Sign in to follow this
Followers
0
Exploits Microsoft Baseline Security Analyzer 2.3 XML Injection
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Hide My WP is the number one security plugin for WordPress. It hides your WordPress from attackers, spammers and theme detectors. Over 26,000 satisfied customers use Hide My WP. It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HawkScan
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script uses “WafW00f” to detect the WAF in the first step.
This script uses “Sublist3r” to scan subdomains.
This script uses “waybacktool” to check in waybackmachine.
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ …)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in the same place)
WAF detection
Add personal prefix
Auto-update script
Auto or personal output of scan (scan.txt)
Check Github
Recursive dir/file
Scan with an authentication cookie
Option –profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if the app is unstable (–timesleep)
Check-in waybackmachine
Response error to WAF
Check if DataBase firebaseio exist and accessible
Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
Search S3 buckets in source code page
Testing bypass of waf if detected
Testing if it’s possible scanning with “localhost” host
Changelog v1.6.7
Add: Option –auth for HTTP authentification. Exemple –auth admin:admin
Fixed: Bugs
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Learn to use C#'s powerful set of core libraries to automate tedious yet important tasks like performing vulnerability scans, malware analysis, and incident response. With some help from Mono, you can write your own practical security tools that will run on Mac, Linux, and even mobile devices.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X).
It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest Box, Parrot Security OS, ArchStrike, or BlackArch Linux.
This software is developed using great open-source libraries like Spring, Spock, and Hibernate, and it uses the platform Travis CI for continuous integration.
Each program update is tested with Java version 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution on multi-threading, devops, unit and integration tests, and optimization.
Features
Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica
Multiple injection strategies: Normal, Error, Blind and Time
SQL Engine to study and optimize SQL expressions
Injection of multiple targets
Search for administration pages
Creation and visualization of Web shell and SQL shell
Read and write files on the host using injection
Bruteforce of password’s hash
Code and decode a string
Changelog jSQL Injection v0.83
Various new preferences like thread control, User-agent, Zip, and Dios modes
Add 11 database engines: a total of 34 engines
Multi modules for continuous integration
Fingerprint, stability, and more
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Carnivore – Microsoft External Attack Tool
Overview: Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality. Carnivore includes some new post-authentication Skype for Business functionality.
In general, the tabs will unlock in-line with what functionality you can use. Ie – the post auth options will unlock after you have discovered valid credentials.
Feature
Subdomain Enumeration
Username Enumeration
Smart Enumeration
9 lists of statistically likely usernames
Automatically selects likely format
Legacy vs Modern Format
Password Spraying
Discovered Format
Pre-built lists
Post Compromise
Hidden Content
Give reaction to this post to see the hidden content.
-