Search the Community

Showing results for tags 'application'.

The search index is currently processing. Current results may not be complete.


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Premium Accounts
  • Modders Section
  • PRIV8-Section
  • Cracking Zone PRIV8
  • Carding Zone PRIV8

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 23 results

  1. With PlayTube users can view & Interact with lasted videos and like and comment and more, now using the application is easier, and more fun! PlayTube is easy, secured, and it will be regularly updated. Demo: [Hidden Content] [HIDE][Hidden Content]]
  2. Combine with all powerful tools like Messenger BOT Builder, Comment BOT Builder, Messenger Broadcaster, Facebook Poster, RSS Poster, Existing Messenger Subscribers Import,SMS marketing, search marketing, comparison marketing & many other features , XeroChat is the best choice for your daily marketing solutions. The best part of this system is you can broadcast Promotional Message to Messenger Subscribers. Demo: [Hidden Content] [HIDE][Hidden Content]]
  3. dEEpEst

    Top Android hacking application

    Top Android hacking application [Hidden Content]
  4. Web Security Dojo Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want to transform their stock Ubuntu into a virtual dojo. Bow to your sensei! Features vulnerable web applications common web security testing tools popular industry web application security guidelines walk-throughs of several targets (no peeking ahead) no Internet-connect required to use username: dojo password: dojo To install Dojo you first install and run VirtualBox 5 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox. The OVA should also be able to be imported and used in various VMware tools, but we do not support this directly at this time. [HIDE][Hidden Content]]
  5. BUILD PROFESSIONAL APPS BRIDGING THE GAP BETWEEN BUSINESS AND IT WITH A CODE ABSTRACTION RULE YOU WON'T NEED HELP OF AN EXPERT DEVELOPER. ONE LICENSE INFINITE APPS YOUR IDEA. YOUR APP DEPLOYED FOR SEVERAL DEVICES. NO ROYALTIES. ONE PROJECT, MULTI-PLATFORM DEPLOY FOR DIFFERENT OS AND DIFFERENT DEVICES, SHARING COMPATIBILITY. WE HAVE BEAUTIFUL ICON SETS AND THEMES YOU CAN USE IT TO START YOUR APP INTERFACE. [Hidden Content] [HIDE][Hidden Content]]
  6. [Hidden Content] [HIDE][Hidden Content]] Pass: level23hacktools.com
  7. This Metasploit module exploits SQL injection and command injection vulnerabilities in the ManageEngine Application Manager versions 14.2 and below. View the full article
  8. WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… Changelog v1.5.4 minor update to Cloudflare detection via issue #299 [HIDE][Hidden Content]]
  9. This Project Developed For 2 Reasons First " Help Beginners to learn coding . " Second " Help Newbie Servers Managers To Learn New Protection Tricks " Requirements PHP PHP CUrl OS Linux [HIDE][Hidden Content]]
  10. YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues. Information Disclosure – Checks for common information leaks. Presence of Files or Directories – Checks for files or directories that could indicate a security issue. Common Vulnerabilities Missing Security Headers This is meant to provide an easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests. It is especially useful when used in conjunction with Burp Suite (via the –proxy parameter). Changelog v0.8.0b4 Various improvements Like a Gem: pip3 install yawast Via Docker: docker pull adamcaudill/yawast It’s strongly recommended that you review the installation documentation, to make sure you have the proper dependencies. Tests The following tests are performed: (Generic) Info Disclosure: X-Powered-By header present (Generic) Info Disclosure: X-Pingback header present (Generic) Info Disclosure: X-Backend-Server header present (Generic) Info Disclosure: X-Runtime header present (Generic) Info Disclosure: Via header present (Generic) Info Disclosure: PROPFIND Enabled (Generic) TRACE Enabled (Generic) X-Frame-Options header not present (Generic) X-Content-Type-Options header not present (Generic) Content-Security-Policy header not present (Generic) Public-Key-Pins header not present (Generic) X-XSS-Protection disabled header present (Generic) SSL: HSTS not enabled (Generic) Source Control: Common source control directories present (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml (Generic) Presence of sitemap.xml (Generic) Presence of WS_FTP.LOG (Generic) Presence of RELEASE-NOTES.txt (Generic) Presence of readme.html (Generic) Missing cookie flags (Secure, HttpOnly, and SameSite) (Generic) Search for files (14,169) & common directories (21,332) (Apache) Info Disclosure: Module listing enabled (Apache) Info Disclosure: Server version (Apache) Info Disclosure: OpenSSL module version (Apache) Presence of /server-status (Apache) Presence of /server-info (Apache Tomcat) Presence of Tomcat Manager (Apache Tomcat) Presence of Tomcat Host Manager (Apache Tomcat) Tomcat Manager Weak Password (Apache Tomcat) Tomcat Host Manager Weak Password (Apache Tomcat) Tomcat version detection via invalid HTTP verb (Apache Tomcat) Tomcat PUT RCE (CVE-2017-12617) (Apache Struts) Sample files which may be vulnerable (IIS) Info Disclosure: Server version (ASP.NET) Info Disclosure: ASP.NET version (ASP.NET) Info Disclosure: ASP.NET MVC version (ASP.NET) Presence of Trace.axd (ASP.NET) Presence of Elmah.axd (ASP.NET) Debugging Enabled (nginx) Info Disclosure: Server version (PHP) Info Disclosure: PHP version CMS Detection: Generic (Generator meta tag) [Real detection coming as soon as I get around to it…] SSL Information: Certificate details Certificate chain Supported ciphers Maximum requests using 3DES in a single connection DNS CAA records Checks for the following SSL issues are performed: Expired Certificate Self-Signed Certificate MD5 Signature SHA1 Signature RC4 Cipher Suites Weak (< 128 bit) Cipher Suites SWEET32 Certain DNS information is collected: IP Addresses IP Owner/Network (via api.iptoasn.com) TXT Records MX Records NS Records CAA Records (with CNAME chasing) Common Subdomains (2,354 subdomains) – optional, via --subdomains SRV Records – optional, via --srv In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others. [HIDE][Hidden Content]]
  11. WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… [Hidden Content]
  12. Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Support Platforms Linux Windows MacOSX [HIDE][Hidden Content]]
  13. This Metasploit module exploits untrusted serialized data processed by the WAS DMGR Server and Cells in the IBM Websphere Application Server. NOTE: There is a required 2 minute timeout between attempts as the neighbor being added must be reset. View the full article
  14. This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access. View the full article
  15. Have a good overview of the Java programming language Install Android Studio and setup the environment Debug an Android Application Create a signed APK file to submit to the Google Play Store Use Explicit and Implicit Intents Make use of Fragments Create a Custom List View Create the Android Actionbar Create a custom Toast Use Shared Preferences, Files and SQLite Use the AsyncTask class Handle Android 6 Permissions Save data in an online database (MBAAS - Backendless) and do User management [Hidden Content]
  16. XenForo version 1.5.x with Advanced Application Forms version 1.2.2 suffers from an open redirection vulnerability. View the full article
  17. itsMe

