Search the Community

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools (e.g., dnsrecon, gobuster, hydra, nmap, etc.) querying publicly available APIs (e.g., Censys.io, Haveibeenpwned.com, Hunter.io, Securitytrails.com, DNSdumpster.com, Shodan.io, etc.) storing the collected data in a central rational database (see next section) providing an interface to query and analyze the gathered intelligence After the execution of each Kali Linux tool or querying APIs, KIS analyses the collected information and extracts as well as reports interesting information like newly identified user credentials, hosts/domains, TCP/UDP services, HTTP directories, etc. The extracted information is then internally stored in different PostgreSql database tables, which enables the continuous, structured enhancement and re-use of the collected intelligence by subsequently executed Kali Linux tools. [hide][Hidden Content]]

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing Kali Linux tools (e.g., dnsrecon, gobuster, hydra, nmap, etc.) querying publicly available APIs (e.g., Censys.io, Haveibeenpwned.com, Hunter.io, Securitytrails.com, DNSdumpster.com, Shodan.io, etc.) storing the collected data in a central rational database (see next section) providing an interface to query and analyze the gathered intelligence After the execution of each Kali Linux tool or querying APIs, KIS analyses the collected information and extracts as well as reports interesting information like newly identified user credentials, hosts/domains, TCP/UDP services, HTTP directories, etc. The extracted information is then internally stored in different PostgreSql database tables, which enables the continuous, structured enhancement and re-use of the collected intelligence by subsequently executed Kali Linux tools. Additional features are: pre-defined dependencies between Kali Linux tools ensure that relevant information like SNMP default community strings or default credentials is known to KIS before trying to access the respective services remembering the execution status of each Kali Linux tool and API query ensures that already executed OS commands are not automatically executed again data imports of scan results of external scanners like Masscan, Nessus, or Nmap supporting the intelligence collection based on virtual hosts (vhost) using a modular approach that allows the fast integration of new Kali Linux tools parallel Kali Linux command execution by using a specifiable number of threads enables users to kill Kali commands via the KIS user interface in case they take too long access public APIs to enhance data with OSINT [hide][Hidden Content]]

Thomson Reuters Concourse and Firm Central versions prior to 2.13.0097 suffer from directory traversal and local file inclusion vulnerabilities. View the full article

The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided. View the full article

The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server. This vulnerability is exploitable in CMS versions up to and including 2.4. View the full article

Web Proxies Central is a program that let you use undetected yet list of proxies to surf the internet for fun or profit. What makes Web Proxies Central different from other programs or websites is the proxy scrapping method that retrieves undetected web proxies. This proxies don't have much traffic mainly because they are new and this is an advantage because they respond faster to page requests. Download: [hide][Hidden Content]] Virustotal: [hide][Hidden Content]]

D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity. View the full article

Using a web browser or script server-side request forgery (SSRF) can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser. View the full article

The FTP Server component of the D-LINK Central WifiManager can be used as a man-in-the-middle machine allowing PORT Command bounce scan attacks. This vulnerability allows remote attackers to abuse your network and discreetly conduct network port scanning. Victims will then think these scans are originating from the D-LINK network running the afflicted FTP Server and not you. Version 1.03 r0098 is affected. View the full article

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected. View the full article

ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability. View the full article

ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability. View the full article