98 matches found
Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester
The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...
FinalRecon v1.1.0 - The Last Web Recon Tool You'll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping...
Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters
A curated list of Android Security materials and resources For Pentesters and Bug Hunters. Blog AAPG - Android application penetration testing guide TikTok: three persistent arbitrary code executions and one theft of arbitrary files Persistent arbitrary code execution in Android's Google Play Cor...
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
Theres an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to...
OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally
Manual Port Scanning Enumerate Potential Service If you like the tool and for my personal motivation so as to develop other tools please a +1 star INTRO This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally onl...
FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A Distributed Evolutionary Binary Fuzzer For Pentesters
FLUFFI - A distributed evolutionary binary fuzzer for pentesters. About the project High level overview Getting started Usage HOWTOs Technical Details Contributing to FLUFFI LICENSE Bugs found So far, FLUFFI was almost exclusively used on SIEMENS products and solutions. Bugs found therein will no...
HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware
HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...
Hack-Tools - The All-In-One Red Team Extension For Web Pentester
The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...
HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
Hi team, I don't know your policy about pentestersabout their visibility on the platform, But I couldn't find any other pentesters before. 1 For example: GraphQL has the h1pentester attribute that would explicitly point us to the pentester, but if we make a query, it doesn't reveal the pentester ...
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Date: 2020-04-16 Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...
PowerSploit
This is an offensive tool for Windows PowerShell. It is a module for PowerSploit, a PowerShell framework for penetration testing and red teaming. The module contains several functions for code execution, including reflective DLL injection and DLL injection into a process. The functions can be use...
Install Python for Windows
This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...
SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo
Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...
S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters
s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub. Installation Binaries Find the binaries on the Releases page. Go go get...
HackerOne: HackerOne Pentesters can access any structured scope object through GraphQL node interface
A missing authorization check in the StructuredScope protector class app/protectors/protectedstructuredscope.rb:42 enables any HackerOne Pentester to access structured scope objects of programs they aren't invited to or aren't running a penetration test through HackerOne. ruby class...
Grouper2 - Find Vulnerabilities In AD Group Policy
What is it for? Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some...
Stowaway - Multi-hop Proxy Tool For Pentesters
Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes multi-layer PS: The files under demo folder are Stowaway's beta version,it's still functional, you can check the detail by README.md file under the demo folder...
JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
A ready to use JSONP endpoints to help bypass content security policy of different websites. The tool was presented during HackIT 2018 in Kiev. The presentation can be found here not sure why format of the slides is screwed :D:...
Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers
BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post...