Microsoft Confirms Serious 'PrivExchange' Vulnerability

Microsoft acknowledged an elevated privilege flaw in its Exchange Server could allow a remote attacker with a simple mailbox account to gain administrator privileges. Both a Microsoft advisory and a US-CERT alert were issued on Tuesday warning users of the elevation of privilege flaw, dubbed...

Domain Hunter - Checks Expired Domains For Categorization/Reputation And Archive.org History To Determine Good Candidates For Phishing And C2 Domain Names

Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass...

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems. Dubbed XBash, the new...

BlackWidow - A Python Based Web Application Scanner To Gather OSINT And Fuzz For OWASP Vulnerabilities On A Target Website

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. DEMO VIDEO: FEATURES: Automatically...

Pymap-Scanner - Python Scanner with GUI

Python-based port scanner with Pyqt4 user interface. Features Basic Gui Speed Scan Custom Services User Control Error Control Useful parameters And More. Installation Modules $ Pyqt4 $ Nmap RequirementsThird +xsltproc Download Pymap-Scanner...

Exitmap - A Fast and Modular Scanner for TOR Exit Relays

Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over a subset of all exit relays. If you have a background in functional programming, think of exitmap as a map interface for Tor exit relays: Modules can perform any TCP-based...

Spaghetti - Web Application Security Scanner

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

An Analytical Framework for Network Data: Flare

An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...

[SECURITY] Fedora 25 Update: deluge-1.3.15-1.fc25

Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =EF=BF=BD=EF=BF=BDTorrent-compatible Peer E xchange, an...

Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

angr:python-based binary analysis framework-vulnerability warning-the black bar safety net

Foreword Take a look at this Integrated Framework in binary code analysis of the CTF, to solve what the problem it, here is the git are listed in the solution to the CTF game: ! ! Wherein, HackCon 2016 - angry-reverser takes 31 min, SecurityFest 2016 – it takes 20s, Defcamp CTF Qualification...

Ansible Remote Command Injection Vulnerability

Ansible is a newly emerged operation and maintenance tool that is based on Python and combines the advantages of many old operation and maintenance tools to achieve batch operating system configuration, batch program deployment, batch running commands and other functions. A remote command injecti...

Bt2 - Blaze Telegram Backdoor Toolkit

bt2 is a Python-based backdoor in form of a IM bot that uses the infrastructure and the feature-rich bot API provided by Telegram, slightly repurposing its communication platform to act as a C&C. Dependencies Telepot requests Installation $ sudo pip install telepot $ sudo pip install requests PS:...

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

Zope Management Interface 4.3.7 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...

Zope Management Interface 4.3.7 - CSRF Vulnerabilities

Exploit for php platform in category web applications Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone Is a Content Management System built on top of the open source...

Zope Management Interface 4.3.7 Cross Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application...

Noriben - Your Personal, Portable Malware Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

[SECURITY] Fedora 20 Update: sagemath-6.1.1-6.fc20

Sage is a free open-source mathematics software system licensed under the GPL. It combines the power of many existing open-source packages into a common Python-based interface...