7422 matches found
The YAWAST Antecedent Web Application Security Toolkit
The YAWAST Antecedent Web Application Security Toolkit YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues...
Microsoft Unveils Cloud-Based Fuzz-Testing Service
Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities. The service, announced at this week’s Microsoft 2016 Ignite technology conference in Atlanta, combines artificial intelligence and...
Droid-Hunter - Android Application Vulnerability Analysis And Android Pentest Tool
.---. .----------- / \ / ------ / / \ / ----- ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ' / --- ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : --- ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / / '-- By HaHwul // //..\ www.hahwul.com ====UU====UU==== https://github.com/hahwul/droid-hunter '//||\ ''...
Microsoft Exchange Sensitive Data Search: MailSniper
Microsoft Exchange Sensitive Data Search MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms passwords, insider intel, network architecture information, etc.. It can be used as a non-administrative user to search their own...
WSSAT - Web Service Security Assessment Tool
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...
BLACKBOx - A Penetration Testing Framework
Password Attacks: MD5 CRACKER SHA1 CRACKER SHA224 CRACKER SHA256 CRACKER SHA384 CRACKER SHA512 CRACKER MSSQL2000 CRACKER MSSQL2005 CRACKER MYSQL323 CRACKER MYSQL41 CRACKER ORACLE11 CRACKER Web Hacking : Wordpress Bruteforce – Bruteforce wordpress panel FTP Bruteforce – Bruteforcing FTP LOGIN SSH...
CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance ESA devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debuggin...
CVE-2016-6406
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance ESA devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debuggin...
Cisco Email Security Appliance Internal Testing Interface Vulnerability
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to obtain complete control of an affected device. The vulnerability is due to the presence of a Cisco internal testing and debugging interface intended for use during...
DSA-3671-1 wireshark - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3671-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mock Local Elevation of Privilege Vulnerability
The mock is a test method that creates a virtual object for some objects that are not easy to construct or obtain for testing purposes. A local elevation of privilege vulnerability exists in mock. A local attacker can exploit the vulnerability to gain higher privileges...
Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure
Bruce Schneier talks to Mike Mimoso about information he was given regarding an increase in DDoS and probing attacks targeting companies running core internet infrastructure in an attempt to test their defenses. For some additional context about this conversation, read an article by Schneier on...
WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)
It is possible to modify a POST request to overwrite user meta including 'wpcapabilities' and 'wpuserlevel' which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found...
Mobile APP vulnerabilities automated detection platform construction-vulnerability warning-the black bar safety net
Preface: this article is the mobile APP Client Security The notes of the series of original articles in the first article, mainly about enterprise mobile APP automated vulnerability detection platform construction, mobile APP vulnerability detection history with cutting-edge technology, the APP...
swarm - A Modular Distributed Penetration Testing Tool
Swarm is an open source modular distributed penetration testing Tool that use distributed task queue to implement communication in the master-slave mode system and use MongoDB for data storage. It consists of a distributed framework and function modules. The function module can be an entirely new...
CodeWarrior - Just Another Manual Code Analysis Tool And Static Analysis Tool
Just another manual code analysis tool and static analysis tool Codewarrior runs at HTTPd with TLS, uses KISS principle https://en.wikipedia.org/wiki/KISSprinciple Directories: web/ = local of javascripts and html and css sources src/ = C source code, this code talking with web socket eggs/ =...
Intercepting Proxy for Performing Web Application Security Testing: The Pappy Proxy
Intercepting Proxy for Performing Web application security testing The Pappy P roxy A ttack P roxy P rox Y Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite . However, Burp Suite is neither open...
Kali Linux 2016.2 - The Best Penetration Testing Distribution
This release brings a whole bunch of interesting news and updates into the world of Kali. New KDE, MATE, LXDE, e17, and Xfce Builds Although users are able to build and customize their Kali Linux ISOs however they wish, we often hear people comment about how they would love to see Kali with...
DSA-3653-2 flex - security update
Bulletin has no description...