Search the Community

Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty… [hide][Hidden Content]]

Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty… [hide][Hidden Content]]

Juumla is a python tool created to identify the Joomla version, scan for vulnerabilities and search for config or backup files. ✨ Features Fast scan Low RAM and CPU usage Detect Joomla version Find config and backup files Scan for vulnerabilities based on the Joomla version Open-Source Changelog v0.1.4 Improved the code Removed useless checks Changed Juumla banner Changed status messages [hide][Hidden Content]]

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically. Features Fully automatic! (Use -y flag to enable) Detect network IP range without any user input. Vulnerability detection based on version. Get information about the vulnerability right from your terminal. Automatically download exploit related with vulnerability. Noise mode for creating a noise on the network. Evasion mode for being sneaky. Automatically decide which scan types to use based on privilege. Easy to read output. Function to output results to a file. Argument for passing custom nmap flags. Specify your arguments using a config file. [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog v1.45.1 Updated the database for all CMS. [hide][Hidden Content]]

Recon The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot! Feature ASN Enumeration metabigor Subdomain Enumeration Assetfinder Subfinder Amass Findomain Sublist3r Knock SubDomainizer GitHub Sudomains RapidDNS Riddler SecurityTrails Alive Domains httprobe httpx WAF Detect wafw00f Domain organization Regular expressions Subdomain Takeover Subjack DNS Lookup Discovering IPs dnsx DNS Enumeration and Zone Transfer dnsrecon dnsenum Favicon Analysis favfreak Shodan Directory Fuzzing ffuf Google Hacking Some Dorks that I consider important CredStuff-Auxiliary Googler GitHub Dorks Jhaddix Dorks Credential Stuffing CredStuff-Auxiliary Screenshots EyeWitness Port Scan Masscan Nmap Naabu Link Discovery Endpoints Enumeration and Finding JS files Hakrawler Waybackurls Gospider ParamSpider Vulnerabilities Nuclei ➔ I used all the default templates 403 Forbidden Bypass Bypass-403 XSS XSStrike Gxss LFI Oneliners gf ffuf RCE My GrepVuln function Open Redirect My GrepVuln function SQLi Oneliners gf sqlmap [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog v1.45 * New SS modules. * New versions for all CMS. * Fix Python version in Kali. Thank you @pr0b3r7 and @NorthShad0w. [hide][Hidden Content]]

this script will scan your code the script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI command_injection features fast simple report [hide][Hidden Content]]

XSSTRON Electron JS Browser To Find XSS Vulnerabilities Powerful Chromium Browser to find XSS Vulnerabilities automatically while browsing the web, it can detect many case scenarios with support for POST requests too. [hide][Hidden Content]]

SUDO_KILLER is a tool that can be used for privilege escalation on the Linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns), and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. Features Some of the checks/functionalities that are performed by the tool. Misconfigurations Dangerous Binaries Vulnerable versions of sudo – CVEs Dangerous Environment Variables Credential Harvesting Writable directories where scripts reside Binaries that might be replaced Identify missing scripts What version 2 of SK includes: New checks and/or scenarios CVE-2019-14287 – runas No CVE yet – sudoedit – absolute path CVE-2019-18634 – pwfeedback User Impersonation list of users in sudo group Performance improved Bugs corrected (checks, export, report,…) Continous improvement of the way output presented New videos will be added soon Annonying password input several time removed New functionality: offline mode – ability to extract the required info from audited system and run SK on host. Testing environment : A docker to play with the tool and different scenarios, you can also train on PE. [hide][Hidden Content]]

About CORScanner CORScanner is a python tool designed to discover CORS misconfigurations vulnerabilities of websites. It helps website administrators and penetration testers to check whether the domains/urls they are targeting have insecure CORS policies. The correct configuration of CORS policy is critical to website security, but CORS configurations have many error-prone corner cases. Web developers who are not aware of these corner cases are likely to make mistakes. Thus, we summarize different common types of CORS misconfigurations and integrate them into this tool, to help developers/security-practitioners quickly locate and detect such security issues. Features Fast. It uses gevent instead of Python threads for concurrency, which is much faster for network scanning. Comprehensive. It covers all the common types of CORS misconfigurations we know. Flexible. It supports various self-define features (e.g. file output), which is helpful for large-scale scanning. Changelog v0.9.6 Add an API interface for other programs to use [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe Wordpress Drupal Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Changelog v1.44 * Marked Drupal as stable. * Contribution by @mbomb007: Added README.md and CHANGELOG.md to Drupal interesting module URLs. * Contribution by @masterwebsk: new Drupal version. * New versions for all CMS except Joomla. * Minor updates to update system. [hide][Hidden Content]]

