ALPINE-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

Arjun v1.1 - HTTP Parameter Discovery Suite

Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...

Open Source IPS: Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection IDS, inline intrusion prevention IPS, network security monitoring NSM and offline pcap processing. Suricata inspects the network traffic usi...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

[SECURITY] Fedora 28 Update: suricata-4.0.5-1.fc28

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 27 Update: suricata-4.0.5-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...

Security update for python (moderate)

This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyStringDecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution bsc1068664. - CVE-2018-1000030: Fixed crash inside the...

ReconCat - Tool To Fetch Archive Url Snapshots From Archive.org

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose. This application is powered byWMB-Scrapper Installation Clone this...

Concrete5 8.3.0 - Username Comments Enumeration

Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...

Concrete5 Username / Comments Enumeration

!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...

[SECURITY] Fedora 27 Update: suricata-4.0.4-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

CVE-2018-1000030

CVE-2018-1000030 : The Python 2.7.14 heap-security issue is described as a Heap-Buffer-Overflow and Heap-Use-After-Free arising when multiple threads handle large data, caused by a race condition between buffer sizing and writes. Older Python 2.7.x versions may also be vulnerable; the risk is con...

Blazy - Modern Login Bruteforcer Which Also Tests For CSRF, Clickjacking, Cloudflare and WAF

Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and...

Breacher - Tool To Find Admin Login Pages And EAR Vulnerabilites

A script to find admin login pages and EAR vulnerabilites. Features Multi-threading on demand Big path list 798 paths Supports php, asp and html extensions Checks for potential EAR vulnerabilites Checks for robots.txt Support for custom patns Usages Check all paths with php extension python...

Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service

Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection with no...

Python Backdoor Framework: NXcrypt

Python Backdoor Framework: NXcrypt Features NXcrypt is a polymorphic ‘python backdoors’ crypter written in python by Hadi Mene h4d3s . The output is fully undetectable . NXcrypt can inject malicious python file into a normal file with multi-threading system . Run it with superuser’s permissions...

NXcrypt - Python Backdoor Framework

NXcrypt NXcrypt is a polymorphic 'python backdoors' crypter written in python by Hadi Mene h4d3s . The output is fully undetectable . NXcrypt can inject malicious python file into a normal file with multi-threading system . Run it with superuser's permissions . NXcrypt output is Fully undetectabl...

Online Malware & URL Analysis: MalSub

Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...