image
This project inspects Java libraries and classpaths for gadget chains. Gadgets chains are used to construct exploits for deserialization vulnerabilities. By automatically discovering possible gadgets chains in an application's classpath penetration testers can quickly construct exploits and application security engineers can assess the impact of a deserialization vulnerability and prioritize its remediation. This project was presented at Black Hat USA 2018. Learn more about it there! (Links pending) DISCLAIMER: This project is alpha at best. It needs tests and documentation added. Feel free to help by adding either! Building Assuming you have a JDK installed on your system, you should be able to just run ./gradlew shadowJar . You can then run the application with java -jar build/libs/gadget-inspector-all.jar <args> . How to Use This application expects as argument(s) either a path to a war file (in which case the war will be exploded and all of its classes and libraries used as a classpath) or else any number of jars. Note that the analysis can be memory intensive (and so far gadget inspector has not been optimized at all to be less memory greedy). For small libraries you probably want to allocate at least 2GB of heap size (i.e. with the -Xmx2G flag). For larger applications you will want to use as much memory as you can spare. The toolkit will go through several stages of classpath inspection to build up datasets for use in later stages. These…

Source

image
It's an information security audit tool that creates intelligent wordlists based on the content of the target page. Help us See some calculations used Install Need to: Python3.6 , Bash (GNU Bourne-Again SHell) Optional: Git , Groff git clone https://github.com/owasp/D4N155.git cd D4N155 pip3 install -r requirements.txt bash main Or whithout git wget -qO- https://github.com/owasp/D4N155/archive/master.zip | bsdtar -xf- cd D4N155-master pip3 install -r requirements.txt bash main Manual D4N155: Tool for smart audit security Usage: bash main <option> <value> All options are optionals Options: -w, –wordlist <url|ip> Make the smartwordlist based in informations on website. -t, –targets <file> Make the smart-wordlist based in your passed source informations in urls. -b, –based <file> Analyze texts to generate the custom wordlist -r, –rate <time> Defines time interval between requests -o, –output <file> For to store the all wordlist. -?a, –aggressive Aggressive reading with headless -h, –help Show this mensage. Value: <url | ip | source | file | time> URL URL target, example: scanme.nmap.org IP IP address TIME Time, example: 2.5. I.e: 00:00:02:30.. 0 are default FILE File, for save the result, get urls or using in wordlist Download…

Source

image
Simple way to disable/rename buttons from a task manager. Installation git clone https://github.com/Mrakovic-ORG/TaskManager-Button-Disabler cd TaskManager-Button-DisablerTaskManager Button Disabler dotnet build Features Rename kill proccess button Disable kill proccess button Works in TaskMgr, ProcessHacker etc… Download…

Source

image
Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star * The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :). INTRO WARNING: SUDO_KILLER is part of the KILLER project. SUDO_KILLER is still under development and there might be some issues, please create an issue if you found any. Other tool will be added to the KILLER project in the coming months so stay tuned up. Also ideas, bug reports, contributions are more than welcome ! Stay tuned : Follow me on twitter @ https://twitter.com/TH3xACE Overview SUDO_KILLER _ is a tool that can be used for privilege escalation on linux environment by abusing SUDO in several ways. The tool helps to identify misconfiguration within sudo rules, vulnerability within the version of sudo being used (CVEs and vulns) and the use of dangerous binary, all of these could be abused to elevate privilege to ROOT. SUDO_KILLER _ will then provide a list of commands or local exploits which could be exploited to elevate privilege. It is worth noting that the tool does not perform any exploitation on your behalf, the exploitation will need to be performed manually and this is intended. Features Some of the checks/functionalities that are performed by the tool. Misconfigurations Dangerous Binaries Vulnerable versions of sudo – CVEs Dangerous Environment…

Source

image
Adama Searches For Threat Hunting and Security Analytics A collection of known log and / or event data searches for threat hunting and detection. They enumerate sets of searches used across many different data pipelines. Implementation details are for ELK. Adama is part of the SpaceCake project which is a set of hunts, searches, alerts, visualizations and data pipelines for for intrusion detection, security analytics and threat hunting using F/OSS (free and open source) tools Download…

Source

image
Intelligence Tool but without API key What is Metabigor? Metabigor is Intelligence tool, its goal is to do OSINT tasks and more but without any API key. Installation go get -u github.com/j3ssie/metabigor Main features Discover IP Address of the target. Wrapper for running masscan and nmap on IP target. Do searching from command line on some search engine. Demo Example Commands # discovery IP of a company/organization echo "company" | metabigor net –org -o /tmp/result.txt # discovery IP of an ASN echo "ASN1111" | metabigor net –asn -o /tmp/result.txt cat list_of_ASNs | metabigor net –asn -o /tmp/result.txt # running masscan on port 443 for a subnet echo "1.2.3.4/24" | metabigor scan -p 443 -o /tmp/result.txt # running masscan on all port and nmap on open port cat list_of_IPs | metabigor scan –detail -o /tmp/result.txt # search result on fofa echo ‘title="RabbitMQ Management"' | metabigor search -x -v -o /tmp/result.txt Credits Logo from flaticon by freepik Disclaimer This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it's your fault, and your fault only. Download…