It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration. Some notes: If you choose to use OOB or CDATA mode, XXExploiter will generate the necessary dtd to be included and will start a server to host them. Have in mind that if you use these options you should set the server address If you include content in the body of the XML have in mind that XML restricted characters like ‘<‘ may break the parsing so be sure to use CDATA or PHP’s base64encode Most of the languages limit the number of entity expansion, or the total length of the content expanded, so make sure you test XEE on your machine first, with the same conditions as the target. [hide][Hidden Content]]

A plugin-based scanner that aids security researchers in identifying issues with several CMS. Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user. Supported CMS are: SilverStripe WordPress Partial functionality for: Joomla (version enumeration and interesting URLs only) Moodle (plugin & theme very limited, watch out) Drupal (plugin discovery partial on new installations of Drupal, patches encouraged) Changelog 1.43 ====== * Contribution by @kieran-github: add –user-agent parameter. * Contribution by @ageekymonk: Add new drupal 8 path. * Contribution by @NicolasCARPi: Add Dockerfile. * New Drupal and SS Modules. [hide][Hidden Content]]

V3n0M is a free and open source scanner. Evolved from Baltazar’s scanner, it has adopted several new features that improve functionality and usability. It is mostly experimental software. This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk. Feature: Cloudflare Resolver[Cloudbuster] Metasploit Modules Scans[To be released] LFI->RCE and XSS Scanning[LFI->RCE & XSS] SQL Injection Vuln Scanner[SQLi] Extremely Large D0rk Target Lists AdminPage Finding Toxin Vulnerable FTPs Scanner DNS BruteForcer Python 3.6 Asyncio based scanning [hide][Hidden Content]]

Get ports,vulnerabilities,informations,banners,..etc for any IP with Shodan (no apikey! no rate limit!) [HIDE][Hidden Content]]

XCat XCat is a command-line tool to exploit and investigate blind XPath injection vulnerabilities. It supports a large number of features: Auto-selects injections (run xcat injections for a list) Detects the version and capabilities of the xpath parser and selects the fastest method of retrieval Built-in out-of-bound HTTP server Automates XXE attacks Can use OOB HTTP requests to drastically speed up retrieval Custom request headers and body Built-in REPL shell, supporting: Reading arbitrary files Reading environment variables Listing directories Uploading/downloading files (soon TM) [HIDE][Hidden Content]]

How to search for Security Vulnerabilities in a website using GoLismero in Kali Linux [HIDE][Hidden Content]]

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested on Debian 9 Features Classic Blind Time based GBK (soon) Recursive scan (follow all hrefs of the scanned web site) Cookies integration Adjustable wait delay between requests Ignore given URLs [HIDE][Hidden Content]]

Vulnerable Website | Vulnerabilities In a Website [Hidden Content]

A few months ago, an anonymous user uploaded a PDF file to the online platform VirusTotal in order to see if it was detected by any of the more than 50 antivirus engines that have this platform or, otherwise, none of them detected it .This PDF file apparently seemed harmless and could have been a user who, after downloading it, wanted to verify that it did not hide anything. However, it seems that this PDF file hid something quite serious. This PDF file immediately called the attention of several security researchers subscribed to the platform, researchers who soon began to analyze it in depth.Within this PDF file they have been able to find two very dangerous exploits that took advantage of two security flaws still unknown in the Adobe software and in Windows. The Adobe vulnerability ( CVE-2018-4990 ) is a failure to execute remote code, while the Windows security failure ( CVE-2018-8120 ) is a privilege escalation failure to be able to execute code at the highest level of permits. The PDF file did not include the final payload and was not 100% complete, so it is believed that it has never been used. Neither this malicious PDF , nor the exploits that it hid, had never been seen on the network until they were sent to VirusTotal. It is not well known why this PDF came to this online security platform, whether it was from someone who got it in some way or by some rookie hackerwho does not know that all the files sent to VirusTotal are sent to security companies and researchers, even if apparently clean, for in-depth analysis. What is certain is that, thanks to VirusTotal, we have been able to avoid a series of very dangerous computer attacks, being able to know the vulnerability before it was used to endanger the security of the users. Update Windows and Adobe to protect yourself from these two vulnerabilities This PDF was detected in March of this same year, and in the second week of May Microsoft and Adobe released their corresponding security patches without giving specific details about these security flaws. However, in order to give system administrators enough time to update their infrastructures, it has not been until now that Microsoft and Adobe have made public the vulnerabilities that have been detected thanks to this PDF uploaded to VirusTotal . To protect ourselves from these two failures and make these exploits useless, we must install the latest Windows and Adobe security patches. These vulnerabilities were already solved the second week of May with the corresponding patches, so, installing these patches we will be fully protected. What do you think of these two security flaws discovered and solved thanks to VirusTotal?