METATRON AI Penetration Testing

Metatron is a CLI-based AI penetration testing assistant that runs entirely on your local machine - no cloud, no API keys, no subscriptions. You give it a target IP or domain. It runs real recon tools nmap, whois, whatweb, curl, dig, nikto, feeds all results to a locally running AI model, and the...

CVE-2025-60702

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...

TOTOLINK A950RG和TOTOLINK A810R 安全漏洞

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

CVE-2024-24818 EspoCRM weakness in "Forgot password"

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2...

PT-2022-11725 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue concerns a remote command injection vulnerability. This vulnerability is located in the setDiagnosisCfg function of the file lib/cste modules/system.so, which can be exploited to...

WhoAmIMailBot - A Service To Mask Your Email

What is it? A service to mask your e-mails, it was inspired by Blur service, where you create a alias for your e-mail, and use it to signup on applications, but the problem on Blur, is that all e-mails pass trough they infraestructure, and I don't need anybody looking on my e-mails, to solve that...

ODIN - Tool For Automating Penetration Testing Tasks

ODIN is made possible through the help, input, and work provided by others. Therefore, this project is entirely open source and available to all to use/modify. All this developer did was assemble the tools, convert some of them to Python 3, and stitch them together into an all-in-one toolkit. Wha...

金蝶旗下某业务通讯监控系统命令执行

简要描述： title 详细说明： null 漏洞证明： 万恶的struts2框架～ 金蝶已经差不多补全了！但是还是有一些没有被注意到。 问题出在： http://comm.youshang.com/login.do 图片为域名对应IP： 已shell：...

How to clear Remote Desktop Connection to the IP domain information-vulnerability warning-the black bar safety net

Commonly used Remote Desktop Connection friends will find Remote Desktop Connection every time a record is successfully connected to the remote IP or domain name, and the information displayed in the connection address in the input box drop-down menu. As a result of course of Remote Desktop...