Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...

Rainmap Lite - Responsive Web Based Interface That Allows Users To Launch Nmap Scans From Their Mobiles/Tablets/Web Browsers

Rainmap Lite - Responsive web application that allows users to launch Nmap scans from their mobiles/tablets/web browsers! Unlike it's predecessor 1, Rainmap-lite does not require special services RabbitMQ, PostgreSQL, Celery, supervisor, etc to make it easy to install on any server. You simply ne...

LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...

Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...

XenDesktop Setup Wizard fails with error "The xsPvsSiteUuid Field Does not exist"

When running the XenDesktop Setup Wizard XDSW you encounter the following error. "The xsPvsSiteUuid Field Does not exist" At this point the XDSW fails and aborts the process...

Null pointer dereference

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...

CVE-2018-1066

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...

Prithvi - A Report Generation Tool For Security Assessment

A Report Generation Tool for Security Assessment Usage This project of ours could be used for report generation and its very easy to use. It includes following features 1. We can add Owasp Types and recommendation with details. 2. We can add Multiple Projects and work on it separately. 3. We can...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

vBulletin Security Forum Setup - Hardening & Configuration

Document Title: =============== vBulletin Security Forum Setup - Hardening & Configuration References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2119 Download: https://www.vulnerability-lab.com/resources/documents/2119.txt Release Date: ============= 2018-02-20 Vulnerability...

Parat - Python Based Remote Administration Tool (RAT)

Parat is a simple remote administration tool RAT written in python. Also you can read wiki! Change log: Compatible with both python 2 and 3 versionsdont forget that may causes some error.so please share us any errors Do you want to try? Copy and paste on your terminal: git clone...

Ring video doorbells information leakage vulnerability

Ring formerly known as DoorBot video doorbells is a video-enabled smart doorbell from Ring, USA. A security vulnerability exists in Ring video doorbells. The vulnerability can be exploited by a remote attacker to obtain wireless network configuration information by pressing and holding the Setup...

Build Your Own IPsec VPN Server: Auto Setup Scripts

Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest. An IPsec VPN encrypts your network traffic, so that nobody between you and the VP...

DVWA - Damn Vulnerable Web Application

Damn Vulnerable Web Application DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

Code injection

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter...

CVE-2014-1631

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php...

lanGhost - A LAN dropbox chatbot controllable via Telegram

A LAN dropbox chatbot controllable via Telegram Installation: You will need a Raspberry Pi with fresh Raspbian/Kali on the SD card, because you don't want anything else running in the background. Boot up the Pi, get an SSH sell or connect a monitor and a keyboard and enter these commands: $ sudo...

CVE-2017-1000503

A race condition during Jenkins 2.81 through 2.94 inclusive; 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related...

CVE-2018-0507

Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...