ArchStrike - Security Layer for Arch Linux

An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch Linux. We follow the Arch Linux standards very closely in order to keep our packages clean,...

Firefox Security Toolkit

Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...

Mitsubishi Outlander Car's Theft Alarm Hacked through Wi-Fi

From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars. Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-i...

Heap-buffer-overflow in Mac_Read_sfnt_Resource

Project: https://github.com/freetype/freetype2-testing.git...

An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net

Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...

Heap-buffer-overflow in cid_parser_new

Project: https://github.com/freetype/freetype2-testing.git...

BurpSuiteJSBeautifier - Burp Suite JavaScript Beautifier

Most of the websites compress their resources such as JS files in order to increase the loading speed. However, security testing and debugging a compressed resource is not an easy task. This is a Burp Suite open source extension which makes it possible to beautify most of the resources properly...

XSS Hunter is Now Open Source – Here’s How to Set It Up!

Recently I opened up XSS Hunter for public registration, this was after publishing a post on how I used XSS Hunter to hack GoDaddy via blind XSS and pointed out that many penetration testers use a very limited alert box-based pentesting methodology which will not detect these types of issues. Aft...

[SECURITY] Fedora 23 Update: jenkins-1.625.3-4.fc23

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

General Purpose Fuzzer: Radamsa

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...

Remote Vulnerability Testing Framework: Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...

Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle ATS Arbitrary File Upload', 'Description' = %q This module exploits an authentication...

DSA-3586-1 atheme-services - security update

Bulletin has no description...

IBM Security AppScan Source Arbitrary Code Execution Vulnerability

IBM Security AppScan Source is a set of security testing tools for Web applications from the U.S. company IBM. IBM Security AppScan Source fails to execute the full path of the dynamic link library, allowing remote attackers can build specially crafted libraries to applications to execute arbitra...

Python Web Application XSS Scanner: XssPy

Python Web Application XSS Scanner XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After...

[SECURITY] [DSA 3583-1] swift-plugin-s3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3583-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2016 https://www.debian.org/security/faq -...

[SECURITY] Fedora 24 Update: jenkins-1.651.1-1.fc24

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

Giving Red-Teamers the Blues

Pen-testing engagements are generally a breeze for most red-teamers; roadblocks are few, despite the ones in place being expensive and often paid for by very large companies. Chris Nickerson has been running such engagements for 15 years and he sees companies that throw more money and more server...

Debian: Security Advisory (DSA-3579-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-3578-1 libidn - security update

Bulletin has no description...