Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Microsoft Baseline Security Analyzer 2.3 XML Injection

      Recommended Posts

      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HawkScan
          Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
          This script uses “WafW00f” to detect the WAF in the first step.
          This script uses “Sublist3r” to scan subdomains.
          This script uses “waybacktool” to check in the waybackmachine.

          Features
               URL fuzzing and dir/file detection
               Test backup/old file on all the files found (index.php.bak, index.php~ …)
               Check header information
               Check DNS information
               Check whois information
               User-agent random or personal
               Extract files
               Keep a trace of the scan
               Check @mail in the website and check if @mails leaked
               CMS detection + version and vulns
               Subdomain Checker
              Backup system (if the script stopped, it take again in the same place)
               WAF detection
               Add personal prefix
              Auto-update script
               Auto or personal output of scan (scan.txt)
               Check Github
              Recursive dir/file
              Scan with an authentication cookie
               Option –profil to pass profil page during the scan
               HTML report
               Work it with py2 and py3
              Add option rate-limit if the app is unstable (–timesleep)
              Check-in waybackmachine
               Response error to WAF
              Check if DataBase firebaseio exist and accessible
              Automatic threads depending on the response to a website (and reconfig if WAF detected too many times). Max: 30
               Search S3 buckets in source code page
               Testing bypass of waf if detected
               Testing if it’s possible scanning with “localhost” host
          Changelog v1.8.6
              Fixed: Any bugs: Thread modification, header parameters, bypass forbidden & any others…
              Added: google module in requirements/setup
              Updated: Deleted degoogle modules/script, google dork works now with the “googlesearch” module
              Updated: A little style modification
              Updated: Default thread now 30

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. The best WordPress security plugin, Better WP Security, is now... iThemes Security shows you a list of things to do to make your site more secure with a simple way to turn options on or off. We've simplified these steps and provided descriptions of each action so you know exactly what's happening on your site. You shouldn't have to be a security pro to use a security plugin. And isn't that the point?
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Security Onion
          Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
          Below are several diagrams to represent the current architecture and deployment scenarios for Security Onion on the Elastic Stack.
          Changelog v2.3.61
              FIX: Airgap link to Release Notes #4685
              FIX: CyberChef unable to load due to recent Content Security Policy restrictions #4885
              FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770
              UPGRADE: alpine 3.12.1 to latest for Fleet image #4823
              UPGRADE: Elastic 7.13.4 #4730
              UPGRADE: Zeek 4.0.3 #4716

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. We are the Parrot Project
          Parrot is a worldwide community of developers and security specialists that work together to build a shared framework of tools to make their job easier, standardized and more reliable and secure.
          Parrot OS, the flagship product of Parrot Security is a GNU/Linux distribution based on Debian and designed with Security and Privacy in mind. It includes a full portable laboratory for all kinds of cyber security operations, from pentesting to digital forensics and reverse engineering, but it also includes everything needed to develop your own software or keep your data secure.
          Parrot Security Edition is a special purpose operating system designed for Penetration Test and Red Team operations. It contains a full arsenal of ready to use pentest tools.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. ScanT3r – Web Security Scanner
          Scant3r Scans all URLs with multiple HTTP Methods and content-types also, it tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time to look into functions and get Easy bugs on the way and scant3r will help you write your own python script faster, you don’t need to configure http/threads/errors/options/etc…, just by writing the main function in your script (also you can import scant3r function for write an awesome script), you can run it in your terminal or access your script from api

          Hidden Content
          Give reaction to this post to see the hidden content.