423 matches found
Network Reconnaissance & Vulnerability Assessment Tool: ReconScan
Network Reconnaissance & Vulnerability Assessment Tool The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from the perspective of exploitability. In terms...
Parrot Security 3.3 - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind
Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools...
Apache mod_session_crypt 2.5 Padding Oracle
Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data. Detai...
Apache mod_session_crypto - Padding Oracle
Apache modsessioncrypto - Padding Oracle ''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data an...
hacklib - Pentesting, Port Scanning, and Logging in anywhere with Python
Toolkit for hacking enthusiasts using Python. hacklib is a Python module for hacking enthusiasts interested in network security. It is currently in active development. Installation To get hacklib, simply run in command line: pip install hacklib hacklib also has a user interface. To use it, you ca...
Android Security Virtual Machine: Androl4b
Android Security Virtual Machine AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis. The tools directory contains tools and...
libenom - Make Fast and Easy Payloads with MSFvenom
Libenom is a tool created for make more easy and fast the creation of payloads with MSFvenom and get all the data generated ordered. Requirements A linux distribution for pentesting or Ubuntu, Debian, Mint Recommended Kali Linux 2.0 sana or 2016.1 rolling, Parrot OS, Blackarch, Dracos ,Lionsec...
LHF (Low Hanging Fruit) - A Modular Recon Tool For Pentesting
To install dependencies: ./Install.sh To start: ./LHF.py + Checking permissions - Rockyou wordlist is missing trying to decompress... + Rockyou wordlist is decompressed! - Please enter the ip to scan example 192.168.0.1 or www.target.com : A "results" folder will be created after inputting the...
New Relic: Login CSRF vulnerability
Hi New Relic security team, While doing pentesting on your website, I found that while logging into the account the "authenticitytoken" was not properly validated. I was able to login into my account even without "authenticitytoken". Impact: High Steps to Reproduce: 1 Login to your account. 2 Whi...
tplmap - Automatic Server-Side Template Injection Detection and Exploitation Tool
Tplmap short for Template Mapper is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities SSTI. This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injecti...
Xerosploit - Efficient And Advanced Man In The Middle Framework
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...
Parrot OS 3.1 (Defcon) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
Advanced Browser Exploit Pack: BrowserExploit
Advanced Browser Exploit Pack BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task. BrowserSploit u...
Pythem - Python Network/Pentesting Tool
PytheM is a python network/pentesting tool. Same has been developed in the hope that it will be useful and i don't take responsabillity of any misapplication of it. Only for GNU/Linux OS. Installation $sudo git clone https://github.com/m4n3dw0lf/PytheM/ $cd PytheM $sudo pip install -r...
Live Platform for Android Security Professionals: Android Tamer
AndroidTamer started out as a VirtualMachine for Android Security Professionals. This Environment allows people to work on large array of android security related task’s ranging from Malware Analysis, Penetration Testing and Reverse Engineering. AndroidTamer is, at this point the only fully...
Parrot OS 3.0 (Lithium) - Friendly OS designed for Pentesting, Computer Forensic, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network. Who can use it Parrot is designed for everyone, from the Pro...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Websockify C Implementation 0.8.0 - Buffer Overflow PoC Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product:...
Websockify (C Implementation) 0.8.0 - Buffer Overflow (PoC)
Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product: Websockify C implementation Affected Versions: all versio...
Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor Authenticated users who can create new HTTP XML/REST Value sensors in PRTG Network Monitor can read local files on the PRTG host system via XML external entity expansion. Details ======= Product: Paessler PRTG Network Monito...
Securimage 3.6.2 Cross Site Scripting
Advisory: Cross-site Scripting in Securimage 3.6.2 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Securimage CAPTCHA software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: Securimage Affected Versions: = 3.2R...