GoldenEye v1.2.0 - Layer 7 (KeepAlive+NoCache) DoS Test Tool

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY! GoldenEye is a HTTP DoS Test Tool. Attack Vector exploited: HTTP Keep Alive + NoCache Usage USAGE: ./goldeneye.py OPTIONS OPTIONS: Flag Description Default -u, --useragents File with user-agents to use default: randomly generated -w,...

Comparison of Application Security Testing Approaches

Overview The following table lists a side-by-side comparison of different application security testing approaches. Additional rating details are available when hovering over each column. In the following, each approach is introduced. Category Automated Security Testing Manual Security Testing...

OWTF v2.4 - Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...

Security Alarm Round-up

On the last day of IFSEC 2018 I was considering just how bad the security of some alarm products is. So, two years on from this post, has this sector's security improved?… PIR jamming First up is Yale Security with their trivially jammable wireless alarm system. You can replay disarm codes, and t...

SSRF/XSPA in ImporterSetupPage

h2. A security bug has been found in Jira Server. Administrator users can test local IP addresses/ports and determine whether they're open or closed. To reproduce: h2. Initial setup - Download https://www.atlassian.com/software/jira/download, install, and start up Jira Software Server. Note: I...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2089-1)

This update for libgcrypt fixes the following issues: The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed : - Extended the fipsdrv dsa-sign and...

vulhub

It is an offensive tool for web application exploitation. The repository contains a Docker Compose file for a vulnerability environment. The tool is designed to exploit vulnerabilities in web applications. The tool is likely used for testing and demonstrating vulnerabilities in web applications. ...

Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. Web Pentest / Information Gathering: Banner Grab Whois Traceroute DNS Record Reverse DNS Lookup Zone Transfer Lookup Port Scan Admin Panel Scan Subdomain Scan CMS Identify Reverse IP Lookup Subnet Lookup Extract Page...

Cr3dOv3r v0.4 - Know The Dangers Of Credential Reuse Attacks

Your best friend in credential reuse attacks. You give Cr3dOv3r an email then it does two simple useful jobs with it: Search for public leaks for the email and returns the result with the most useful details about the leak Using haveibeenpwned API and tries to get the plain text passwords from...

Davolink DVW 3200 Router - Password Disclosure

Davolink DVW 3200 Router - Password Disclosure Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit...

Oracle Application Testing Suite Multiple Vulnerabilities (April / July 2018 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Apache Log4j 2.x before 2.8.2 due to the ability to receive serialized log events from another application. An unauthenticated,...

GangWang GPS Navigation Attack Leads Unsuspecting Drivers Astray

A proof-of-concept attack that uses realistic fake turn-by-turn navigation directions for in-car GPS systems has managed to fool drivers into following them a full 95 percent of the time in testing. Mobile navigation services are used by billions of users around the globe today. While GPS spoofin...

Humans Are the Weakest Link in Security

In our recent analysis of penetration testing engagements contained in our Penetration Risk Report, we discuss the impact that social engineering, specifically phishing, has on the ability to allow attackers insider access to compromise an organization...

producttesting.uk.com XSS vulnerability

Open Bug Bounty ID: OBB-648327 Description| Value ---|--- Affected Website:| producttesting.uk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-9070

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides ext...

CVE-2018-9070

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides ext...

Pure Blood - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter Menu Web Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Pa...

P = NP: Cloud data protection in vulnerable non-production environments

Data is the holy grail of your cloud workloads for attackers. Data breaches are the kind of breaches that make the news. With the recent European Union General Data Protection Regulations GDPR, they will make even bigger headlines. From an enterprise point of view, the most challenging aspect of...

Lynis 2.6.6 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

DEBIAN-CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informati...