[AFF v0.1] Anonymous FTP Finder

Anonymous FTP Scanner AFF is a Security tool for penetration testers, network admins etc. The tool is written in Python with wxPython as GUI and compiled with Py2exe. AFF can scan large networks for Anonymous FTP Servers and regular FTP:s. Example of Anonymous FTP Server is network equipment, Mul...

Wah all the system stored xss vulnerability can be comfortably back impact thousands of hosting service providers-vulnerabilities and early warning-the black bar safety net

Brief description: Hua Zhong system discoveredXSSvulnerability, affecting thousands of hosting service providers Detailed description: Hua Zhong, the WinIIS, star outside AMAXSSvulnerability is proof many times, the estimates are now fixed. But Hua all the following vulnerabilities, the estimate ...

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app

Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves...

[TYFYP] Massive Telnet Password Tester

Commercial name: TYFYP Thank you for your password, to the honor of ADTRAN telnet banner motd welcome message. Please use it ONLY in LAN IPs. This is a very rudimentary program only for investigation purposes. Developed on Retina Display machine, so there may be UI errors in normal resolution...

[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service

Hello All, Those concerned about security of Java PaaS Platform as a Service or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle 1 Java Cloud Service 2. Among a total of 28...

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP...

[Windbgshark] Windbg extension for VM traffic manipulation and analysis

This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands. The motivation of this work came from the intention to find a handy...

[SECURITY] Fedora 19 Update: rubygem-actionmailer-3.2.13-2.fc19

Makes it trivial to test and deliver emails sent from a single service laye r...

[SECURITY] Fedora 19 Update: rubygem-actionpack-3.2.13-4.fc19

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[GoldenEye v2.0] DoS Tool

GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive and Connection: keep-alive paired with Cache-Control options to persist socket connection busting through caching when possible until it consumes all available sockets on the HTTP/S server. Usage USAGE: ./goldeneye.py...

23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

In the previous reports of Cyber Intelligence firm 'IntelCrawler' named Sergey Tarasov, a 17-year-old teenager behind the nickname "ree4", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110...

[BlackArch] Linux Distribution with 600 Security Tools

BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. The repository contains 630 tools. You can install tools individually or in groups. BlackArch is compatible with existing Arch installs. Tool List: Name | Version | Description | Homepage...

Starbucks' iOS app storing user credentials in plain text

Watch out, coffee drinkers. If you are one of those 10 million Starbucks customers, who purchases drinks and food directly from their Smartphones, this news is for you! If you use Starbucks’ official iOS app, you should know that the company is not encrypting any of your information, including yo...

Rakabulle, Advance File Binder from DarkComet RAT Developer

I hope you all still remember the famous and powerful Remote Administration Tool RAT called 'Dark Comet', developed by a French computer geek 'Jean-Pierre Lesueur', also known as 'DarkCoderSc'. However, He had closed the Dark Comet project, when the Syrian government found to be using it to track...

[Weevely v1.1] Stealth tiny PHP web shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation , and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

[SpiderFoot v2.1.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

KALI Linux 1.0.6 released; officially added Emergency Self Destruct feature

A few days back the developers of one of the most advance open source operating system for penetration testing called 'KALI Linux' announced that they were planning to include "emergency self-destruction of LUKS".They patched a utility called cryptsetup, which introduces a self destruction featur...

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...

[Xelenium] Security Testing with Selenium

Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing. Xelenium has been designed considering that it...

6 Tips to Save Time Doing Patch Management

If you spend more than a few hours a month doing patching; if you stay up until the middle of the night one Saturday each month doing patching; if you just flip on automatic updates and hope for the best; or if you email your users instructions on how to update their machines – then you’re doing ...