NetAss2 - Network Assessment Assistance Framework

Easier network scanning with NetAss2 Network Assessment Assistance Framework. Make it easy for Pentester to do penetration testing on network. Dependencies nmap tool zmap tool Installation git clone https://github.com/zerobyte-id/NetAss2.git cd NetAss2 sudo chmod +x install.bash sudo ./install.ba...

RIPS 3.3: Scaling Security Testing to Large Teams

Data Center Edition Automated security testing with RIPS is typically performed when a new code feature is merged into the development branch. But when security scanning is shifted left to the developers who scan every single code commit, the total amount of scans increases significantly. As a...

Computrols CBAS-Web 19.0.0 Username Enumeration

Computrols CBAS-Web Username Enumeration Affected versions: 19.0.0 and below CVE: CVE-2019-10848 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Discovered by Gjoko 'LiquidWorm' Krstic Testing for non-valid...

[SECURITY] Fedora 30 Update: python35-3.5.8-2.fc30

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

OWOX, Inc.: The URL in "Choose a data source'' at "https://bi.owox.com/ui/settings/connected-services/setup/" is not filtered => reflected XSS.

Hi team, This is another report with 732987. Because it is completely independent Detail -- In the process of selecting the data source at https://bi.owox.com/ui/settings/connected-services/setup/, I found a reflected XSS. Specifically, when you click on Google Analytics, a page will appear for y...

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...

Github-Dorks - Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

Github search is quite powerful and useful feature and can be used to search sensitive data on the repositories. Collection of github dorks that can reveal sensitive personal and/or organizational information such as private keys, credentials, authentication tokens, etc. This list is supposed to ...

Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

Uptux - Linux Privilege Escalation Checks (Systemd, Dbus, Socket Fun, Etc)

Specialized privilege escalation checks for Linux systems. Implemented so far: Writable systemd paths, services, timers, and socket units Disassembles systemd unit files looking for: References to executables that are writable References to broken symlinks pointing to writeable directories Relati...

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution

!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

vulhub

It is an offensive tool for vulnerable environments. This repository, vulhub, is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a single exploit or tool, but rather a collection of vulnerable environments that can be used for testing and training purposes. The target product/service or framework is not explicitly stated, but the...

(0Day) Jenkins Extensive Testing Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Extensive Testing. Authentication is required to exploit this vulnerability. The specific flaw exists within the Extensive Testing plugin. The issue results from storing credentials in...

What is NYDFS?

NYDFS Cybersecurity Regulation, 23 NYCRR 500 On March 1, 2017, the New York State Department of Financial Services NYDFS introduced new cybersecurity regulations for financial services companies that address the growing threat posed by cyber-criminality to financial firms. They are intended to...

ThreatList: Most Retail Hardware Bug Bounty Flaws Are Critical

Almost all of hardware vulnerabilities – 90 percent – that were submitted to retail bug bounty programs so far this year were categorized as critical, showing that Point of Sale systems and other retail hardware assets remain a serious security issue. That’s due to the fact that retail hardware...

POC-T

This is a Python-based penetration testing framework called POC-T. It is designed to facilitate concurrent testing and provides a variety of features for vulnerability scanning and exploitation. The framework includes a range of built-in scripts for testing various vulnerabilities, including SQL...

Unspecified Vulnerability in CloudBees Jenkins Extensive Testing Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Extensive Testing Plugin is used in one of th...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

Snare - Super Next Generation Advanced Reactive honEypot

snare - Super Next generation Advanced Reactive honEypot Super Next generation Advanced Reactive honEypot About SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. Documentation The documentation can be found here. Basic Concepts Surface first. Focus...