Sign in to follow this
Followers
0
Exploits Microsoft Baseline Security Analyzer 2.3 XML Injection
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HawkScan
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script uses “WafW00f” to detect the WAF in the first step.
This script uses “Sublist3r” to scan subdomains.
This script uses “waybacktool” to check in the waybackmachine.
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ …)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in the same place)
WAF detection
Add personal prefix
Auto-update script
Auto or personal output of scan (scan.txt)
Check Github
Recursive dir/file
Scan with an authentication cookie
Option –profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if the app is unstable (–timesleep)
Check-in waybackmachine
Response error to WAF
Check if DataBase firebaseio exists and is accessible
Automatic threads depending on the response to a website (and reconfig if WAF is detected too many times). Max: 30
Search S3 buckets in the source code page
Testing bypass of waf if detected
Testing if it’s possible scanning with “localhost” host
Changelog v1.9.5
Fixed: A pass on the source code, more speedy
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs.
HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new or previously unknown malware – but it also makes no distinction between safe and unsafe items. Users are expected to research all scanned items, and only remove items from their PC when absolutely appropriate.
Therefore, FALSE POSITIVES ARE LIKELY. If you are ever unsure, you should consult with a knowledgeable expert BEFORE deleting anything.
Features
Lists non-default settings in the registry, hard drive and memory related to autostart
Generates organized, easily readable reports
Does not use a database of specific malware, adware, etc
Detects potential methods used by hijackers
Can be configured to automatically scan at system boot up
Advantages
Short logs
Fast scans
No need to manually create fixing scripts
No need for Internet access or recurring database updates
Already familiar to many people
Portable
New in version 3
Detects several new hijacking methods
Fully supports new Windows versions
New and updated supplementary tools
Improved interface, security, and backups
HiJackThis also comes with several useful tools for manually removing malware from a computer:
StartupList 2 (*new*)
Process Manager
Uninstall manager
Hosts file manager
Alternative Data Spy
Delete file/service staff
Digital Signature Checker (*new*)
Registry key unlocker (*new*)
Check Browsers’ LNK & ClearLNK (as downloadable component) (*new*)
Log analysis
IMPORTANT: HiJackThis Fork does not make value-based calls on what is considered good or bad. You must exercise caution when using this tool. Avoid making changes to your computer settings without thoroughly studying the consequences of each change.
Changelog v2.10.0.10
– Added detection of Windows 11, Windows Server 2016, Windows Server 2022.
– Added DisplayVersion in addition to ReleseId where possible.
– O22 – Tasks: whitelists are updated.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. ghacks user.js
The ghacks user.js is a template that aims to provide as much privacy and enhanced security as possible and to reduce tracking and fingerprinting as much as possible – while minimizing any loss of functionality and breakage (but it will happen).
A user.js which resides in the root directory of a profile is used to set preferences for that profile when Firefox starts. Preferences are settings that control Firefox’s behavior. Some can be set from the Options interface and all can be found in about:config, except for what is called hidden preferences which will only show when they are set by the user.
That’s a bit to digest, so here is a pretty picture showing a preference with the same value as status user set/modified and default. In about:config’s search box, you can use wildcards (e.g network*policy) to save time typing, and it is case insensitive.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Like many Security Plugins, SecuPress has a bunch of awesome features. But it’s not only about features, it’s also about performance, loading speed, memory usage. And less technically the confort of using a well done plugin with a beautiful user interface and an great user experience counts. Then, we have in mind to secure a large number of websites, you can be part of this. The most important for us is that you have a secured website, using SecuPress or not.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. HawkScan
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)
This script uses “WafW00f” to detect the WAF in the first step.
This script uses “Sublist3r” to scan subdomains.
This script uses “waybacktool” to check in the waybackmachine.
Features
URL fuzzing and dir/file detection
Test backup/old file on all the files found (index.php.bak, index.php~ …)
Check header information
Check DNS information
Check whois information
User-agent random or personal
Extract files
Keep a trace of the scan
Check @mail in the website and check if @mails leaked
CMS detection + version and vulns
Subdomain Checker
Backup system (if the script stopped, it take again in the same place)
WAF detection
Add personal prefix
Auto-update script
Auto or personal output of scan (scan.txt)
Check Github
Recursive dir/file
Scan with an authentication cookie
Option –profil to pass profil page during the scan
HTML report
Work it with py2 and py3
Add option rate-limit if the app is unstable (–timesleep)
Check-in waybackmachine
Response error to WAF
Check if DataBase firebaseio exists and is accessible
Automatic threads depending on the response to a website (and reconfig if WAF is detected too many times). Max: 30
Search S3 buckets in the source code page
Testing bypass of waf if detected
Testing if it’s possible scanning with “localhost” host
Changelog v1.9.3 beta
Updated: New banner
Fixed: Multiple websites with a file which contains url
Hidden Content
Give reaction to this post to see the hidden content.
-