Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

Exploit-for-ImageMagick-CVE-2022-44268 A bash script for easly...

UDdup - Urls De-Duplication Tool For Better Recon

The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably repetitive and points to the same web template. For example: https://www.example.com/product/123 https://www.example.com/product/456 https://www.example.com/product/123?isprod=false...

Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware

Hikvision bypass exploit Requirements 1. github.com/levigr...

ParamSpider - Mining Parameters From Dark Corners Of Web Archives

ParamSpider : Parameter miner for humans. Key Features : Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. Saves the output result in a nice and clean manner. It mines the parameters from web...

Findomain - A Tool That Use Certificate Transparency Logs To Find Subdomains

A tool that use Certificates Transparency logs to find subdomains. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very faster and reliable. If you want to know more about...

Xerxes - DoS Tool Enhanced

Xerxes dos tool enhanced with many features for stress testing. Features Xerxes has many features, some of these features are: TLS Support HTTP header randomization Useragent randomization Multiprocessing support Multiple Attack vectors etc... Not only that but also we are aggressively developing...

AutoSploit v3.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

Open Source SIP Sniffer: pcapsipdump

Open Source SIP Sniffer pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as “tcpdump -w”, but one file per SIP session even if there is thousands of concurrent SIP sessions. Each session goes in a separate, fancy-nam...

Shellsploit - New Generation Exploit Development Kit

Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...

DHCP exhaustion attack: DHCPig

dhcpig – an advanced DHCP exhaustion attack DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1...

Extract data from pcap files: PCredz

Extract data from pcap files with PCredz This tool extracts Credit card numbers, NTLMDCE-RPC, HTTP, SQL, LDAP, etc, Kerberos AS-REQ Pre-Auth etype 23, HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. PCredz Features: Extract from a pcap file or from a live...

dreamlog-upload.txt

? / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ / --------------------------------------------------------------------- !...

atari800 Local Root Exploit

No description provided by source. / Exploit for atari800 by pi3 pi3ki31ny pi3@pi3:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? this help screen -v choose a bug: 1 - first bug in all versions Atari800 2 - second bug in older Atari800 - modiy argv0 3 -...

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service

Sun Solaris 7.0 - rpc.ttdbserver Denial of Service // source: https://www.securityfocus.com/bid/811/info It is possible to crash rpc.ttdbserver by using the old tddbserver buffer overflow exploit. This problem is caused by a NULL pointer being dereferenced when rpc function 15 is called with...