected TCP Socket Exploit', 'Description' = %q Utilizing Docker via unprotected tcp socket 2375/tcp, maybe 2376/tcp with tls...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

docker-distribution: Does not properly restrict the amount of content accepted from a user

It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service...

Low: Red Hat Security Advisory: docker-distribution security, bug fix, and enhancement update

An update for docker-distribution is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Comission - WhiteBox CMS Analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool: checks for the core version; looks for the last core version; looks for vulnerabilities in core version used; checks for plugins version; looks for vulnerabilities in plugins version used; A complete report can be generated in XLSX or...

Onion Decoy Server

A platform to run private unannounced Honeypots as Tor Hidden Services aka Onion Decoys inside the Tor Network. The Onion Decoys are implemented with Docker containers as honeypots. The reason to choose Docker is that it is good at process and filesystem isolation, which ultimately gives the...

WPScan v2.9.4 - Black Box WordPress Vulnerability Scanner

WPScan is a black box WordPress vulnerability scanner. INSTALL WPScan comes pre-installed on the following Linux distributions: BackBox Linux Kali Linux Pentoo SamuraiWTF BlackArch On macOS WPScan is packaged by Homebrew as wpscan. Windows is not supported We suggest you use the official Docker...

mitm-router - Man-in-the-middle Wireless Access Point Inside a Docker Container

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd, dnsmasq, and mitmproxy to create a open honeypot wireless network named "Public". For added fun, change the network name to "xfinitywifi" to autoconnect anyone w...

CoMisSion: Open Source WhiteBox CMS Analysis Tool

PenTestIT RSS Feed Less than a week ago, an open source white-box CMS analysis tool was released - CoMisSion. I had covered a similar local web application vulnerability scanner - pyfiscan. This new tool tends to automate a lot of tasks that help you analyze a CMS setup and tend to be long, tedio...

dockerscan - Docker Security Analysis and Hacking Tools

What's dockerscan A Docker analysis tools Very quick install python3.5 -m pip install -U pip python3.5 -m pip install dockerscan Show options: dockerscan -h Available actions Currently Docker Scan support these actions: Scan: Scan a network trying to locate Docker Registries Registry Delete: Dele...

Plecost v1.1.1 - Wordpress Finger Printer Tool

What's Plecost? Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. Why? There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge ...

LinEnum v0.6 - Scripted Local Linux Enumeration and Privilege Escalation Checks

LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...

Qualys Cloud Suite 8.10.2 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.2, includes updates to shared platform features, a new role for user management, and expanded Policy Compliance platform support. Feature Highlights Qualys Cloud Platform Limit number of external scanners – You can now limit the numbe...

Man-in-the-middle Router

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd , dnsmasq , and mitmproxy to create a open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone...

Linux Gather Container Detection

This module attempts to determine whether the system is running inside of a container and if so, which one. This module supports detection of Docker, WSL, LXC, Podman and systemd nspawn. This module requires Metasploit: https://metasploit.com/download Current source:...

Mercure - A Tool For Security Managers Who Want To Train Their Colleague To Phishing

Mercure is a tool for security managers who want to teach their colleagues about phishing. What Mercure can do: Create email templates Create target lists Create landing pages Handle attachments Let you keep track in the Campaign dashboard Track email reads, landing page visits and attachment...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

kernel: Memory leaks in xfs_attr_list.c error paths

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

Sn1per - Automated PenTest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. DEMO VIDEO: FEATURES: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates...