Browsing category
Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as: Highlighting of reflection in the response tab. Test which symbols is allowed in this reflection. Analyze of reflection context. Content-Type whitelist. How to use After plugin install you just need to start work […]
A wrapper tool for shadowsocks to consistently bypass firewalls. Quick start Automatically connect The easiest way to run this tool is just type ssct in terminal, and ssct will acquire available shadowsocks servers from ishadowsocks and connect to it automatically. Connect to a specific server First, show all ss servers by –list option. ssct –list […]
One stop tool for auditing the security posture of AWS. Pre-requisites Python 2.7 pip git Installation git clone https://github.com/SecurityFTW/cs-suite.git cd cs-suite/ sudo python setup.py Note – Generate a set of ReadOnly AWS keys which the tool will ask to finish the installation process. Virtual Environment installation (So you don’t mess with the already installed python […]
Bash script purposed for system enumeration, vulnerability identification and privilege escalation. MIDA Multitool draws functionality from several of my previous scripts namely SysEnum and RootHelper and is in many regards RootHelpers successor. Besides functionality from these two previous scripts it incorporates some of it’s own and as such aims to be a comprehensive assistant for […]
Just a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet. Dubbed ‘IoT_reaper,’ first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; […]
The motion seeks to make it more stressful for students to cheat in exams. As a section of the new rules, schools will also be allotted to do history checks on students’ search history and social media activity. The scheme has already been sent for further consideration. Among other things, the draft also specifies that […]
Taking advantage of Intel ME technology, within which attackers can execute unsigned code on the target machine. This leads to a full compromise of the platform. Intel Management Engine is a closed technology, which is a microcontroller embedded into the Platform Controller Hub (PCH) with a set of well-proportioned peripherals. Through PCH, almost all communication […]
Not the first news of this nature but it was very recently discovered that Microsoft suffered a cyber attack from a group of very intelligent hackers way back in 2013. Cyber attacks happen but to think a major attack like this one can be kept secret for long is just plain ridiculous. Nevertheless, Microsoft did […]
subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go’s speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule out false positives. Installing You […]
KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. It then disconnects the suspected device, […]
Many internet giants offer security measures like two-factor authentication (which you should really use) to keep your account safe from hackers. But there are a handful of people who are so valuable as targets that hackers will go after them specifically — say, election campaign managers. And Google wants to do something about it. It’s […]
Studies on the topic of in-browser miners have been going on the Chromium project’s bug tracker since mid-September when Coinhive, the first launched. To experience, there have been at least two issues from concerned Chrome users that did not like holding their resources hijacked by in-browser miners. “Here’s my current view,” Ojan Vafai, a Chrome […]
Agari supports email fraud on behalf of larger than 400 federal websites, including the real sites of the departments of Health and Human Services and Veterans Affairs, the Census Bureau and the Senate. Though emails list who a word is “from,” the email order does nothing to verify if a message really was sent to […]
BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools. In 2008 Adam Boulton spoke at AppSec USA (YouTube) and released […]
A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns. Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory […]
Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and compatibility Requirements Beautiful Soup Mechanize Usages Open your terminal and enter git clone […]
Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting […]
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled “live fire” range events. […]
Passive web scanner. EllaScanner is a simple passive web scanner. Using this tool you can simply check your site’s security state. Usage: ./Start.py https:// or http:// Scanning of the site consists several phases: At the first phase, you can get recommendations related to http/https headers. The Second phase depends on information gather in the first […]
Selenium powered Python script to automate searching the web for vulnerable applications. DorkNet can take a single dork or a list of dorks as arguments. After the proper command line arguments have been passed, the script will use Selenium and Geckodriver to find the results we want and save them to a textfile for further […]
Intelligence and Reconnaissance Package/Bundle installer. IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering […]