Kali Linux 2.0 - The Best Penetration Testing Distribution

So, what’s new in Kali 2.0? There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments gnome, kde, xfce, mate, e17, lxde, i3wm, updated desktop environment and tools – and the list goes on. Kali Linux is Now ...

Kali Linux 2.0 Released — Download Most Powerful Penetration Testing Platform

Offensive Security, the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of Kali Linux 2.0. Kali Linux 2.0 Codename ‘Kali Sana’, an open-source penetration testing platform brings hundreds of...

HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...

Vulnerability Assessment Penetration Testing: VAPT

The set of scripts included in this package will create a Kali/SamuraiWTF type environment for the performing of Vulnerability Assessments and Penetration Testing. The goal of this project was to allow a portable set of tools to be installed onto an Ubuntu or Raspbian system, allowing the tester ...

thinksaas最新版存储xss

简要描述： 过滤不当 详细说明： 最新版下载地址http://www.thinksaas.cn/service/down/ 跟前面thinksaas最新版xss2 WooYun: thinksaas最新版xss2 thinksaas最新版xss WooYun: thinksaas最新版xss 原理都一样 吐槽下 官网不让注册帐号 就在本地测试了 前人的我测试一个现在还可以 当然 漏洞文件肯定是不一样的 漏洞文件 在app/article/action/add.php 25行中没有过滤 48行插入数据库 isLogin; switch $ts case "" : if...

BlackArch Linux v2015.07.31 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1239 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. The new ISOs include over 1230 tools for i686 and...

OWASP ZAP 2.4.1 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...

Inveigh - A Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/SMB

Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted to a Windows system as part of client...

SET v6.5 - The Social-Engineer Toolkit “Mr Robot”

The Social-Engineer Toolkit SET was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two...

Lynis 2.1.1 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans. Supported operating system...

Egress-Assess - Tool used to Test Egress Data Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: 1. Install pyftpdlib 2. Generate a server certificate and store it as "server.pem" on the same level as Egress-Assess. This can be done with the...

Damn Vulnerable iOS App: DVIA

Damn Vulnerable iOS App DVIA is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities...

Web Services Penetration Testing: WS-Attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

Dharma - A generation-based, context-free grammar fuzzer

A generation-based, context-free grammar fuzzer. Requirements None Examples Generate a single test-case. % ./dharma.py -grammars grammars/webcrypto.dg Generate a single test case with multiple grammars. % ./dharma.py -grammars grammars/canvas2d.dg grammars/mediarecorder.dg Generating test-cases a...

XSS Payload Management Framework: Sleepy Puppy

Sleepy Puppy is a cross-site scripting XSS payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time. Why Should I use Sleepy Puppy? Often when testing for client side injections HTML/JS/etc. security engineers are looking fo...

某政务服务中心系统通用型任意文件下载

简要描述： 详细说明： 深圳太极软件有限公司开发系统比较多；这款是政务服务中心系统；存在任意文件下载漏洞;这个系统的案例实在太多，都不需要我多说了 任意文件下载： /servlet/fileOpenforms?filename=/WEB-INF/WEB.xml Case: http://...//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml http://...//servlet/fileOpenforms?filename=/WEB-INF/WEB.xml...

SAP NetWeaver 7.4 - XSS

Application: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://www.sap.com Bugs: XSS Reported: 13.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 09.09.2015 Reference: SAP Security Note 2176785 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: Cross-Site Scripting, XSS...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2015:1179-1)

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes : - The library performs its self-tests when the module is complete the -hmac file is also...

At least one into the subject of mobile software vulnerabilities, some companies to grab the market does not consider security 9 0 after hacks said the hand tour“9 9% has a vulnerability” insiders suggested that the state of mobile software development of a unified standard of review-vulnerability warning-the black bar safety net

“It is a problem of the APP.” Xuhui Public Security Bureau network security detachment Bob Sergeant, record this phone the name of the software and is the“Black”of the symptoms. This is Bob the police officer and his colleagues made an experiment: they selected a certain influence of mobile phone...

Stealthy PHP Web Shell Backdoor: Weevely

Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...