Browsing tag
XAttacker is a Website Vulnerability Scanner & Auto Exploiter developed by Mohamed Riahi Auto Cms Detect [1] WordPress : [+] Adblock Blocker [+] WP All Import [+] Blaze [+] Catpro [+] Cherry Plugin [+] Download Manager [+] Formcraft [+] levoslideshow [+] Power Zoomer [+] Gravity Forms [+] Revslider Upload Shell [+] Revslider Dafece Ajax [+] […]
The maker of a sneaky adware that hijacks a user’s browser to serve ads is back with a new, more advanced version — one that can gain root privileges and spy on the user’s activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The […]
Shodanwave is a tool for exploring and obtaining information from cameras specifically Netwave IP Camera. The tool uses a search engine called shodan that makes it easy to search for cameras online. What does the tool to? Look, a list! Search Brute force SSID and WPAPSK Password Disclosure E-mail, FTP, DNS, MSN Password Disclosure Exploit […]
Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below. PS: This is not a complete tool some things may break so take […]
Automated script to search in SMB protocol for availables pipe names. Requirements metasploit-framework wget pipe_audit_v2.rb module (https://github.com/peterpt/pipe_auditor_fb) – It will be installed on first run How to Run git clone https://github.com/peterpt/pipe_finder.git cd pipe_finder && ./pipef Screenshots Notes: This script can be copied to a system path , it will run independently . Download […]
sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow […]
Zeus is an advanced reconnaissance utility designed to make web application reconnaissance simple. Zeus comes complete with a powerful built-in URL parsing engine, multiple search engine compatibility, the ability to extract URLs from both ban and webcache URLs, the ability to run multiple vulnerability assessments on the target, and is able to bypass search engine […]
A proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization. Description ysoserial.net is a collection of utilities and property-oriented programming “gadget chains” discovered in common .NET libraries that can, under the right conditions, exploit .NET applications performing unsafe deserialization of objects. The main driver program takes a user-specified command and wraps it in […]
If you’re currently working on a macOS-powered machine, there are good chances that you might be running the latest macOS High Sierra operating system. In what could be one of the most recent and biggest flaws in macOS security, a bug allows anyone to gain the complete control over your computer without any password. This bug was spotted […]
Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although originally focused solely on privacy violations, WPM now encompasses measuring security violations on the web as well. […]
OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn’t require setting up a server on the internet somewhere or using a third party file-sharing service. […]
This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script (made by @x0rz ) in the orig directory. You can also download my slightly optimized script in the main directory. The file is named fsp.ps1. Script-Features Some (good) spyware […]
Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. Some benefits One of its most enticing functions is the remote recognition of sessions. You can […]
Tweep is an advanced Twitter scraping tool written in python that allows for scraping Tweets and pictures from Twitter profiles without using Twitter’s API. Benefits Some of the benefits of using Tweep vs Twitter API: Fast initial setup Can be used anonymously No rate limitations Can fetch all Tweets (Twitter API limits to last 3200 […]
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use […]
During the last hours, ESET researchers noticed that Eltima, the makers of the Elmedia Player software, have been distributing a version of their application trojanized with the OSX/Proton malware on their official website. ESET contacted Eltima as soon as the situation was confirmed. Eltima was very responsive and maintained an excellent communication with us throughout the incident. Timeline […]
If you have updated your MacOS from the older version to MacOS High Sierra make sure you also apply the new security patch released by Apple to protect your device from third-party intrusion. As you already know, the latest version of Apple’s desktop operating system MacOS High Sierra has hit the market with a lot of new […]
EFI Firmware Attack is one of the most popular and critical tips that any security expert strongly suggests to follow to avoid major computer attacks. However, even if you attempt to install any corrupted software update that comes to your system, there is a good chance that your computer will be obsolete and vulnerable. Researchers […]
We’ve been hearing the phrase “year of the Linux desktop” from times immemorial. The FOSS and Linux community tosses up this idea at the beginning of a new year and expects the Linux adoption to rise exponentially in the upcoming months. While a complete Linux dominance in the desktop scene looks like a far-fetched dream, […]
We all know what CIA is capable of but what WikiLeaks has been publishing lately under the Vault 7 leaks series is simply astonishing. According to the latest set of information provided by WikiLeaks in its ongoing Vault 7 leaks saga, the CIA developed three dangerous malware for Linux and macOS systems. The malware were […]
Yes, even Mac could have viruses that could spy on their users silently. So if you have a Mac and think it is immune to malware, you’re wrong. An Undetectable Malware Targeting Mac Computers. An unusual piece of malware that can take remote control of the webcam, screen, mouse, keyboards and install other malicious software this […]