tplmap - Automatic Server-Side Template Injection Detection and Exploitation Tool

Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injecti...

Xerosploit - Efficient And Advanced Man In The Middle Framework

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...

Parrot OS 3.1 (Defcon) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

Advanced Browser Exploit Pack: BrowserExploit

Advanced Browser Exploit Pack BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task. BrowserSploit u...

Pythem - Python Network/Pentesting Tool

PytheM is a python network/pentesting tool. Same has been developed in the hope that it will be useful and i don't take responsabillity of any misapplication of it. Only for GNU/Linux OS. Installation $sudo git clone https://github.com/m4n3dw0lf/PytheM/ $cd PytheM $sudo pip install -r...

Live Platform for Android Security Professionals: Android Tamer

AndroidTamer started out as a VirtualMachine for Android Security Professionals. This Environment allows people to work on large array of android security related task’s ranging from Malware Analysis, Penetration Testing and Reverse Engineering. AndroidTamer is, at this point the only fully...

Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

Appie v3 - Android Pentesting Portable Integrated Environment

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...

V3n0M-Scanner - Popular SQLi and Pentesting Scanner

V3n0M runs on Python3 Live Project - Readding old features back in and improved for Python3 v3n0m is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is fo...

Offensive Powershell Console: PSPunch

PSPunch combines some of the best projects in the infosec powershell community into a self contained executable. It’s designed to evade antivirus and Incident Response teams. 1. It doesn’t rely on powershell.exe. Instead it calls powershell directly through the dotNet framework. 2. The modules th...

CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments! From enumerating logged on users and spidering SMB shares to executing psexec style attacks and auto-injecting Mimikatz into memory using Powershell! The biggest improvements over the above tools are: Pure...

SMBMap - Samba Share Enumerator

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...

netool.sh - MitM Pentesting Opensource T00lkit

netool.sh toolkit provides a fast and easy way For new arrivals to IT security pentesting and also to experience users to use allmost all features that the Man-In-The-Middle can provide under local lan, since scanning, sniffing and social engeneering attacks "spear phishing attacks"... DESCRIPTIO...

Yahoo Patches Critical Small Business, eCommerce Bugs

Yahoo has fixed a handful of vulnerabilities that could have given an attacker free reign over all of its user-run eCommerce websites and caused multiple headaches for small business owners. One bug could have allowed a hacker to change item prices on a whim and given them access to sensitive...

Parrot Security OS - Friendly OS designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo's website that...

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was...

JBoss JMX Console Beanshell Deployer WAR upload and deployment

No description provided by source. $Id: jbossbshdeployer.rb 11533 2011-01-10 14:34:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Mapbender 2.4.4 - (gaz) Remote SQL Injection Vulnerability

No description provided by source. Advisory: SQL-Injections in Mapbender During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in Mapbender. A remote attacker is able to execute arbitrary SQL commands and therefore can get e.g. valid usernames and password hashes of the...

vBulletin vBShout Mod - Stored XSS Vulnerability

No description provided by source. Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=product&productid=2 Version:...