metasploit-framework

This is an offensive tool for Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for discovering, exploiting, and analyzing vulnerabilities in computer systems. It is widely used by security researchers and penetration teste...

ANDRAX v4 DragonFly - Penetration Testing on Android

ANDRAX is a Penetration Testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution! The development of ANDRAX began on 08/09/2016 DD/MM/YYYY only fo...

CCAT - Cloud Container Attack Tool For Testing Security Of Container Environments

Cloud Container Attack Tool CCAT is a tool fortesting security of container environments. Quick reference Where to get help : the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues : https://github.com/RhinoSecurityLabs/ccat/issues Maintained by : the Rhino Assessment Tea...

Embedded device research. The tools you’ll need

Over the last couple of years, we’ve run many courses on embedded device security. The focus is often defensive, but all the courses have an aspect of offensive: hacking demonstration and real devices so that you can understand the mindset of an attacker. To hack devices, you need tools. And the...

Ships engines, a guide for pen testers

I spent several years as a ships engineer before straying in to pen testing. Ships used to be fairly secure; they were physically isolated at sea. Satcoms were scarily expensive, usually available only to the captain for business-critical communication. Even satphone use was heavily rationed. All...

[SECURITY] Fedora 31 Update: dnsperf-2.3.2-2.fc31

This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...

Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...

ClamAV < 0.102.0 - (bytecode_vm) Code Execution Exploit

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname', 'debugprintstr', 'debugpr...

Corsy - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Usage Using Corsy is pretty simple python corsy.py -u https://example.com A delay between consecutive requests can be specified with -d option. Note: This is a beta version, features such as JSON...

Integrate Security Testing with GitHub Actions

GitHub Actions GitHub announced their own CI/CD system which is integrated into the user interface and called Github Actions. We added RIPS to the GitHub marketplace which enables you to integrate our leading code analysis directly into your GitHub workflow. It works as a security gateway and fai...

Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets

The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...

Exploit for CVE-2018-2894

Ladon Scanner for Python !Authorhttps://img.shields.io/bad...

SYS.2.2.3.A22

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

The vulnerability of the Debugger extension’s API in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the Debugger component of the Google Chrome browser’s API exists due to insufficient testing of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Chrome extension...

The vulnerability of the MagickRealloc function in the memory.c file of the cross-platform graphics library GraphicsMagick, which allows a hacker to trigger a service failure.

The vulnerability of the MagickRealloc function in the memory.c file of the cross-platform graphics library GraphicsMagick exists due to insufficient testing of input data. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the ReadOneJNGImage function (coders/png.c) in the cross-platform library for working with graphics, GraphicsMagick, allows a hacker to induce a service failure.

The vulnerability of the ReadOneJNGImage function coders/png.c in the cross-platform library for working with graphics, GraphicsMagick, exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted J...

Jaeles - The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details. Checkout Signature Repo for base signature. Usage More usage...

vulhub

It is an offensive tool for web application security training. The tool is a collection of pre-built vulnerable docker environments, Vulhub, which can be used to test and train web application security skills. The tool is designed to be easy to use, with a simple installation process and a...

4 Best Free Online Security Tools for SMEs in 2020

Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar in 2020. Solely in t...

CVE-2019-3640

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity...