MODBUS Penetration Testing Framework: smod

MODBUS Penetration Testing Framework smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x...

Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2. Kali Linux is an open-source Debian-based Linux distributio...

DSA-3658-1 libidn - security update

Bulletin has no description...

Tonight Mr. Robot is Going to Reveal ‘Dream Device For Hackers’

Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it’s been the most popular TV show of its kind. Throughout season 1 and season 2, we have seen that connected devices are the entry point of...

LocalTapiola: Oracle WebCenter Sites Support Tools available and Information disclosure (/cs/Satellite)

Oracle WebCenter Sites Support Tools are available in: www.lahitapiola.fi This software is password protected, but some pages are publicly available and reveal internal information. The welcome page is located at: http://www.lahitapiola.fi/henkilo?pagename=Support/Home This page reveal data as th...

Packet Capture Generator for IDS: Sniffles

Packet Capture Generator for IDS and Regular Expression Evaluation Sniffles is a tool for creating packet captures that will test IDS that use fixed patterns or regular expressions for detecting suspicious behavior. Sniffles works very simply. It takes a set of regular expressions or rules and...

[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-6.fc23

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 24 Update: rubygem-actionpack-4.2.5.2-3.fc24

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

Cisco SNMP RCE vulnerability reproduction process-vulnerability warning-the black bar safety net

NSA data leaked, many cattle are given in the analysis report, let me benefit. As a technical noob, want to share the following analysis\eqgrp-free-file\Firewall\EXPLOITS\EXBA ideas, build vulnerability of the environment of the process and Use Conditions of the test. This article has a very stro...

Web Security testing common logic vulnerability analysis（combat article-the vulnerability warning-the black bar safety net

Logic vulnerabilities mining has always been Safety tested in the“timeless”topic. Compared toSQL injection, withXSSthe vulnerability of traditional security holes, and now the attacker is more inclined to use the business logic layer of the application security issues, such issues tend to harm th...

A simple four-step, teach you do-it-yourself porting Cisco ASA exploits EXTRABACON-vulnerability warning-the black bar safety net

! In the past few days,We carefully analysed by the Shadow Brokers leaked NSA exploit code EXTRABACON it. According to XORcat derived from the initial analysis,the exploit code can use the SNMP service memory corruption vulnerability to bypass the Cisco ASA device authentication. We in the lab fo...

[SECURITY] Fedora 25 Update: rubygem-activesupport-5.0.0.1-1.fc25

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

[SECURITY] Fedora 25 Update: rubygem-actionpack-5.0.0.1-2.fc25

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

D-TECT - Pentesting the Modern Web

D-TECT is an All-In-One Tool for Penetration Testing. This is specially programmed for Penetration Testers and Security Researchers to make their job easier, instead of launching different tools for performing different task. D-TECT provides multiple features and detection features which gather...

Lynis 2.3.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

BFAC - Backup File Artifacts Checker

An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...

PenBox v2.2 - A Penetration Testing Framework (The Hacker's Repo)

A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs. Information Gathering : nmap Setoolkit Port Scanning Host To IP wordpress user enumeration CMS scanner XSStracer - checks remote web servers for Clickjacking,...

BruteXSS - Cross-Site Scripting Bruteforcer

BruteXSS - Cross-Site Scripting BruteForcer Author: Shawar Khan The BruteXSS project is sponsored and supported by Netsparker Web Application Security Scanner Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for...

Mail.ru: [cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info'

Hi, I noticed that when we change userinfo of https://cfire.mail.ru from here: https://cfire.mail.ru/account/userinfo, there are two Anti-CSRF tokens or you can say that; they just do the work of Anti-CSRF token: - signature - submit2 Actually, I was able to bypass both Anti-CSRF tokens, and afte...

A Modular Recon Tool: RECON

Low Hanging Fruit: a Modular Recon Tool for Penetration Testing Reconnaissance is the absolute most important step in a penetration test. A good recon of the target could net you some vital information and low hanging fruit. Thus RECON was created. A set and forget type of recon scanner. No need ...