PT-2013-76: Local File Inclusion in LiveStreet CMS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in LiveStreet CMS. Insufficient validation of user input in the install\index.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may...

[Evil Foca] IPv4 and IPv6 Penetration testing tool

Evil Foca is a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks. The tool is capable to do different attacks such as: MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection. MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAA...

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files Hash Calculator Hash...

[WebSurgery] Web application security testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools Crawler, Bruteforcer, Fuzzer, Proxy, Editor and...

[Bluebox-ng] UC/VoIP Security Tool

Bluebox-ng is a next generation UC/VoIP security tool. It has been written in CoffeeScript using Node.js powers. This project is "our 2 cents" to help to improve information security practices in VoIP/UC environments. GitHub repo : https://github.com/jesusprubio/bluebox-ng IRCFreenode :...

11 Firefox Add-ons to Hack and PenTest

1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...

WordPress Simple Login Registration 1.0.1 Cross Site Scripting

Exploit Title: Cross Site Scripting WP Simple Login Registration 1.0.1 - Wordpress Date: 26 de Agosto del 2013 Exploit Author: Dylan Irzi Credit goes for: websecuritydev.com Vendor Homepage: http://envato.dropntheme.com/wp-simple-login-registration-plugin/ Tested on: Win8 & Linux Mint Affected...

[GoLismero v2.0] The Web Knife

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. The most interesting features of the framework are: Real platform independence. Tested on Windows, Linux, BSD and OS X. No native library...

[Pytbull] IDS/IPS Testing Framework

Pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS and to validate config. Download Pytbull...

[WebVulScan] Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the...

Small Businesses Lose £800 Million Per Year to Cybercrime

Small- and medium-sized businesses are losing a staggering £785 million per year to cybercrime, according to a joint report published by the Federation of Small Businesses FSB and the Home Office and Business Departments in the United Kingdom. Despite this, just fewer than 20 percent of businesse...

[SpiderFoot v2.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

[Santoku 0.4] Distribution dedicated to mobile forensics, malware analysis and security testing

Santoku includes a number of open source tools dedicated to helping you in every aspect of your mobile forensics, malware analysis, and security testing needs, including: Development Tools: Android SDK Manager AXMLPrinter2 Fastboot Heimdall src | howto Heimdall GUI src | howto SBF Flash Penetrati...

[AppUse] Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs. There is no need for installation of simulators and testing tools...

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility...

Pwn Pad Android device, Network hacking machine launched

Security tools company Pwnie Express is making a network hacking focused Android device called the Pwn Pad. The device is based on the Google Nexus 7 specs, with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Pwn Pad wi...

Pwn Pad Android device, Network hacking machine launched

Security tools company Pwnie Express is making a network hacking focused Android device called the Pwn Pad. The device is based on the Google Nexus 7 specs, with USB-based Bluetooth, Ethernet and WiFi to gauge the security of a network beyond what Google's tablet can manage on its own. Pwn Pad wi...

36 Windows Tools For Penetration Testing

Most penetration testers are using either a Mac or a Linux-based platform in order to perform their penetration testing activities.However it is always a good practice to have and a Windows virtual machine with some tools ready to be used for the engagement.The reason for this is that although...

Penetration Testing Frequently Asked Questions

You may have noticed this recent article about Googles contest that rewarded a hacker for discovering a vulnerability in Chrome. Once Google verified the vulnerability, they were able to fix the bug and issue the cash prize to the hacker. This is a very public example similar to what Coalfire Lab...

soapbox Local Root / Privilege Escalation Vulnerability

----------------------------------- soapbox 0.3.1 = Local Root Exploit ----------------------------------- Vendor URI: http://dag.wieers.com/home-made/soapbox/ Credit: Jean Pascal Pereira [email protected] Description: "Soapbox allows to restrict processes to write only to those places you want...