Varnish Cache CLI Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/varnish' require 'metasploit/framework/tcp/client' class MetasploitModule...

No Protection Against Bruteforce Attacks on Login Page in

Description Modoboa does not restrict or limit unsuccessful login attempts allowing an attacker to brute force the password of a known user Proof of Concept Steps to Reproduce: Capture login request with BurpSuite Send to Intruder Replay the login request with a different password value utilizing...

Spraygen - Password List Generator For Password Spraying

Password list generator for password spraying - prebaked with goodies Version 1.4 Generates permutations of Months, Seasons, Years, Sports Teams NFL, NBA, MLB, NHL, Sports Scores, "Password", and even Iterable Keyspaces of a specified size. All permutations are generated with common attributes...

CVE-2021-23921

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...

Improper access control

An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...

CVE-2021-23921

CVE-2021-23921 affects Devolutions Server prior to 2020.3. The issue is broken access control on Password List entry elements, as described in the CVE entry and corroborated by NVD/related records. The connected documents confirm the affected software and the underlying flaw (inadequate access re...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server before 2020.3, which stems from a breach of access control on the password list entry element...

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

Words Scraper - Selenium Based Web Scraper To Generate Passwords List

Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...

Hashcracker - Python Hash Cracker

Supportedhashing algorithms: SHA512, SHA256, SHA384, SHA1, MD5 Features: auto detection of hashing algorithm based on length not recommended, bruteforce, password list Arguments: type: hash algorithm must be one of the supported hashing algorithms mentioned above or AUTO if you want to use...

Facebash - Facebook Brute Forcer In Shellscript Using TOR

Facebook Brute Forcer in shellscript using TOR IG: @thelinuxchoice Legal disclaimer: Usage of Facebash for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not...

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post...

SNMPwn - An SNMPv3 User Enumerator and Attack tool

SNMPwn is an SNMPv3 user enumerator and attack tool. It is a legitimate security tool designed to be used by security professionals and penetration testers against hosts you have permission to test. It takes advantage of the fact that SNMPv3 systems will respond with "Unknown user name" when an...

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

IBM PowerHA SystemMirror on AIX Superuser Elevation of Privilege Vulnerability

IBM PowerHA SystemMirror is a cluster solution from IBM USA. The solution supports cluster migration, failover and disaster recovery. A superuser elevation of privilege vulnerability exists in IBM PowerHA SystemMirror on AIX versions 6.1 and 7.1, which allows an authenticated remote user to perfo...

freewebshop.org script <= 2.2.2 - Multiple Vulnerabilities

No description provided by source. Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00 List...

Pakcyberarmy database hacked and Leaked by Indian Hacker - Lucky

Pakcyberarmy database hacked and Leaked by Indian Hacker - Lucky Indian Hacker - Lucky Indishell crack the 1500+ user's passwords from Pakcyberarmy.net database. Pakcyberarmy.net is the hub of most of the Pakistani hackers. Indian hacker group "Indishell" leader "Lucky" leaks all info via a excel...

Cisco - Password Bruteforcer

Cisco - Password Bruteforcer / .: free source :. .: coded 4 Avatar Corp :. enabler. cisco internal bruteforcer. coder - norby concept - anyone this program just logs into a CISCO router and tries a list of passes looking for the enable one. it works in password-only CISCO as well in login-pass on...