2720 matches found
habu - Network Hacking Toolkit
Habu is to teach and learn some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the...
BinaryAlert - Serverless, Real-time & Retroactive Malware Detection
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...
CoMisSion: Open Source WhiteBox CMS Analysis Tool
PenTestIT RSS Feed Less than a week ago, an open source white-box CMS analysis tool was released - CoMisSion. I had covered a similar local web application vulnerability scanner - pyfiscan. This new tool tends to automate a lot of tasks that help you analyze a CMS setup and tend to be long, tedio...
Create a Fake AP and Sniff Data: mitmAP
A python program to create a fake AP and sniff data new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet Tshark Full featured access point, with configurable speed limit mitmproxy Wireshark DNS Spoofing Saving results...
Serverless, Real-time Malware Detection: BinaryAlert
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...
maltran - Tool To Download Malware Exercises From MALware-TRaffic-ANalysis.net
This tool was developed with the purpose of furthering and organizing access to traffic analysis exercises and malware files captured and published almost daily. Maltran makes the views and downloads exercises and malspams easier in an extremely simple and organized way. Visit website...
CloudFail - Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by CloudFlare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases. 1. Misconfigured DNS scan usin...
Response Wrapping Attacks
Python3-saml is vulnerable to response wrapping attacks. These attacks are possible in environments supporting EncryptedAssertion. The signature validation didn't verify the the number of locations and signed elements matched the expected numbers...
External XML Entity (XXE) Attacks
python3-saml is vulnerable to external XML entity XXE attacks. These attacks are possible through the abuse of XML...
probeSniffer - A Tool for Sniffing Unencrypted Wireless Probe Requests from Devices
| | \ / | \ / / | | | | |/ | \ | o | D | | o / | || || | / | D | /| /| O | | \ | | || || | | || | / | | | | | O | / \ | | || || | | | \ | | | . | | | \ | | || || | | | | | . \ || |||/|||||||| || |||| v2.1 by David SchĂźtz @xdavidhu A tool for sniffing unencrypted wireless probe requests...
Exploit for Code Injection in Samba
SambaHunter It is a simple script to exploit RCE for Samba CV...
Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1
April 12, 2017 Alexey Shabalin 1.8.18-alt1 - 1.8.18 - fixed CVE-2017-7233,CVE-2017-7234...
Failed to load module [veeamsnap] | Failed to load module [blksnap]
Challenge A Veeam Agent for Linux backup job fails with either of the following errors: Failed to load module veeamsnap with parameters zerosnapdata=1 debuglogging=0 The number of parameters listed in the error may vary depending on Veeam Agent for Linux version. Failed to load module blksnap Cau...
Grails PDF Plugin 0.6 - XML External Entity Injection
Exploit Title: Grails PDF Plugin 0.6 XXE Date: 21/02/2017 Vendor Homepage: http://www.grails.org/plugin/pdf Software Link: https://github.com/aeischeid/grails-pdfplugin Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/grails-pdf-plugin-xxe...
ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors...
Security fix for the ALT Linux 9 package python3-module-django version 1.8.17-alt1
Feb. 2, 2017 Alexey Shabalin 1.8.17-alt1 - 1.8.17 - fixed CVE-2016-9013,CVE-2016-9014...
Security fix for the ALT Linux 10 package python3-module-django version 1.8.17-alt1
Feb. 2, 2017 Alexey Shabalin 1.8.17-alt1 - 1.8.17 - fixed CVE-2016-9013,CVE-2016-9014...
openSUSE Security Update : python3-sleekxmpp (openSUSE-2017-137)
This update for python3-sleekxmpp fixes the following issues : - Check the origin of roster pushes 2015-8688, 2016-9928, boo1014976. Also see https://gultsch.de/gajimrosterpushandmessageinterce ption.html - An error in legacyauth support was fixed %NASLMINLEVEL 70300 C Tenable Network Security,...
mitmAP - Simple Tool to Create a Fake AP and Sniff Data
| / \ | \ | | / /\ | |/ / | ' | | | ' | || / | | | | | | | || | | | | | | | || | || || ||||| || || |/| 2.1 A python program to create a fake AP and sniff data. new in 2.0: SSLstrip2 for HSTS bypass Image capture with Driftnet TShark for command line .pcap capture Features: SSLstrip2 Driftnet...
Fedora Update for python3 FEDORA-2016-c843c68c77
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...