libenom - Make Fast and Easy Payloads with MSFvenom

Libenom is a tool created for make more easy and fast the creation of payloads with MSFvenom and get all the data generated ordered. Requirements A linux distribution for pentesting or Ubuntu, Debian, Mint Recommended Kali Linux 2.0 sana or 2016.1 rolling, Parrot OS, Blackarch, Dracos ,Lionsec...

[SECURITY] Fedora 24 Update: pagure-2.3.4-1.fc24

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

Manalyze - A static analyzer for PE executables

Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior. A static analyzer for PE files Manalyze was written in C++ for Windows and Linux and is released under the terms of the GPLv3 license . It is a robust parser for PE files with a flexible...

HellRaiser - Vulnerability Scanner

Install Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04 Install redis-server and nmap. sudo apt-get update sudo apt-get install redis-server nmap Clone HellRaiser repository, change to hellraiser web app directory and run bundle install. git clone...

Windows Process Filtering System: ProcFilter

Windows Process Filtering System ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft’s ETW API , making...

[SECURITY] Fedora 24 Update: pagure-2.2.2-1.fc24

Pagure is a light-weight git-centered forge based on pygit2. Currently, Pagure offers a web-interface for git repositories, a ticket system and possibilities to create new projects, fork existing ones and create/merge pull-requests across or within projects...

CVE-2016-2865

The GIT Integration component in IBM Rational Team Concert RTC 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed...

Design/Logic Flaw

The GIT Integration component in IBM Rational Team Concert RTC 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed...

CVE-2016-2865

The GIT Integration component in IBM Rational Team Concert RTC 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed...

git fixup: --amend for older commits

Everyone knows and loves to use git commit --amend to change the latest commit. But what if you want to correct a older commit? The flow in that case involves an interactive rebase with a edit step. But that's kludgy. Here's an alias that using a couple of nifty git features makes it one command...

Slack: Source code leakage through GIT web access at host '52.91.137.42'

@d0znpp alerted us to the public availability of Git files on a QA server. This lead to the access to files which should have been restricted. We have enforced proper access control, and Slack awarded @d0znpp a $1,500 bounty for bringing the issue to our attention! Thank you!...

Python Exploit Development GDB Assistance: Peda

Python Exploit Development GDB Assistance PEDA is a Python GDB script with many handy commands to help speed up exploit development process on Linux/Unix. It is also a framework for writing custom interactive Python GDB commands. PEDA v1.1 Released Requirements PEDA 1.0 is only support Linux GDB...

XSS Hunter is Now Open Source – Here’s How to Set It Up!

Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. Aft...

File Traversal Protection Bypass on Error Reporting

PMASA-2016-15 Announcement-ID: PMASA-2016-15 Date: 2016-05-25 Updated: 2016-05-26 Summary File Traversal Protection Bypass on Error Reporting Description A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the...

Cannot sign commits and tags for Git Flow

The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...

Cannot sign commits and tags for Git Flow

The Git Flow actions do not have an option to sign off commits and tags. Unlike a commit or tag created manually, there is no Sign tag option. See attachment for reference to Add Tag feature that has the Sign tag option...

openSUSE Security Update : mercurial (openSUSE-2016-609)

This update for mercurial fixes the following issues : Security issue fixed : - CVE-2016-3105: Fixed arbitrary code execution whenusing the convert extension on Git repo. boo978391 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Apple Xcode < 7.3.1 Multiple RCE (Mac OS X)

The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.3.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Git due to overflow conditions in the pathname function in revision.c that are triggered when pushing or cloni...

MGASA-2016-0172 Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...

Updated mercurial packages fix security vulnerability

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This...