fuxploider - File Upload Vulnerability Scanner And Exploitation Tool

fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file o...

GetGo Download Manager 5.3.0.2712 Proxy Buffer Overflow

Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712 Date: 01-02-2018 Tested on Windows 8 64 bits Exploit Author: devcoinfet Contact: https://twitter.com/wabefet Software Link: http://www.getgosoft.com/getgodm/ Category: webapps Attack Type: Remote Impac...

[SECURITY] Fedora 26 Update: python33-3.3.7-2.fc26

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

Application fuzzing in the era of Machine Learning and AI

Proactively testing software for bugs is not new. The earliest examples date back to the 1950s with the term fuzzing. Fuzzing as we now refer to it is the injection of random inputs and commands into applications. It made its debut quite literally on a dark and stormy night in 1988. Since then,...

[SECURITY] Fedora 27 Update: python33-3.3.7-2.fc27

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

WordPress Exploit Framework v1.8 - A Ruby Framework For Developing And Using Modules Which Aid In The Penetration Testing Of Wordpress

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby = 2.4.2 installed on your system and then install all required dependencies by opening a command prompt / terminal ...

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

BlueMaho v090417 - Bluetooth Security Testing Suite

BlueMaho is GUI-shell interface for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice...

Fsociety Hacking Tools Pack - A Penetration Testing Framework

A Penetration Testing Framework , you will have evry script that a hacker needs Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE InformationGathering : Nmap Setoolkit Port Scannin...

Relayer - SMB Relay Attack Script

Relayer is an SMB relay Attack Script that automates all the necessary steps to scan for systems with SMB signing disabled and relaying authentication request to these systems with the objective of gaining a shell. Great when performing Penetration testing. Relayer makes use of Unicorn from...

Username Anarchy - Username Tools For Penetration Testing

Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. This is useful for user account/password brute force guessing and username enumeration when usernames are based on the users' names. By attempting a few weak passwords across a large set ...

WordPress Clean Up Optimizer 4.0.0 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory ID: DC-2017-12-004 Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer...

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Chan

Exploit for windows platform in category local exploits --- A proof of concept injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions. Features As the Server - Enables extra menu item options on the right side pop-up menu. Most useful so...

WordPress Top-10 2.4.2 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory ID: DC-2017-12-003 Advisory Title: WordPress Top-10 Plugin SQL Injection Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Top-10 plugin...

[SECURITY] Fedora 26 Update: python35-3.5.4-2.fc26

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python35-3.5.4-2.fc27

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

OWASP ZAP 2.7.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

UPDATE: WordPress Exploit Framework v1.8!

PenTestIT RSS Feed Good news guys! We now have the WordPress Exploit Framework v1.8 amongst us! This new version fixes API compatibility with a shell upload module, updates multiple dependencies, introduces multiple API changes and adds multiple new modules and payloads! WordPress Exploit Framewo...

Akamaizing Your Dev & QA Environments

Over the last few months, I've been talking to many development and test teams who deliver their sites and applications through the Akamai Intelligent Platform. One common challenge they face is how to test their Akamai delivery configurations on the Internet against their private development and...

LaCie 5big Network 2.2.8 Command Injection Exploit

LaCie 5big Network version 2.2.8 suffers from a remote command injection vulnerability. !/usr/bin/python Exploit Title: LaCie 5big Network 2.2.8 Command Injection Date: 2017-12-04 Exploit Author: Timo Sablowski Contact: [email protected] Vendor Homepage: http://www.lacie.com Software Link:...