cmsPoc - A CMS Exploit Framework

A CMS Exploit Framework. Requirements python2.7 Works on Linux, Windows Usage usage: cmspoc.py -h -t TYPE -s SCRIPT -u URL optional arguments: -h, --help show this help message and exit -t TYPE, --type TYPE e.g.,phpcms -s SCRIPT, --script SCRIPT Select script -u URL, --url URL Input a target url...

fatcat - FAT Filesystems Explore, Extract, Repair, And Forensic Tool

This tool is designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. It currently supports FAT12, FAT16 and FAT32. Tutorials & examples Building and installing You can build fatcat this way: mkdir build cd build cmake .. make And then install it:...

[SECURITY] Fedora 27 Update: botan-1.10.17-1.fc27

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

parti-pna.com XSS vulnerability

Open Bug Bounty ID: OBB-378656 Description| Value ---|--- Affected Website:| parti-pna.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Fileless Malware: A Hidden Threat

Malware is advancing at an unprecedented rate, with four new strains discovered every minute, Slate reported. This is already a lot for businesses to worry about and it doesn't even cover the other threats that haven't been detected. Many attackers have evolved their techniques to evade common...

sipfs.asus.com XSS vulnerability

Open Bug Bounty ID: OBB-327442 Description| Value ---|--- Affected Website:| sipfs.asus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Kali Linux 2017.2 Release - The Best Penetration Testing Distribution

In addition to all of the standard security and package updates that come to us via Debian Testing, we have also added more than a dozen new tools to the repositories, a few of which are listed below. There are some really nice additions so we encourage you to ‘apt install’ the ones that pique yo...

Confusing Self-Driving Cars by Altering Road Signs

Researchers found that they could confuse the road sign detection algorithms of self-driving cars by adding stickers to the signs on the road. They could, for example, cause a car to think that a stop sign is a 45 mph speed limit sign. The changes are subtle, though -- look at the photo from the...

Plasma - An Interactive Disassembler for x86/ARM/MIPS

PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api see an example below. The project is still in big development. wiki : TODO list and some documentation. It supports : architectures ...

Pythem - Penetration Testing Framework

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

housesignsonline.co.uk XSS vulnerability

Vulnerable URL: https://www.housesignsonline.co.uk/examples.php?shaped=yes=1"...

OpenDreamBox 2.0.0 Remote Code Execution

Exploit Title: OpenDreamBox 2.0.0 - Plugin WebAdmin RCE Shodan Dork: "DreamBox" 200 ok" Date: 07/03/17 Exploit Author: Jonatas Fil Vendor Homepage: https://www.dreamboxupdate.com Software Link: https://www.dreamboxupdate.com/opendreambox/2.0.0 Version: 2.0.0 Vulnerabilty: Remote Command Execution...

explo - Human And Machine Readable Web Vulnerability Testing Format

explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable...

Cangibrina - A Fast And Powerfull Dashboard (Admin) Finder

Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone http://github.com/fnk0c/cangibrina.git cd...

Dr0p1t-Framework 1.2 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ; Features Framework works with Windows and Linux Download executable on target system and...

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...

filtron - Filtering reverse HTTP proxy

Reverse HTTP proxy to filter requests by different rules. Can be used between production webserver and the application server to prevent abuse of the application backend. The original purpose of this program was to defend searx , but it can be used to guard any web application. Installation and...

ansvif - An Advanced Fuzzing Framework Designed To Find Vulnerabilities In C/C++ Code.

ansvif, written primarily in C++, is designed to find code bugs by throwing garbage input at programs to see how they react. This is great for finding bugs, because not every type of input is always handled, and buffers are not always checked, etc. It also comes in handy when writing and protecti...