Some-Tools - Install And Keep Up To Date Some Pentesting Tools

Some-Tools Why I was looking for a way to manage and keep up to date some tools that are not include in Kali-Linux. For exemple, I was looking for an easy way to manage privilege escalation scripts. One day I saw sec-tools from eugenekolo which you can see at the bottom of the page and it gave me...

IoT-PT - A Virtual Environment For Pentesting IoT Devices

A new pentesting virtual environment for IoT Devices Download Link : https://drive.google.com/open?id=1XwGqkLax2irSPpwEpeAqypl9vEywzw3D MD5 : d9c20057b14cfa3fb25f744813b828df ; SHA1: 8828d693dc6c809377bab40d2bc26f525685e287 OS info and Requirements Base OS : Lubuntu 18.04 LTS Processors : 2 By...

Exploit for Use After Free in Microsoft

System-Vulnerability 实时更新较好用最新漏洞EXP，仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...

Autoenum - Automatic Service Enumeration Script

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments i.e. HTB, VulnHub, OSCP and draws a bit from a number of existing tools including AutoRecon https://github.com/Tib3rius/AutoRecon, Auto-Rec...

Bramble - A Hacking Open Source Suite

Bramble software has been designed for the bramble project. It incorporates many features of pentesting and IT Security. It's easy to use and completely editable. It allows beginners to learn hacking and gives more experienced users a customisable plug and play hacking tools so they can add their...

DroneSploit - Drone Pentesting Framework Console

This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For the ease of use, the interface has a layout that looks like Metasploit. Black Hat Europe Arsenal 2019 presentation Also see articles: Black Hat Europe: New...

KITT-Lite - Python-Based Pentesting CLI Tool

The KITT Penetration Testing Framework was developed as an open source solution for pentesters and programmers alike to compile the tools they use with what they know into an open source project. With KITT, users are able to easily access a list of commonly used tools to their profession which ar...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

Git-Scanner - A Tool For Bug Hunting Or Pentesting For Targeting Websites That Have Open .git Repositories Available In Public

This tool can scan websites with open .git repositories for Bug Hunting/ Pentesting Purposes and can dump the content of the .git repositories from webservers that found from the scanning method. This tool works with the provided Single target or Mass Target from a file list. Installation - git...

Minimalistic-offensive-security-tools - A Repository Of Tools For Pentesting Of Restricted And Isolated Environments

Minimalistic SMB loginbruteforcer smblogin.ps1 A simple SMB login attack and password spraying tool. It takes a list of targets and credentials username and password as parameters and it tries to authenticate against each target using the provided credentials. Despite its minimalistic design, the...

WatchGuard Fireware AD Helper 5.8.5.10317 Credential Disclosure

Exploit: WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure Author: RedTeam Pentesting GmbH Date: 2020-03-11 Vendor: https://www.watchguard.com Software link: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdradhelperc.html CVE:...

Real Web Pentesting Tutorial Step by Step - [Persian]

Real Web Pentesting Tutorial Step by Step - Persian 1...

Real Web Pentesting Tutorial Step by Step - [Persian]

1...

Serpico admin user can be accessed without admin creds

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change...

IceWarp 12.2.0 / 12.1.x Cross Site Scripting

Advisory: IceWarp: Cross-Site Scripting in Notes During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to cross-site scripting attacks in notes for objects. If attackers with access to the IceWarp system provide a manipulated object that is displayed by...

IceWarp 12.2.0 / 12.1.x Cross Site Scripting

Advisory: IceWarp: Cross-Site Scripting in Notes for Contacts During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted cross-site scripting attacks in its contact module. If IceWarp users import a manipulated vcard, for example from an...

Evil-Winrm v1.9 - The Ultimate WinRM Shell For Hacking/Pentesting

This shell is the ultimate WinRM shell for hacking/pentesting. WinRM Windows Remote Management is the Microsoft implementation of WS-Management Protocol. A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in thei...

HomePwn - Swiss Army Knife for Pentesting of IoT Devices

HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to...

UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses

UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other...

Lockdoor Framework - A Penetration Testing Framework With Cyber Security Resources

Lockdoor Framework : A Penetration Testing Framework With Cyber Security Resources. 09/2019 : 1.0Beta Information Gathring Tools 21 Web Hacking Tools15 Reverse Engineering Tools 15 Exploitation Tools 6 Pentesting & Security Assessment Findings Report Templates 6 Password Attack Tools 4 Shell Tool...