Search the Community

What if you could learn the systematic process and visual skills of creating beautiful and functional interfaces—even without a design background? This course is absolutely jam-packed with all the best information for creating great visual design for interfaces. No fluff, just practical content tailored specifically for interfaces. Shift Nudge is the system I’ve developed for over 15+ years, for clients big and small, across dozens of industries, and now thousands of paying customers have it too. It covers the entire design process for creating beautiful interfaces. You can go at your own pace, plus seeing other people’s work and getting nitpicky feedback from peers is great. If you’re looking to expand your UI skills, do it! [Hidden Content] [hide][Hidden Content]]

Purpose toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of an https server that works as an interpreter for the traffic generated by the malicious JavaScript payload that powers this tool (toxin.js). This project started as (and still is) a research-based creative endeavor to explore the exploitability depth that an XSS vulnerability may introduce by using vanilla JavaScript, trusted certificates and cheap tricks. Disclaimer: The project is quite fresh and has not been widely tested. [hide][Hidden Content]]

Modular visual interface for GDB in Python. This comes as a standalone single-file .gdbinit which, among the other things, enables a configurable dashboard showing the most relevant information during the program execution. Its main goal is to reduce the number of GDB commands issued to inspect the current program status allowing the programmer to focus on the control flow instead. Features Single GDB init file. Write the dashboard to the main GDB console or to an external file/TTY. Interaction with GDB using the native Python API. Several default modules are included to address the most basic needs: source code, assembly, registers, etc.). User-defined modules can be easily developed by extending a Python class. Additional configuration files (both GDB and Python) are read from ~/.gdbinit.d/. Fully stylable user interface and dynamic command prompt. Optional syntax highlighting using the Pygments Python library. No GDB command has been redefined, instead, all the features are available as subcommands of the main dashboard command. [hide][Hidden Content]]

Please Don't Use for illegal Activity Added New Tools Root Android {Supersu} Not Support All OS Version Jump To Adb Toolkit Shell ScreenShot Copy All Camera Photo Copy All WhatsApp Folder Copy All Data Storage Manual Copy {Costum} Backup Data Restore Data Permissons Reset Reboot Remove Lockscreen {Root} Jump To Metasploit Install Application Create Payload Backdoor {Msfvenom} Singed Run Metasploit Inject Payload In Original Application Phone Info Control Android {Scrcpy} Brute Pin 4 Digit Brute Pin 6 Digit Brute LockScreen Using Wordlist Bypass LockScreen {Antiguard} Not Support All OS Version Reset Data Cilocks_V2.1 Added new feature IP Logger GetCam Rat IOS {Metasploit} [hide][Hidden Content]]

What’s PAKURI Sometimes, penetration testers love to perform a complicated job. However, I always prefer the easy way. PAKURI is a semi-automated user-friendly penetration testing tool framework. You can run the popular pentest tools using only the numeric keypad, just like a game. It is also a good entry tool for beginners. They can use PAKURI to learn the flow to penetration testing without struggling with a confusing command line/tools. Abilities of “PAKURI”. Intelligence gathering. Vulnerability analysis. Visualize. Brute Force Attack. Exploitation. Your benefits. By using our PAKURI, you will benefit from the following. For redteam: (a) Red Teams can easily perform operations such as information enumeration and vulnerability scanning. (b) Visualizing the survey results is possible only with the numeric keypad. For blueteam: (c) The Blue Team can experience a dummy attack by simply operating the numeric keypad even they do not have any penetration testing skill. For beginner: (d) PAKURI has been created to support the early stages of penetration testing. These can be achieved with what is included in Kali-Tools. It can be useful for training the entry level pentesters. NOTE If you are interested, please use them in an environment under your control and at your own risk. And, if you execute the PAKURI on systems that are not under your control, it may be considered an attack and you may have legal liability for your action. Features Scan enum4linux Nikto Nmap OpenVAS Skipfish sslscan SSLyze Exploit BruteSpray Metasploit Visualize Faraday CUI-GUI switching PAKURI can be operated with CUI and does not require a high-spec machine, so it can be operated with Raspberry Pi Changelog v1.1.1 This is PAKURI version 2, presented at BlackHat Asia 2020 Arsenal [hide][Hidden Content]]

DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. Firstly, enter the target process name with exe (chrome.exe, explorer.exe). And enter the to be injected DLL path (C:\malwDll.dll). Example Injection Process: V1 Features Only inject the DLL. Targeting process by name. If errors occurs, shows the error code. [hide][Hidden Content]]

The Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Version A 1.4.11 - B 1.4.2 is affected. View the full article

Kali Linux Tools Interface It is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest package of native tools. Prerequisites A Debian-based distribution (preferably Kali Linux) The information security tools installed Apache / Nginx service running SSH Service running Shell In A Box (if you want to use the Terminal) To install Shell In A Box, use the following command: sudo apt-get install shellinabox [HIDE][Hidden Content]]

The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege. View the full article

A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition. View the full article

Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter Getting Started Please follow these instructions to get a copy of Kage running on your local machine without any problems. Prerequisites Metasploit-framework must be installed and in your PATH: Msfrpcd Msfvenom Msfdb Video Tutorial [HIDE][Hidden Content]]

Vembu Storegrid Web Interface version 4.4.0 suffers from cross site scripting and information leakage vulnerabilities. View the full article

Intel Rapid Storage Technology User Interface and Driver version 15.9.0.1015 suffers from a dll hijacking vulnerability. View the full article

Poppy Web Interface Generator version 0.8 suffers from a remote shell upload vulnerability. View the full article

Nasdaq BWise version 5.0 suffers from a JMX/RMI interface remote code execution vulnerability. View the full article