311 matches found
Is a Consolidated Approach Better for WAAP Security?
By Owais Sultan A WAAP security tool is an expanded WAF capable of integrating, observing, and taking action intuitively when needed. This is a post from HackRead.com Read the original post: Is a Consolidated Approach Better for WAAP Security?...
Rootend - A *Nix Enumerator And Auto Privilege Escalation Tool
rootend is a python nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit our websitehttps://www.twelvesec.com/ Written by: nickvourd twitter maldevel twitter servo Usage Enumeration & Automation Privilege Escalation tool. rootend is an open source tool...
jwtXploiter - A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...
Cobalt Strike Vulnerability Affects Botnet Servers
Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But its also used by attackers -- from criminals to governments -- to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the...
Fortinet FortiPortal Trust Management Issue Vulnerability
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...
[eBook] 7 Signs You Might Need a New Detection and Response Tool
It's natural to get complacent with the status quo when things seem to be working. The familiar is comfortable, and even if something better comes along, it brings with it many unknowns. In cybersecurity, this tendency is countered by the fast pace of innovation and how quickly technology becomes...
The vulnerability of the IBM Security Guardium security tool lies in its lack of protection for website structures, allowing attackers to gain unauthorized access to the protected information.
The vulnerability of the IBM Security Guardium security tool is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the protected information...
CMSmap
This is an open-source Python tool called CMSmap, designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool is still in its early stages and may contain bugs or flaws. The primary purpose of CMSm...
jexboss
Exploit module/targeting JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. The provided code is a Python script that appears to be a tool for testing and exploiting vulnerabilities in JBoss Application Server and other Java-based platforms. The script is written i...
Bitdefender Endpoint Security Tool 安全漏洞
Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in versions prior to Bitdefender Endpoint Security Tools 6.6.23.320, which stems from the presence of improper access control that allows a normal user...
Corsair_Scan - A Security Tool To Test Cross-Origin Resource Sharing (CORS)
Corsairscan is a security tool to test Cross-Origin Resource Sharing CORS misconfigurations. CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. If this is not properly configured,...
Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease
An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...
Security Bulletin: A vulnerability has been identified in IBM Elastic Storage Server where an attacker could cause a denial of service (CVE-2020-5015)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage Server that could allow an attacker to cause a denial of service. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-5015 DESCRIPTION: IBM Elastic Storage System could allow a...
Girsh - Automatically Spawn A Reverse Shell Fully Interactive
Who didn't get bored of manually typing the few lines to upgrade a reverse shell to a full interactive reverse shell tty spawn, stty size ..., stty raw -echo or typing the command to use ConPTY. Description With Girsh, just run it and it will detect the OS and execute the correct commands to...
Exploit for Improper Restriction of XML External Entity Reference in Apache Solr
注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-06 新增DVR 摄像头exp 新增Nexus Repository Manager exp。修改默认线程数为20。增加超时时间。增加界面显示shell的路径。修复cookie bug 2021-03-03 修复某些类延时时间过短导致漏洞检测不准确。下一个版本将调整默认线程数字预计是20或者10 2021-02-27 ...
Tritium - Password Spraying Framework
A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. Background Although many Kerberos password spraying tools currently exist on the market, I found it difficult to find tools with the following built-in functionality: The ability to prevent users fr...
Git-Wild-Hunt - A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt
A tool to hunt for credentials in the GitHub wild AKA githunt Getting started 1. Install the tool 2. Configure your GitHub token 3. Search for credentials 4. See results cat results.json | jq Installation requirements: virtualenv, python3 1. git clone https://github.com/d1vious/git-wild-hunt &&...
Wprecon - A Vulnerability Recognition Tool In CMS Wordpress, 100% Developed In Go
Hello! Welcome. Wprecon Wordpress Recon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Notice: Why is the project out of updates these days ?! What happens is that I am doing the vulnerability scanner. Branch Dev Compile and Install Features Random Agent Detection WA...
Malicious Software Infrastructure Easier to Get and Deploy Than Ever
Simple to use and deploy offensive security tools, making it easier than ever for criminals with little technical know-how to get in on cybercrime are seeing a significant rise, researchers say. Recorded Future just released findings from its regular year-end observations of malicious...
Go365 - An Office365 User Attack Tool
Go365 is a tool designed to perform user enumeration and password guessing attacks on organizations that use Office365 now/soon Microsoft365. Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use. When queried with an email address and password, the...