21 matches found
claude-code-pentest
claude-code-pentest 6 Claude Code skills that automate th...
Omise: PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine
The vulnerability involved the exposure of personally identifiable information PII, specifically email addresses, through an email confirmation link used by Omise. The email address was embedded directly in a token that was visible in the URL. This token was subsequently archived by the Wayback...
Internet Archive (Archive.org) Goes Down Following “Power Outage” (Updated)
The Internet Archive Archive.org, home to the Wayback Machine, is temporarily offline due to a reported power outage.…...
Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
Those who hacked the Internet Archive haven't gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at...
Internet Archive Breach Exposes 31 Million Users
The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital—and legal—attacks...
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance"Reconnaissance phase. And in...
WebSecProbe - Web Security Assessment Tool, Bypass 403
A cutting-edge utility designed exclusively for web security aficionados, penetration testers, and system administrators. WebSecProbe is your advanced toolkit for conducting intricate web security assessments with precision and depth. This robust tool streamlines the intricate process of...
Xurlfind3R - A CLI Utility To Find Domain'S Known URLs From Curated Passive Online Sources
xurlfind3r is a command-line interface CLI utility to find domain's known URLs from curated passive online sources. Features Fetches URLs from curated passive sources to maximize results: AlienVault's OTX BeVigil Common Crawl URLScan Github Intelligence X Wayback Machine With Wayback Machine,...
Arsenal - Recon Tool installer
Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...
Planet Labs: Api data leak
A security vulnerability was identified where sensitive API keys were exposed through archived data accessible via the Wayback Machine. Some of these API keys were found to be valid...
Logitech: Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r=
Heyy there, After reading the disclosed report 1178239, I started to look for bypasses but I found that it's restricted to only streamlabs.com and merch.streamlabs.com , providing any other domain or subdomain of streamlabs.com gives an error instead of the 302 redirect. From wayback machine...
Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...
Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...
Waybackurls - Fetch All The URLs That The Wayback Machine Knows About For A Domain
Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for .domain and output them on stdout. Usage example: ▶ cat domains.txt | waybackurls urls Install: ▶ go get github.com/tomnomnom/waybackurls Credit This tool was inspired by @mhmdiaa's waybackurls.py script. Thanks...
Sigurls - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine
sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h | | / | |/ | | | | '| / | \ \ | | | || | | | \ \ |/|, |,|| ||/ v1.3.1 |/ USAGE: sigurls...
Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...
Rock-ON - An All In One Recon Tool That Will Just Get A Single Entry Of The Domain Name And Do All Of The Work Alone
Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a...
Sn0Int - Semi-automatic OSINT Framework And Package Manager
sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the result...
The Offensive Web Application Penetration Testing Framework: TIDoS
TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...
Waybackpack - Download the entire Wayback Machine archive for a given URL
Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL. For instance, to download every copy of the Department of Labor's homepage through 1996 which happens to be the first year the site was archived, you'd run: waybackpack dol.gov -d...