OWASP ZAP 2.6.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

Exploit Pack - Penetration Testing Framework

Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what's really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining...

I can Haz TLS 1.3 ?

Everybody wants to be able to use TLS 1.3. Among the reasons are: It's faster - being able to reconnect to a server you've previously used, and saving a full round-trip latency is impressive. It's more reliable - the protocol has been cleaned up and simplified. For example, the related concepts o...

Dropbox: Dropbox employee benefits documents are available in a test Dropbox folder

This report pointed out that we had left a shared link to a copy of our employee benefits documentation in a particular iOS build. This link was likely used for ad-hoc testing at some point and accidentally left in the build. While there is little security risk here, we removed the link from...

CyberScan - Tool To Analyse Packets, Decoding , Scanning Ports, And Geolocation

CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including latitude, longitude , region , country ... Operating Systems Supported Windows XP/7/8/8.1/10 GNU/Linux MacOSX Installation You can download CyberSc...

drinkme - Shellcode Testing Harness

drinkme is a shellcode test harness. It reads shellcode from stdin and executes it. This allows pentesters to quickly test their payloads before deployment. Formats drinkme can handle shellcode in the following formats: "0x" "\x" "x" "" For example, NOP could be represented as any of "0x90",...

CVE-2016-4924

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

Design/Logic Flaw

By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion...

Information disclosure

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

CVE-2016-4924 vMX: Information leak vulnerability

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

TYPO3 Extension Restler 1.7.0 - Local File Disclosure

Exploit Title: Typo3 Restler Extension - Local File Disclosure Date: 2017-10-13 Exploit Author: CrashBandicot @dosperl Vendor Homepage: https://www.aoe.com/ Software Link: https://extensions.typo3.org/extension/restler/ Tested on : MsWin Version: 1.7.0 last Vulnerability File : getsource.php 3...

Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software

A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...

中兴集成多业务路由器-ZXR10 1800-2S 敏感信息泄露漏洞

介绍 ZXR10 1800-2S 路由器是中兴通讯推出的集路由、交换、无线、安全、 VPN 于一体的智能集成多业务路由器产品，凭借模块化、可扩展的系统架构，为用户构建智能、高效、可靠、灵活、易维的网络。 该路由器可广泛灵活的适用于大客户接入、 DCN、园区网、校园网、政企网的出口网关、企业的总部/分支接入、金融网点、移动办公室、行业网纵向网的汇聚/接入等网络。 CVE/CNVD/CNNVD & 厂商回应 CVE-2017-10930...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

How I discovered CVE-2017-13707

New Vulnerability Found Using Techniques Taught at Black Hat USA One of the topics I teach in Coalfires Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initia...

UPDATE: WarBerryPi Version 5.1b!

PenTestIT RSS Feed My last post pertaining to this Red Teaming Hardware Implant was about an updated version. This post also covers the changes made to two versions since my last post about the WarBerryPi v5. We now have an updated release for the Raspberry Pi based hardware implant allowing you ...

habu - Network Hacking Toolkit

Habu is to teach and learn some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing. Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the...

SMBMap - Samba Share Enumeration Tool

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

blueborne-CVE-2017-1000251-POC Just cloned GitLab...

CipherScan - Find out which SSL ciphersuites are supported by a target

Cipherscan tests the ordering of the SSL/TLS ciphers on a given target, for all major versions of SSL and TLS. It also extracts some certificates informations, TLS options, OCSP stapling and more. Cipherscan is a wrapper above the openssl sclient command line. Cipherscan is meant to run on all...