Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

Crips - IP Tools To quickly get information about IP Address's, Web Pages and DNS records

This Tools is a collection of online IP Tools that can be used to quickly get information about IP Address's, Web Pages and DNS records. Menu Whois lookup Traceroute DNS Lookup Reverse DNS Lookup GeoIP Lookup Port Scan Reverse IP Lookup INSTALL & UPDATE Exit Whois lookup Determine the registered...

SAP BusinessObjects launch pad - Server-Side Request Forgery

SAP BusinessObjects launch pad - Server-Side Request Forgery Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack...

SAP BusinessObjects launch pad - Server-Side Request Forgery

Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack !/usr/bin/env python SAP BusinessObjects launch pad SSRF Timing Atta...

GhostInTheNet - Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan

Ultimate Network Stealther that makes Linux a Ghost In The Net and protects from MITM/DOS/scan. Properties: Network Invisibility Network Anonymity Protects from MITM/DOS Transparent Cross-platform Minimalistic Dependencies: Linux 2.4.26+ - will work on any Linux-based OS, including Whonix and...

NoSQL Exploitation Framework 2.0 - A Framework For NoSQL Scanning and Exploitation

A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for...

CVE-2017-17556

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys...

CVE-2017-17556

CVE-2017-17556 affects Synaptics TouchPad drivers (notably the SynTP.sys driver) where a debug tool can be abused by a user with administrative privileges to modify registry keys and capture keyboard scan code information. The root cause is an unprotected debug mode in the Synaptics keyboard driv...

CVE-2017-1507

IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619...

Microsoft Malware Protection Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

Check Point Gaia Operating System Threat Emulation Email Scan Bypass (sk96269)

The remote host is running a version of Gaia OS which is affected by an issue where email may bypass scanning by the Threat Emulation blade. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid105001; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date: 2017/12/04 15:43:...

Qualys Cloud Platform 8.11.2 New Features

This new patch release of the Qualys Cloud Platform, version 8.11.2, includes updates to shared platform features, Qualys Vulnerability Management and Qualys Policy Compliance SCAP scanning. Update 12/1/2017: New Vulnerability Management feature added below. Feature Highlights Cloud Platform User...

Open-Xchange: SSRF in /appsuite/api/autoconfig

FYI: This was conducted on a local install of App Suite and not the sandbox. App Suite version was: 7.8.4 Rev14 Hello, There is a possible SSRF vulnerability in the following App Suite API endpoint that will primarily allow blind port scanning of the App Suite server and any internal servers...

HOWTO: Prevent your AWS credentials and other secrets from being exposed in code repositories

Uber had AWS credentials exposed on GitHub. As thousands of other companies do. It has been known for a while that nuggets such as private keys and credentials can be found with the GitHub search functionality or with Google dorks so looking for sensitive information in GitHub repositories is not...

Do not scan fragile devices or ports

This script checks if the remote host is a SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108298...

PSFTPd Windows FTP Server Bounce Scan Vulnerability

PSFTPd Windows FTP Server is a suite of FTP server software. The software supports protocols such as FTP, FTPS and SFTP. A bounce scanning vulnerability exists in PSFTPd Windows FTP Server version 10.0.4 Build 729, which stems from the program failing to prevent the default FTP bounce scanning. A...

PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free Vulnerability

Exploit for windows platform in category dos / poc Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 10.0.4 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung...

PSFTPd Windows FTP Server 10.0.4 Build 729 Use-After-Free / Log Injection

X41 D-Sec GmbH Security Advisory: X41-2017-006 Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 10.0.4 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung Vend...