rbndr - Simple DNS Rebinding Service

rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...

[SECURITY] Fedora 27 Update: dnsperf-2.1.0.0-11.fc27

This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...

Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

Don't install Intel's patches for Spectre and Meltdown chip vulnerabilities. Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches, which Linux creator Linus Torvalds calls 'complete and utter garbage.' Spectre and Meltdown are security...

Moodle Unauthorized Access Vulnerability (CNVD-2018-02377)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in the testing web service in Moodle version 3.x. The...

USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Critical Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubunt...

Autorize - Automatic Authorization Enforcement Detection Extension For Burp Suite

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic...

OWASP Top 10 2017 is Released

The Journey to the New and Improved Ten Most Critical Web Application Security Risks It was not too long ago that protecting your web server infrastructure consisted of simply placing the servers in their own zone behind the firewall and just opening a couple of ports. Outside of endpoint...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

Introduction This is an automated test tool for the CVE-2017...

FuzzerLocal

This is yet a simple fuzzer written in Python that bruteforce a local binary using a De Bruijn pattern and xRand to trigger Segmentation faults, also it tries to guess the arguments using an Alphabet and Random list. Fuzzer Author: Juan Sacco Date and time: 18 Jan 2018 import argparse import os...

One-Lin3r - Gives you one-liners that aids in penetration testing operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper: Give it an...

Zomato Clone Script Arbitrary File Upload

Zomato Clone - Arbitrary File Upload Date: 16.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda/ Version: N/A Category: Webapps Tested on: Windows 10...

GTScan - The Nmap Scanner for Telco

The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco The current security interconnect security controls might...

Lynis 2.5.9 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

OWASP-Nettacker - Automated Penetration Testing Framework

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols...

Fedora 27 : couchdb / erlang-jiffy (2017-a20d92573b)

CouchDB ver. 1.7.1 - Fixed CVE-2017-12635 - Fixed CVE-2017-12636 - Switched to eunit for testing - Erlang 20 compatible Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

RFCrack - A Software Defined Radio Attack Tool

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc... Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Support for...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, but the target is not specified in the provided code. The module is written in Ruby and uses the Metasploit framework to interact with the...

cSploit Android - The most complete and advanced IT security professional toolkit on Android

cSploit is a free/libre and open source GPLed Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments on a mobile device. See more at www.cSploit.org. Features Map you...

Network Infrastructure Penetration Testing: SPARTA

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

USN-3522-2: Linux (Xenial HWE) vulnerability | Cloud Foundry

Severity Critical Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3522-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu...