Smith - A Very Quick And Very Dirty Client/Server Tool For Testing Firewalls

A client/server style agent meant for testing connectivity to and from a machine on a network. Installation python setup.py install or pip install . should install smith. Note: If you want to use the tcp/udp protocol options, you'll need to install scapy and it's dependencies. Ubuntu has 'apt-get...

The Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit SET is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy ReL1K and with a lot of help from the community it has incorporated attacks neve...

credmap v0.1 - The Credential Mapper

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. An official introductionary post can be found here . Help Me...

VMware vSphere 6.5 - Citrix Known Issues

Citrix is committed to ensuring compatibility with the latest VMware hypervisor releases. VMware released vSphere 6.5 in Nov 2016and vSphere 6.5 Update 1 in Aug 2017. Basic compatibility testing has been performed between already released Citrix products and vSphere 6.5 / 6.5 update 1.As always, ...

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

OWASP Security Shepherd - Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

Design/Logic Flaw

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control subcomponent: Test Manager for Web Apps. Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2017-3311

The CVE-2017-3311 entry affects Oracle Enterprise Manager Grid Control, specifically the Application Testing Suite component (Test Manager for Web Apps). Affected versions are 12.5.0.3, 12.5.0.2, and 12.4.0.2. The vulnerability allows an unauthenticated attacker with network access via HTTP to co...

Weapon of Mass Destruction: WMD

Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...

WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

Oracle Application Testing Suite Remote Vulnerability

The Application Testing Suite is a comprehensive, integrated testing solution that ensures the quality, scalability and availability of Web applications and Web services. A remote security vulnerability exists in Oracle Application Testing Suite. An attacker exploiting the vulnerability via the...

Operative - The Fingerprint Framework

/ / / / / / / / / / | / / \ / // / // / / / / // / // /| |/ / / / ./// ,/// |// // This is a framework based on fingerprint action, this tool is used for get information on website or enterprise target Dependency & launching pip install -r requirements.txt python operative.py Youtube how...

Malware exploit: Poisonivy

Type: Stack Buffer Overflow Author: Gal Badishi This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def...

Acunetix Release Web Site Security Pen Testing Tools Free

HTTP editor, fuzzer and sniffer tools help pen testers identify vulnerabilities London, UK – January 2016 – Hot on the release of Acunetix Version 11, pioneering web application security software Acunetix, now delivering Manual Pen Testing Tools at no cost. Penetration testers can make use of an...

17 Essential Skills for Performance Engineers

Most people in the performance engineering field agree that our skillset is derived from an intersection of disciplines that include testing, optimization, and systems engineering...

xsscrapy - XSS/SQLi Spider

Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection. From within the main folder run: ./xsscrapy.py -u http://example.com If you wish to login then crawl:...