Source

image
RA pid B ig I P D ecoder What it is A CLI tool and library allowing to simply decode all kind of BigIP cookies. Features Support all 4 cookie formats CLI tool & library Hackable References Homepage / Documentation: https://orange-cyberdefense.github.io/rabid/ Author Made by Alexandre ZANNI ( @noraj ), pentester from Orange Cyberdefense. Download…

Source

image
Cross-site scripting labs for web application security enthusiasts List of Chall : ~ Chall 1 | URL ~ Chall 2 | Form ~ Chall 3 | User-Agent ~ Chall 4 | Referrer ~ Chall 5 | Cookie ~ Chall 6 | LocalStorage ~ Chall 7 | Login Page ~ Chall 8 | File Upload ~ Chall 9 | Base64 Encoding ~ Chall 10 | Removes Alert ~ Chall 11 | Removes Script ~ Chall 12 | Preg_replace ~ Chall 13 | HTML Entities ~ Chall 14 | Regex Filter #1 ~ Chall 15 | Regex Filter #2 ~ Chall 16 | Regex Filter #3 ~ Chall 17 | HTML Entities + URL Encode ~ Chall 18 | HTML Entities #2 (Special Character) ~ Chall 19 | HTML Entities #3 (Input Value) ~ Chall 20 | HTML Entities #4 (Input Value + Capitalizes) Screenshot : Instalation : Run your web server (XAMPP / LAMPP) Clone the repository and put the files in the /htdocs/xss-labs You can akses http://localhost:8080/xss-labs Happy Hacking ^_^ Visite website : https://www.tegal-1337.com/ Thnks for Abhi-M and Codepen for References Download…

Source

image
Parse & filter the latest CVEs from https://cve.mitre.org . Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails http://localhost:4000/cve?target=ruby%20on%20rails&year=2020 If you want to parse the latest year, use the "latest" keyword. http://localhost:4000/cve?target=ruby%20on%20rails&year=latest Getting started Download the project bundle install ruby rest.rb Requirements Ruby Docker (Optional, only required if you want to run through a container.) Environment You can switch between prod & dev at config/environment.rb You need to create one yourself, an example can be found here . Healthcheck The url will return a status code of 200 which means the api is healthy. If 200 is not shown then you should assume there is something wrong. http://localhost:4000/status Manage image Access You can access the api via http://localhost:4000/ You should be able to view the index page from the url. Build image docker build . -t cve-api Run image docker run -p 4000:4000 -d cve-api Get id docker ps Stop image docker stop ID Remove image docker rmi cve-api Download…

Source

image
NekoBotV1 | Auto Exploiter With 500+ Exploit 2000+ Shell Features : [+] WordPress : 1- Cherry-Plugin 2- download-manager Plugin 3- wysija-newsletters 4- Slider Revolution [Revslider] 5- gravity-forms 6- userpro 7- wp-gdpr-compliance 8- wp-graphql 9- formcraft 10- Headway 11- Pagelines Plugin 12- WooCommerce-ProductAddons 13- CateGory-page-icons 14- addblockblocker 15- barclaycart 16- Wp 4.7 Core Exploit 17- eshop-magic 18- HD-WebPlayer 19- WP Job Manager 20- wp-miniaudioplayer 21- wp-support-plus 22- ungallery Plugin 23- WP User Frontend 24- Viral-options 25- Social Warfare 26- jekyll-exporter 27- [cloudflare](<https://www.kitploit.com/search/label/CloudFlare> "cloudflare" ) plugin 28- realia plugin 29- woocommerce-software 30- enfold-child Theme 31- contabileads plugin 32- prh-api plugin 33- dzs-videogallery plugin 34- mm-plugin 35- Wp-Install 36- Auto BruteForce [+] Joomla 1- Com_adsmanager 2- Com_alberghi 3- Com_CCkJseblod 4- Com_extplorer 5- Com_Fabric 6- Com_facileforms 7- Com_Hdflvplayer 8- Com_Jbcatalog 9- Com_JCE 10- Com_jdownloads 11- Com_Joomanager 12- Com_Macgallery 13- Com_media 14- Com_Myblog 15- Com_rokdownloads 16- Com_s5_media_player 17- Com_SexyContactform 18- Joomla core 3.x RCE 19- Joomla core 3.x RCE [2019] 20 – Joomla Core 3.x Admin Takeover 21 – Auto BruteForce 22 – Com_b2jcontact 23 – Com_bt_portfolio 24 – Com_civicrm 25 – Com_extplorer 26 – Com_facileforms 27 – Com_FoxContent 28 – Com_jwallpapers 29 – Com_oziogallery 30 – Com_redmystic…

Source