Search the Community

Pentest Collaboration Framework Pentest Collaboration Framework – an open-source, cross-platform, and portable toolkit for automating routine processes when carrying out various works for testing! Features Structure 👨‍👨‍👦 Teams Work team Personal team ⛑ Pentest projects 🖥️ Hosts ip-address hostnames operation system open ports tester notes 🐞 Issues Proof of concept 🌐 Networks 🔑 Found credentials 📝 Notes 💬 Chats 📊 Report generation plaintext docx zip 📁 Files 🛠 Tools Changelog v1.1 🐞Fixed CSRF problems with notes edition Icons bug Bug with mounted filesystems Bug with issue hosts selection x2 Bug with requirements_unix.txt Bug with session/CSRF timeline Several SQL bugs IPv6 addresses bug Issue styles bug Database thread-locks (SQLite3 only) Issue templates button bug ⭐Added ✔️Double click host copy at creds/network/issue pages ✔️Contribution topic ✔️Config session_lifetime & csrf_lifetime params ✔️Issue interactive metrics tab with CVSS & OWASP Risk ✔️format_date template functions ✔️New structure of template functions ✔️DNSrecon integration ✔️theHarvester integration ✔️Metasploit integration ✔️Nuclei integration ✔️Notes variables for report templates [Hidden Content]

Shipboard is a team collaboration system (SaaS) that is a great fit for any team looking to work together. With a clean, modern, and highly interactive design you can easily collaborate with your team members to get tasks done. Demo: [Hidden Content]] [Hidden Content]

This Metasploit module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP password for the zimbra account. The zimbra credentials are then used to get a user authentication cookie with an AuthRequest message. Using the user cookie, a server side request forgery in the Proxy Servlet is used to proxy an AuthRequest with the zimbra credentials to the admin port to retrieve an admin cookie. After gaining an admin cookie the Client Upload servlet is used to upload a JSP webshell that can be triggered from the web server to get command execution on the host. The issues reportedly affect Zimbra Collaboration Suite v8.5 to v8.7.11. This module was tested with Zimbra Release 8.7.1.GA.1670.UBUNTU16.64 UBUNTU16_64 FOSS edition. View the full article

Zimbra Collaboration versions prior to 8.8.11 suffer from multiple cross site scripting vulnerabilities. View the full article

Zimbra Collaboration User Enumeration Script (CVE-2018-10949) How to use The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it. root@kali# ./cve-2018-10949-user-enum.py --host [Hidden Content] --userlist /tmp/emails.txt And it should spill out valid e-mails! [Hidden Content]

Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from an improper access control vulnerability. View the full article

Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from a password disclosure vulnerability. View the full article