SysWhispers2 - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported and example generated files available in the example-output/ folder. Difference BetweenSysWhispers 1 and 2 The usage is almost identical to SysWhispers1 but...

Longtongue - Customized Password/Passphrase List Inputting Target Info

Customized Password/Passphrase List inputting Target Info Installation git clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.py Usage usage: longtongue.py -h -p | -c | -v -l | -L -y -n Customized Password/Passphrase List inputting Target Info optional arguments:...

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

Scilla - Information Gathering Tool (DNS/Subdomain/Port Enumeration)

Information Gathering Tool - Dns/Subdomain/Port Enumeration Installation First of all, clone the repo locally git clone https://github.com/edoardottt/scilla.git Scilla has external dependencies, so they need to be pulled in: go get Working on installation... See the open issue. For now you can ru...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines

OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3  Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...

DRUPAL-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

TASER - Python3 Resource Library For Creating Security Related Tooling

TASER T esting A nd SE ecurity R esource is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenario...

Exploit for CVE-2020-1472

CVE-2020-1472 CVE-2020-147...

SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers...

Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

Flask Session Cookie Decoder/Encoder Depencencies Python 2 or Python 3 itsdangerous Flask Installation BlackArch Linux pacman -S flask-session-cookie-manager3,2 Git ArchLinux Both python3 etn python2: $ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd...

Remote Code Execution (RCE)

apache-airflow is vulnerable to remote code execution RCE. The vulnerability exists as the example DAGs does not properly sanitize the value of dagrun.conf"message". The vulnerability exists if examples are enabled when the loadexamples=True is present in the config...

PYSEC-2020-14

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

[SECURITY] Fedora 32 Update: botan2-2.14.0-1.fc32

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Availability Attacks against Neural Networks

New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN...

MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory

Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...

airflow-util-dv (>=1.2.1 <=1.6.2), dbnd-examples (>=0.50.1 <=0.56.7) +2 more potentially affected by CVE-2020-11981 via apache-airflow (>=1.10.1 <=1.10.10)

apache-airflow PYPI version =1.10.1, =1.2.1, =0.50.1, =0.0.1, =10.3.0rc1, =10.3.0rc2 Source cves: CVE-2020-11981 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-570291...

U.S. Dept Of Defense: Tomcat examples available for public, Disclosure Apache Tomcat version, Critical/High/Medium CVE

Summary: There are multiple issues found on ███: 1. ███████/examples/ - Apache Tomcat examples are available for public. Multiple issues - session and cookies manipulation, internals IP disclosure. 2. Error page contains information about Apache Tomcat version 3. Reported Tomcat version is...

Cross-Site Scripting (XSS)

tomcat5 is vulnerable to cross-site scripting XSS. The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting XSS flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw...