Discover - Custom Bash Scripts Used To Automate Various Penetration Testing Tasks Including Recon, Scanning, Parsing, And Creating Malicious Payloads And Listeners With Metasploit

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit. For use with Kali Linux and the Penetration Testers Framework PTF. Lee Baird @discoverscripts Jay "L1ghtn1ng" Townsend...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...

Cotopaxi - Set Of Tools For Security Testing Of Internet Of Things Devices Using Specific Network IoT Protocols

Set of tools for security testing of Internet of Things devices using protocols like: CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP. Installation: Simply clone code from git: https://github.com/Samsung/cotopaxi Requirements: Currently Cotopaxi works only with Python 2.7.x, but future versions will work al...

Security testing guide for JSON / REST APIs #1/3

Fuzzing is everything ; It’s the most useful and resultative hacking technique for sure. At the same time, fuzzing is not just random hitting applications or binaries with some random bytes. It’s more about ideas, a deep understanding of data formats and application flows, technology stacks, and ...

CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10448

CVE-2019-10448 affects the Jenkins Extensive Testing Plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. This allows disclosure to anyone with Extended Read permission or with access to the master file system. The core issue is plaintext credential stor...

PT-2019-11842 · Jenkins · Jenkins Extensive Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Extensive Testing Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or...

The vulnerability of the OpenJDK project for the Java programming language stems from inadequate access control mechanisms, allowing attackers to trigger a service failure.

The vulnerability of the OpenJDK project for the Java programming language is related to insufficient testing of serial streams before exception deserialization. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the docker build mechanism, a tool for automating the deployment and management of applications in containerized environments, allows an attacker to gain unauthorized access to information, cause service failures, or affect the availability of information.

The vulnerability of the docker build mechanism, a tool for automating the deployment and management of applications in containerized environments, is related to insufficient testing of arguments passed in commands. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

Ajenti Remote Command Execution Vulnerability

Ajenti is a web control panel written in python and angularjs. Ajenti suffers from a remote command execution vulnerability. An attacker can execute commands on a local monitoring server while testing...

Exploit for Improper Privilege Management in Cloudcti Hip_Integrator_Recognition_Configuration_Tool

Author: Arn Vollebregt Introduction Creativity is at the c...

SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers

SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing - The ability to send a mail on behalf of an internal user Relay - Using this SMTP server to send email to other address outside of the organization user enumeration - using the SMTP VRFY command to check if...

Introducing Serverless Computing at the Edge with Akamai EdgeWorkers

For the first time, Akamai is introducing an all-new serverless compute capability to help you customize web traffic, expanding the possibilities of personalized engagement with your customers while putting the flexibility and control in the hands of your developers. Developers can now manipulate...

Patching as a social responsibility

In the wake of the devastating NotPetya attack, Microsoft set out to understand why some customers weren’t applying cybersecurity hygiene, such as security patches, which would have helped mitigate this threat. We were particularly concerned with why patches hadn’t been applied, as they had been...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is used to exploit a vulnerability in the Windows SMB service, specifically the MS08-067 NetAPI vulnerability. The module is designed to run on the Metasploit Framework and can be used to test the...

HCL AppScan Source Code Issue Vulnerability

HCL AppScan Source is a suite of dynamic analysis and testing tools from HCL India, which is mainly used for web security testing. A code issue vulnerability exists in HCL AppScan Source versions prior to 9.03.13. The vulnerability stems from an improperly designed or implemented code development...

Enhanced API Scanning with Postman Support in Qualys WAS

Due to the fast-growing usage of REST APIs, having a way to test them for vulnerabilities in an automated, reliable way is more important than ever. Automated testing of APIs is a little trickier than for web applications. You can't simply enter a starting URL for the scanner and click "Go"...