Search the Community

CrossInjector is a Python tool to scan a list of URLs for Cross-Site Scripting (XSS) vulnerabilities. It uses Selenium WebDriver and ChromeDriver to execute JavaScript code and identify if a given URL is vulnerable to XSS attacks. [Hidden Content]

Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on a variety of target types with many available features & tools. Use Cases These enumerations processes can be used for offensive & defensive cyber operations, Bug-Bounty hunting & Research. Multiple techniques are normally used by multiple tools to attain this goal. sub3suite combines these different techniques and provides you with multiple capability tools into one suite for effective enumeration both manually and automatically. General Concepts Passive Subdomain Enumeration. Active Subdomain Enumeration. OSINT (Open-source intelligence). OSINT Information gathering. Target Mapping. Changelog v0.0.4 changed ACTIVE Tool to HOST Tool. changed no longer use the term ENGINES now its TOOLS added IP Tool added Ping feature for HOST & IP tools. added light theme added hostname querying in URL Tool fix unwanted selection in results tree views fix json highlighter fix hackertarget crashing OSINT Tool on hostsearch [hide][Hidden Content]]

Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on variety of target types with many available features & tools. For more information checkout the documentation [hide][Hidden Content]]

Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on a variety of target types with many available features & tools. Use Cases These enumerations processes can be used for offensive & defensive cyber operations, Bug-Bounty hunting & Research. Multiple techniques are normally used by multiple tools to attain this goal. sub3suite combines these different techniques and provides you with multiple capability tools into one suite for effective enumeration both manually and automatically. General Concepts Passive Subdomain Enumeration. Active Subdomain Enumeration. OSINT (Open-source intelligence). OSINT Information gathering. Target Mapping. Subdomain Enumeration Subdomain enumeration is the process of finding sub-domains for one or more domains. It helps to broader the attack surface, and find hidden applications and forgotten subdomains. why subdomain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web applications that might be forgotten/left unattended by the organization for maintenance or other reasons and may lead to the disclosure of critical vulnerabilities. Passive Subdomain Enumeration For passive subdomain enumeration, the subdomains are obtained from a third party without directly connecting to the target’s infrastructures. These 3rd parties gather and store open information gathered from devices connected to the internet and contain an interface to share this data e.gAPI . Passive sources include VirusTotal, shodan, host, SecurityTrails, etc. Multiple tools are available For this purpose. Open source tools like theHarvester & amass are among the most popular in this field. sub3suite has an OSINT tool that can be used for passive subdomain enumeration able to pull data from 50+ osint sources in a matter of seconds & gives users the ability to manipulate this data to their liking. [hide][Hidden Content]]

edb is a cross-platform x86/x86-64 debugger. It was inspired by Ollydbg but aims to function on x86 and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX, and Windows ports are underway with varying degrees of functionality. [hide][Hidden Content]]

ezXSS is an easy way to test (blind) Cross-Site Scripting. Current features Easy to use dashboard with statics, payloads, view/share/search reports and more Payload generator Instant email alert on the payload Custom javascript for extra testing Prevent double payloads from saving or alerting Share reports with other ezXSS users Easily manage and view reports in the system Search for reports in no time Secure your system account with extra protection (2FA) The following information is collected on a vulnerable page: The URL of the page IP Address Any page referer (or share referer) The User-Agent All Non-HTTP-Only Cookies Full HTML DOM source of the page Page origin Time of execution its just ez 🙂 Changelog v3.6 In order to update ezXSS 3.x to 3.6 you need to rename config.ini.example to config.ini and fill in your database information. Your database information is no longer stored in the Database.php. Changelog: Fixed #56, bug on deleting reports on page 2 or up Fixed and added #55, custom send mail from Added config file Renamed some things Fixed some other small bugs [hide][Hidden Content]]

this is a cross platform RAT tool (java RAT) / (jRAT) which is { [Windows RAT] [Linux RAT] [MAC RAT] } which is fully programmed in java be a user friendly and easy to use and builds out trojans (.jar) and controls the victims running those trojans on same port at same time ,this tool is fully in java (Client & Server in java) and this tool is now registerd to be free , and on the user responsibility [Hidden Content]

cross-platform backdoor using dns txt records What is ddor? ddor is a cross-platform lightweight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both Linux and Windows machines List of around 10 public DNS servers that it randomly chooses from Unpredictable call back times Encrypts txt record using xor with custom password Linux Features: Anti-Debugging, if ptrace is detected as being attached to the process it will exit. Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program. Automatically Daemonizes Tries to set GUID/UID to 0 (root) Windows Features: Hides Console Window Stub Size of around 20kb [hide][Hidden Content]]

This is a cross platform RAT tool [Android RAT] [Windows RAT] [Linux RAT] [MAC RAT] which is programmed in VB.net and builds out trojans (.exe , .apk & .jar) and controls the victims running those trojans on same port at same time , and this tool is now registerd to be free , and on the user`s responsibility This is For Educational Purposes Only ! and User is responsible for his usage of this Tool New Update : some android clients / victims was connecting but not working , [Bug Fixed] bug fixed with modern android / turn off playprotect to test your own , you also can cyrpt it and make it FUD as in some youtube tutorials [hide][Hidden Content]] Server.exe Scan [Hidden Content]

Cross-platform backdoor using dns txt records. What is ddor? ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DNS servers that it randomly chooses from Unpredictable call back times Encrypts txt record using xor with custom password Linux Features: Anti-Debugging, if ptrace is detected as being attached to the process it will exit. Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program. Automatically Daemonizes Tries to set GUID/UID to 0 (root) Windows Features: Hides Console Window Stub Size of around 20kb [HIDE][Hidden Content]]

ownCloud version 10.3.0 Stable suffers from a cross site request forgery vulnerability. View the full article

Mr Blog PHP suffers from cross site scripting and remote SQL injection vulnerabilities. View the full article

WordPress version 5.2.4 fails to validate an origin header. View the full article

WebKit suffers from an HTMLFrameElementBase::isURLAllowed universal cross site scripting vulnerability. View the full article

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21 suffers from a cross site scripting vulnerability. View the full article

Intelbras Router WRN150 version 1.0.18 suffers from a cross site request forgery vulnerability. View the full article

CWP version 0.9.8.885 suffers from a persistent cross site scripting vulnerability. View the full article

Sahi Pro version 8.x suffers from a reflective cross site scripting vulnerability. View the full article

WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a cross site scripting vulnerability. View the full article

Rocket.Chat version 2.1.0 suffers from a cross site scripting vulnerability. View the full article

The NASA Online Directives Information System suffers from a cross site scripting vulnerability that can be leveraged via the User-Agent header. The researcher has notified NASA and has not received a response. View the full article

WordPress Popup Builder plugin version 3.49 suffers from a persistent cross site scripting vulnerability. View the full article

WordPress Soliloquy Lite plugin version 2.5.6 suffers from a persistent cross site scripting vulnerability. View the full article

WordPress FooGallery plugin version 1.8.12 suffers from a persistent cross site scripting vulnerability. View the full article

Accounts Accounting version 7.02 suffers from a persistent cross site scripting vulnerability. View the full article