AuthMatrix - A Burp Suite Extension That Provides A Simple Way To Test Authorization

AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in ...

Ruby on Rails: Server-side template injection at ujs test server

I have found in the server code for testing ujs in Rails that template injection is possible and that leads to rce. code https://github.com/rails/rails/blob/v6.0.3.2/actionview/test/ujs/server.rb ruby module UJS class Server Blade::Assets.environment get "/" = "testsindex" match "/echo" =...

Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for testing and training purposes. The primary CVE ID is not specified, but it includes various vulnerable environments based on Docker-Compose. The target product/service or framework is not...

The vulnerability of the Windows Graphics Component, which allows attackers to exploit their privileges.

The vulnerability of the Windows Graphics Component exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

The vulnerability of the Windows Graphics Component, which allows attackers to exploit their privileges.

The vulnerability of the Windows Graphics Component exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

ADB-Toolkit - Tool for testing your Android device

ADB-Toolkit is a BASH Script with 28 options and an METASPLOIT Section which has 6 options which is made to do easypenetration testing in Android Device. You can do preety much any thing with this script and test your android device is it safe or not. This script is made with the help of ADB...

Exploit for CVE-2014-4210

CVE-2014-4210 SSRF PORTSCANNER PoC Author: Aaron Mizrachi un...

PENIOT - Penetration Testing Tool for IoT

PENIOT is a penetration testing tool for Internet of Things IoT devices. It helps you to test/penetrate your devices by targeting their internet connectivity with different types of security attacks. In other words, you can expose your device to both active and passive security attacks. After...

Lazymux - A Huge List Of Many Hacking Tools And PEN-TESTING Tools

Lazymux tools installer is very easy to use, only provided for lazy termux users; it's huge list of Many Hacking tools and PEN TESTING! NOTE: Am not Responsible of bad use of this project. Requirements • Linux environment • Python 2.x • git Installation and Using Lazymux git clone...

Oracle Application Testing Suite (Jul 2020 CPU)

The versions of Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Log4j. The...

Keylogger - Get Keyboard, Mouse, ScreenShot, Microphone Inputs From Target Computer And Send To Your Mail

Inputs To Mail. Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is testing the security of information systems INSTALLATION pip install pynput USAGE •Set your own MAIL and PASSWORD on "keylogger.py". •Run main.py on Target Computer •Every 10 seconds,Y...

penetrationLean

No description...

commix

This is a PoC exploit for command injection attacks, specifically targeting web-based applications. The tool, named Commix, is designed to automate the process of testing web applications for command injection vulnerabilities. It can be used by web developers, penetration testers, or security...

PowerUpSQL

This is a PowerShell toolkit for attacking SQL Server, called PowerUpSQL. It includes functions for discovering SQL Server instances, auditing for common weak configurations, and escalating privileges on scale. The toolkit is designed for internal penetration tests and red team engagements, but c...

[SECURITY] Fedora 32 Update: python39-3.9.0~b4-1.fc32

Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable...

Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including a Flask SSTI Server-Side Template Injection vulnerability environment. The tool is designed to be easy to use, requiring only two simple commands to...

OSV-2020-800 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24051 Crash type: UNKNOWN READ Crash state: std::1::tree, std::1...

Park Ticketing Management System 1.0 - Authentication Bypass

Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...