Lucene search
+L

311 matches found

impervablog
impervablog
added 2019/12/16 1:33 p.m.41 views

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored

The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data...

0.7AI score
Exploits0
packetstorm
packetstorm
added 2019/12/02 12:0 a.m.168 views

NSAuditor 3.1.8.0 Key Denial Of Service

Exploit Title: Nsauditor 3.1.8.0 - 'Key' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0 Vulnerability Type: Denial of Service DoS Local Tested on...

Exploits0
kitploit
kitploit
added 2019/11/03 9:24 p.m.124 views

Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)

Specialized privilege escalation checks for Linux systems. Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References to executables that are writable References to broken symlinks pointing to writeable directories Relati...

7.5AI score
Exploits0References1
kitploit
kitploit
added 2019/10/17 8:34 p.m.341 views

Dirstalk - Modern Alternative To Dirbuster/Dirb

Dirstalk is a multi threaded application designed to brute force paths on web servers. The tool contains functionalities similar to the ones offered by dirbuster and dirb. Here you can see it in action: How to use it The application is self-documenting, launching dirstalk -h will return all the...

7.6AI score
Exploits0References4
kitploit
kitploit
added 2019/10/16 12:32 p.m.927 views

Gobuster v3.0 - Directory/File, DNS And VHost Busting Tool Written In Go

Gobuster is a tool used to brute-force: URIs directories and files in web sites. DNS subdomains with wildcard support. Virtual Host names on target web servers. Oh dear God.. WHY!? Because I wanted: 1. ... something that didn't have a fat Java GUI console FTW. 2. ... to build something that just...

7.2AI score
Exploits0References2
kitploit
kitploit
added 2019/08/25 1:0 p.m.215 views

Sublert - Security And Reconnaissance Tool Which Leverages Certificate Transparency To Automatically Monitor New Subdomains Deployed By Specific Organizations And Issued TLS/SSL Certificate

Sublert is a security and reconnaissance tool that was written in Python to leverage certificate transparency for the sole purpose of monitoring new subdomains deployed by specific organizations and issued TLS/SSL certificate. The tool is supposed to be scheduled to run periodically at fixed time...

7.3AI score
Exploits0References2
kitploit
kitploit
added 2019/08/17 9:47 p.m.293 views

Dow Jones Hammer - Protect The Cloud With The Power Of The cloud(AWS)

Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities e.g. JIRA, Slack to provide quick feedback to engineers and...

7.3AI score
Exploits0References18
kitploit
kitploit
added 2019/08/01 1:8 p.m.49 views

Slurp - S3 Bucket Enumerator

Blackbox/whitebox S3 bucket enumerator Overview Credit to all the vendor packages that made this tool possible. This is a security tool; it's meant for pen-testers and security professionals to perform audits of s3 buckets. Features Scan via domains; you can target a single domain or a list of...

7.4AI score
Exploits0References1
cnvd
cnvd
added 2019/07/31 12:0 a.m.5 views

Code Injection Vulnerability in Multiple Bitdefender Products

Bitdefender Endpoint Security Tool and others are products of the Romanian company Bitdefender.Bitdefender Endpoint Security Tool is an endpoint security management tool.Bitdefender Antivirus Plus is a suite of antivirus programs that provide network threat detection and ransomware protection...

7.2CVSS7.6AI score0.00554EPSS
Exploits0References1
kitploit
kitploit
added 2019/07/20 10:0 p.m.148 views

GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How it Works During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users...

7.3AI score
Exploits0References4
malwarebytes
malwarebytes
added 2019/07/15 2:27 p.m.59 views

A week in security (July 8 – 14)

Last week on Malwarebytes Labs, we looked at ways to send your sensitive information in a secure fashion, examined some tactics in incident response land, and explored federal data privacy law. We also looked at how security tools can turn against you, and took a deep dive into the rather fiendis...

Exploits0
kitploit
kitploit
added 2019/07/08 9:57 p.m.38 views

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...

7.3AI score
Exploits0References3
kitploit
kitploit
added 2019/07/07 1:26 p.m.232 views

NetSet - Operational Security Utility And Automator

Operational Security utility and automator. NetSet is designed to automate a number of operations that will help the user with securing their network traffic. It also provides an easy way to gather proxies and run utilities through Tor. All the utilities installed and used by NetSet will be...

7.6AI score
Exploits0References2
kitploit
kitploit
added 2019/05/09 10:36 p.m.148 views

QRGen - Simple Script For Generating Malformed QRCodes

Simple Script For Generating Malformed QRCodes. These qrcodes are useful if you want to test some QRCode scanner's parser or how the application handle QRCode data. Down side of this tool: you need to manually scan codes with camera. Proof Installation What do you need: python3 qrcode Pillow...

7.9AI score
Exploits0References1
kitploit
kitploit
added 2019/04/12 9:19 p.m.267 views

GodOfWar - Malicious Java WAR Builder With Built-In Payloads

A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. try -l/--list cmdget filebrowser bindshell reverseshell reverseshellui Configurable backdoor. try --host/-port Control over payload name. To avoid malicious...

7.5AI score
Exploits0References2
kitploit
kitploit
added 2019/04/10 1:11 p.m.101 views

Mysql-Magic - Dump Mysql Client Password From Memory

The mysql client read the password, then write this for some malloc'ed memory, and free it, but just because a chunk was freed doesn't mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory. The main goal is get the password...

7.2AI score
Exploits0References1
kitploit
kitploit
added 2019/04/09 9:39 p.m.131 views

mXtract v1.2 - Memory Extractor & Analyzer

mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Screenshots Scan wi...

7.2AI score
Exploits0References3
kitploit
kitploit
added 2019/04/01 8:37 p.m.165 views

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

7.4AI score
Exploits0References6
bdu_fstec
bdu_fstec
added 2019/02/19 12:0 a.m.5 views

The vulnerability of the McAfee MVision Endpoint security solution, related to access control deficiencies, allows a perpetrator to remove the security software.

The vulnerability of the McAfee MVision Endpoint operating system security tool is related to deficiencies in access control. Exploiting this vulnerability could allow a hacker to remove the security tool...

7.4CVSS6.8AI score0.00335EPSS
Exploits0References3Affected Software1
zdt
zdt
added 2019/02/05 12:0 a.m.45 views

Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)

!/usr/bin/python Python Random Insertion Encoder Author: Aditya Chaudhary Date: 5th Feb 2019 import random import sys import argparse shellcode = "\x31\xc0\x50\x89\xe2\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80" Parse Arguments parser =...

7.4AI score
Exploits0
Rows per page
Query Builder