CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kitploit•added 2017/08/30 2:30 p.m.•42 views

DSSS - Damn Small SQLi Scanner

Damn SmallSQLi Scanner DSSS is a fully functional SQL injection vulnerability scanner supporting GET and POST parameters written in under 100 lines of code. As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie. Sample runs $ python dsss.py...

8.3AI score

Kitploit•added 2017/08/28 9:13 p.m.•102 views

SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

8.5AI score

Exploits0References20

Veracode•added 2017/01/18 7:28 a.m.•15 views

Sandbox Escape

plone is vulnerable to sandbox escape. It is possible to access private content via str.format in through-the-web templates and scripts. str.format, Python's new-style string format introduced in 2.6, causes the security issue on untrusted user input. If an attacker can control the string format...

4.3CVSS4.7AI score0.00185EPSS

Exploits0References4Affected Software1

Kitploit•added 2016/09/12 2:6 p.m.•14 views

swarm - A Modular Distributed Penetration Testing Tool

Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...

7.3AI score

Exploits0References3

n0where•added 2016/06/25 3:58 p.m.•62 views

Python Exploit Development GDB Assistance: Peda

Python Exploit Development GDB Assistance PEDA is a Python GDB script with many handy commands to help speed up exploit development process on Linux/Unix. It is also a framework for writing custom interactive Python GDB commands. PEDA v1.1 Released Requirements PEDA 1.0 is only support Linux GDB...

7.5AI score

Kitploit•added 2016/05/20 10:30 p.m.•76 views

Doork - Google Dorks Passive Vulnerability Auditor

doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks. doork can update his own database from ghdb and use it for find flaws without even contact the target endpoint. You can provide your custo...

7AI score

exploitpack•added 2015/03/25 12:0 a.m.•10 views

WordPress Plugin Marketplace 2.4.0 - Remote Code Execution (Add Admin)

WordPress Plugin Marketplace 2.4.0 - Remote Code Execution Add Admin !/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani...

0.8AI score

Kitploit•added 2014/12/29 2:44 p.m.•18 views

RPEF - Abstracts and expedites the process of backdooring stock firmware images for consumer/SOHO routers

Router Post-Exploitation Framework Currently, the framework includes a number of firmware image modules: 'Verified' - This module is confirmed to work and is stable. 'Unverified' - This module is believed to work or should work with little additional effort, but awaits being tested on a physical...

exploitpack•added 2014/12/15 12:0 a.m.•10 views

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload

WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload !/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification...

0.3AI score

Exploit DB•added 2014/12/15 12:0 a.m.•34 views

WordPress Plugin Download Manager 2.7.4 - Remote Code Execution

!/usr/bin/python Exploit Name: Wordpress Download Manager 2.7.0-2.7.4 Remote Command Execution Vulnerability discovered by SUCURI TEAM http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html Exploit written by Claudio Viviani 2014-12-03: Discovered...

Packet Storm•added 2014/12/12 12:0 a.m.•27 views

WordPress WP Symposium 14.11 Shell Upload

!/usr/bin/python Exploit Name: Wordpress WP Symposium 14.11 Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Exploit written by Claudio Viviani 2014-11-27: Discovered vulnerability 2014-12-01: Vendor Notification Twitter 2014-12-02: Vendor Notification Web Site 2014-12-04:...

Kitploit•added 2014/03/10 11:6 p.m.•17 views

[BlindElephant] Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a known web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generi...