Google Debuts Continuous Fuzzer for Open Source Software

A new Google program aimed at continuously fuzzing open source software has already detected over 150 bugs. The program, OSS-Fuzz, currently in beta mode, is designed to help unearth programming errors in open source software via fuzz testing. Fuzz testing, or fuzzing is when bits of randomly...

Downloads Resources over HTTP

Overview Affected versions of xd-testing insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

[SECURITY] Fedora 25 Update: jenkins-1.651.3-2.fc25

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

[SECURITY] [DSA 3727-1] hdf5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3727-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 30, 2016 https://www.debian.org/security/faq -...

NEET - Network Enumeration and Exploitation Tool

Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and...

Spear Phishing Helper: Hemingway

Spear Phishing Helper This tool was built to allow simpler campaigns of phishing. It does not try to resolve issues with SMTP relaying or reputation but rather to allow a penetration tester or red team member to create a phishing campaign with a ready made server for the phishing. We also assume...

Vproxy - Forward HTTP/S Traffic To Proxy Instance

If you are familiar with mobile penetration testing and you did one before, you probably came across this kind of situation when you want to intercept the application HTTP or HTTPS traffic using your favorite proxy tool such as Burp Suite, Fiddler, Charles , etc. After modifying the WIFI connecti...

A for TP-Link debug Protocol TDDP）vulnerability Mining the story-vulnerability warning-the black bar safety net

I wrote this article originally in order to simplify the WiFi penetration testing research work. We want to use last year by the Core Security released WIWO, it can be a computer network interface and a WiFi Router between the establishment of a transparent channel. Research the first step is to...

AndroidNative layer file parsing vulnerability mining guide-vulnerability warning-the black bar safety net

This article to hand Q A file parsing class vulnerability discovery, for example, describes the Android Native layer file parsing type of the vulnerability discovery process Hand Q this application from the function is very large, if the use similar to the MFFA framework to dig the file parsing...

Oracle Application Testing Suite 12.4.0.2, 12.5.0.2 Multiple Vulnerabilities (cpujan2016) - Active Check

Oracle Application Testing Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Application Testing Suite Detection

Detects the installed version of Oracle Application Testing Suite. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Metasploitable3 - An Intentionally Vulnerable Machine for Exploit Testing

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3...

Learn Wi-Fi Hacking And Penetration Testing Online Course

Hacking Wi-Fi is not a trivial process, but it does not take too long to learn. If you want to learn WiFi Hacking and Penetration testing, you are at right place. Don't associate hacking as a negative, as you can learn some hacking skills yourself to secure your networks and devices. WiFi hacking...

Acunetix v11 - Web Application Security Testing Tool

London, UK – November 2016 – Acunetix, the pioneer in automated web application security software, has announced the release of version 11. New integrated vulnerability management features extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats –...

Intentionally Vulnerable Machine for Exploit Testing: Metasploitable3

Intentionally Vulnerable Machine for Exploit Testing Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development...

IBM Opens Attack Simulation Test Center

CAMBRIDGE, Ma. – IBM cut the ribbon on its new global security headquarters Wednesday that will also serve as command center for its just announced X-Force Incident Response and Intelligence Services. The centerpiece of the new 153,000-sqft facility is the company’s Cyber Range which IBM bills as...

Auditing Web Applications Firewalls: LightBulb

Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...

Decompression Bomb Testing

Decompression Bomb Testing A decompression bomb is a file designed to crash or render useless the program or system reading it, i.e. a denial of service. The files in this project can be used to test whether an application is vulnerable to this type of attack. A zip bomb, also known as a zip of...

OpenDoor - OWASP Directory Access Scanner

This application scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. This software is written for informational purposes and is an open source product under the GPL license...

What the Fuzz: Radamsa

What the Fuzz: Radamsa Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs...