Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

Exploit for Classic Buffer Overflow in Microsoft

This is a Python script that exploits the CVE-2017-7269 vulnerability in IIS servers. The script sends a specially crafted HTTP request to the target server, which triggers a remote code execution vulnerability. The script then receives the response from the server and prints it to the console...

Pen Testing Ships. A year in review

Partially driven by the upcoming inclusion of Cyber Security by the IMO International Maritime Organisation, 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing,...

DVNA - Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application DVNA is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at...

RiskAssessmentFramework - Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework's Static...

Managing Web Application Security

Web application scanners using dynamic application security testing DAST methods are ideal at identifying common vulnerabilities such as cross-site scripting, SQL injection, command execution and more. When used in conjunction with whitebox static application security testing SAST results that...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points include docker-compose build and run commands. Notable...

Pown.js - A Security Testing An Exploitation Toolkit Built On Top Of Node.js And NPM

Pown.js is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in Pown is in fact a standalone NPM module allowing greater degree of reuse and...

huskyCI - Performing Security Tests Inside Your CI

huskyCI is an open-source tool that performs security tests inside CI pipelines of multiple projects and centralizes all results into a database for further analysis and metrics. How does it work? The main goal of this project is to help development teams improve the quality of their code by...

Integrate Security Testing with GitHub Actions

GitHub Actions GitHub announced their own CI/CD system which is integrated into the user interface and called Github Actions. We added RIPS to the GitHub marketplace which enables you to integrate our leading code analysis directly into your GitHub workflow. It works as a security gateway and fai...

SYS.2.2.3.A22

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

RIPS 3.3: Scaling Security Testing to Large Teams

Data Center Edition Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

vulhub

It is an offensive tool for vulnerable environments. This repository, vulhub, is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The...

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware...

Cotopaxi - Set Of Tools For Security Testing Of Internet Of Things Devices Using Specific Network IoT Protocols

Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work al...

HCL AppScan Source Code Issue Vulnerability

HCL AppScan Source is a suite of dynamic analysis and testing tools from HCL India, which is mainly used for web security testing. A code issue vulnerability exists in HCL AppScan Source versions prior to 9.03.13. The vulnerability stems from an improperly designed or implemented code development...

DNS Rebinding Tool - DNS Rebind Tool With Custom Scripts

Inspired by @tavisio This project is meant to be an All-in-one Toolkit to test further DNS rebinding attacks and my take on understanding these kind of attacks. It consists of a web server and pseudo DNS server that only responds to A queries. The root index of the web server allowes to configure...

Exploit for Use After Free in Microsoft

ispy ispy : Eternalbluems17-010/BluekeepCVE-2019-0708 S...