    PlayTube

    With PlayTube users can view & Interact with lasted videos and like and comment and more, now using the application is easier, and more fun! PlayTube is easy, secured, and it will be regularly updated. Demo: [Hidden Content] [HIDE][Hidden Content]]
  18. [HIDE][Hidden Content]] w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners: automatically detects target authentication type. admin page scanner. SQL injection scanner vulnerability. Attack Method: w3brute can attack using various methods of attack. this is a list of available attack methods: SQL injection bypass authentication mixed credentials (username + SQL injection queries) Support: multiple target google dorking a list of supported web interface types to attack: web shell HTTP 401 UNAUTHORIZED (Basic and Digest) create file results brute force attack. supported file format type: CSV (default) HTML SQLITE3 custom credentials (username, password, domain) (supported zip file) custom HTTP requests (User-Agent, timeout, etc) and much more...
  19. Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section Vooki – Web Application Scanner can help you to find the following attacks Sql Injection Command Injection Header Injection Cross site scripting – reflected, Cross site scripting – stored Cross site scripting – dom based Missing security headers Malicious JS script execution Using components with known vulnerabilities Jquery Vulnerabilites Angularjs Vulnerabilites Bootstrap Vulnerabilities Sensitive Information disclosure in response headers Sensitive Information disclosure in error messages Missing Server Side Validation Javascript Dyanamic Code Execution Sensitive Data Exposure [HIDE][Hidden Content]]
  20. Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features : [HIDE][Hidden Content]] Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image available to build and run Features Fingerprints Server Web Frameworks (CakePHP,CherryPy,...) Frontend Frameworks (AngularJS,MeteorJS,VueJS,...) Web Application Firewall (Waf) Content Management System (CMS) Operating System (Linux,Unix,..) Language (PHP,Ruby,...) Cookie Security Content Delivery Networks (CDN) Attacks: Bruteforce Admin Interface Common Backdoors Common Backup Directory Common Backup File Common Directory Common File Log File Injection HTML Injection SQL Injection LDAP Injection XPath Injection Cross Site Scripting (XSS) Remote File Inclusion (RFI) PHP Code Injection Other HTTP Allow Methods HTML Object Multiple Index Robots Paths Web Dav Cross Site Tracing (XST) PHPINFO .Listing Vulnerabilities ShellShock Anonymous Cipher (CVE-2007-1858) Crime (SPDY) (CVE-2012-4929) Struts-Shock
  21. Taipan is a an automated web application scanner that allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which includes other components, like a web dashboard where you can manage your scans, download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the Taipan dashboard: [HIDE][Hidden Content]] Below an example of execution: [Hidden Content] Taipan Components Taipan is composed of four main components: Web Application fingerprinter it inspects the given application in order to identify if it is a COTS application. If so, it extracts the identified version. This components is very important since it allows to identify vulnerable web applications. Hidden Resource Discovery this component scans the application in order to identify resources that are not directly navigable or that shouldn't be accessed, like secret pages or test pages. Crawler This component navigates the web site in order to provide to the other components a list of pages to analyze. It allows to mutate the request in order to find not so common pathes. Vulnerability Scanner this component probes the web application and tries to identify possible vulnerabilities. It is composed of various AddOn in order to easily expand its Knowledge Base. It is also in charge for the identification of know vulnerabilities which are defined by the user.
  22. Twilio WEB To Fax Machine System Application version 1.0 suffers from a remote SQL injection vulnerability. View the full article
  23. Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method. View the full article