The Windows Malware Analysis Distribution: flare-vm

FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, FLARE V...

WordPress Plugin Easy Modal 2.0.17 - SQL Injection

WordPress Plugin Easy Modal 2.0.17 - SQL Injection DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL:...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory ID: DC-2017-05-006 Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove...

WordPress PressForward 4.3.0 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory WordPress PressForward Plugin Security Vulnerability Advisory ID: DC-2017-05-007 Advisory Title: WordPress PressForward Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress PressForward plugin Language: PHP...

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

BAF - Blind Attacking Framework

What is BAF ? it's a framework written in python 2.7 that is being made specially for blind attacking , ie : attacking random targets with common security issues , targets are generated by the hackers search engine "shodan" and vulnerable hosts are hacked in an automated way . this framework is...

Get Ready For The Holidays With Cloudlets

It's summer, which means it's time for hitting the beach, enjoying outdoor barbeques with friends and family, going for hiking, biking, kayaking and savoring cold craft beers. But for savvy retailers like you, summer is the ideal time to start getting your apps, websites and infrastructures ready...

Arachni v1.5.1 - Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is...

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...

MGASA-2017-0232 Updated freeradius packages fix security vulnerabilities

Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...

Updated freeradius packages fix security vulnerabilities

Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service except for CVE-2017-10988 which was later determined to not actually result in any vulnerability...

SSH MITM - SSH Man-In-The-Middle Tool

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the victim's SSH client...

Pythem - Penetration Testing Framework

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

Joomla CCNewsLetter 2.1.9 Component - sbid Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...

Joomla CCNewsLetter 2.1.9 SQL Injection

Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/ Version: = 2.1.9 Final Version Tested on: Win,Linux Google Dork: inurl:"index.php?option=comccnewsletter"...

Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection

Joomla! Component CCNewsLetter 2.1.9 - sbid SQL Injection "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...

FLARE VM: The Windows Malware Analysis Distribution You’ve Always Needed!

As a reverse engineer on the FLARE Team I rely on a customized Virtual Machine VM to perform malware analysis. The Virtual Machine is a Windows installation with numerous tweaks and tools to aid my analysis. Unfortunately trying to maintain a custom VM like this is very laborious: tools frequentl...

WSSAT - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

WebVulScan - Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the...

Ethical Hacker BootCamp: Online Training For Just $45 (99% OFF)

Not all hacking is bad hacking. How would you feel if you are offered a six-figure salary to hack computer networks and break into IT systems legally? Isn't career with such skill-set worth considering, right? With hackers and cyber criminals becoming smarter and sophisticated, ethical hackers ar...