SSLUnpinning : Android app to bypass SSL certificate validation (Certificate...
SSLUnpinning is a Android app to bypass SSL certificate validation (Certificate Pinning). In high security enviroments SSL pinning is important as an additional security measure. Description: If you...
View ArticleClik here to view.
Updates Nikto v-24.03.2015 : a web server assessment tool.
Changelog v-24.03.2015: + databases; – Test for adminer.php – Some changes to headers and support for X-Clacks-Overhead – Additions to axis2 checks and fixes for jenkins/hudson + Plugin ; Add patch to...
View ArticleUpdates Poet v-0.4 – A simple POst-Exploitation Tool.
Change 27.03.2015: + Make client interval arg optional ; Give it a default value of 600s (10 min) + Overhaul build system and project structure – Create src/ directory for client/server.py files and...
View ArticleClik here to view.
Pr0t0s released : Phishing Panel API.
The Phishig panel on the basis of the Tools panel backdoors programmed. The panel is designed for ease of use and range. 100% The error in the panel incur ONLY due to incorrect adjustment. The panel...
View ArticleClik here to view.
HTTPSScan – Shell script for testing the SSL/TLS Protocols
HTTPSScan is a Shell script for testing the SSL/TLS Protocols. HTTPSScan is a Shell script for testing the SSL/TLS Protocols. Check for SSL/TLS Vulnerabilities: – SSLv2 (CVE-2011-1473) – TLS CRIME...
View ArticleThe Cleveridge SSH Scanner is a SSH Brute Force tool written in python.
The Cleveridge SSH Scanner is a SSH Brute Force tool written in python. The tool tries to get access to machines (IPv4) on the SSH port (22). When the machines is accessible on port 22, the tool brute...
View ArticleClik here to view.
Updates Android Network Spoofer v-2.3.0
Changelog v-2.3.0: + Experimental Lollipop 5.1 support + Fixed the blue ball machine + Added “Generate device report” – allows device info to be emailed to developers for easier support. Network...
View ArticleClik here to view.
Exploit for the toy vulnerability.
The full code for the mitigation bypass is provided as well as a toy example to experiment with the vulnerability. Please be aware that the provided driver has been made only to be exploited and is a...
View ArticleClik here to view.
Poodle Attack – PoC implementation of the POODLE attack.
Intoduction: SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 [RFC2246], TLS 1.1 [RFC4346], and TLS 1.2...
View ArticleClik here to view.
Updates Exploits v-20/05/2015 : Miscellaneous proof of concept exploit code.
Changelog and tool added 20/05/2015: Add SuiteShell : Exploit for SuiteCRM Post-Authentication Shell Upload. Disclosure Timeline: 05/05/2015: Vulnerability discovered and validated. SuiteCRM contacted...
View ArticleClik here to view.
Updates Veil-Evasion v-2.20.1 : is a tool designed to generate metasploit...
Released.: 2.20.1 [5.29.2015]: + Modified.: Python payloads now include McAfee bypass… oh antivirus…. avlol Veil-Evasion is a tool designed to generate metasploit payloads that bypass common anti-virus...
View ArticleClik here to view.
Chimera Beta – Simple FTP/FTPS dictionary bruteforcer.
Chimera is a Simple FTP/FTPS dictionary bruteforcer. Chimera is a Simple FTP/FTPS dictionary bruteforcer. Features: – Multithreaded / Concurrency – Default Wordlist – FTP & FTPS Protocols – SSL/TLS...
View ArticleCrhash – a customizable hash brute forcer.
crhash is a hackable hash cracker, meant to be customized for your special cracking needs. Basically it’s just a framework to enumerate strings given a pattern and a charset and you can plug in your...
View ArticlePyxiewps is a wireless attack tool to retrieve the WPS pin in seconds.
Pyxiewps is a wireless attack tool writen in python that uses reaver, pixiewps, macchanger and aircrack to retrieve the WPS pin of any vulnerable AP in seconds. It is meant for educational purposes...
View ArticlePython and Perl script to exploit ASP.net Padding Oracle vulnerability.
Python and Perl script to exploit ASP.net Padding Oracle vulnerability. + vuln scanning for ASP.NET padding oracle. + PadBuster v0.3.3 – Automated script for performing Padding Oracle attacks....
View ArticleClik here to view.
Msfvenom Payload Creator (MPC).
Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload....
View ArticleClik here to view.
oxml_xxe : A tool for embedding XXE exploits into OXML documents.
oxml_xxe : This tool is meant to help test XXE vulnerabilities in OXML document formats. Latest Change : oxml_xxe.rb : pdf/gif poc code Support ffice Open XML (OpenXML; OOXML; OXML) + *.docx, *.pptx,...
View ArticleClik here to view.
Buffer Overflow Attack to run unreachable code.
The attak-string program wil generate a string used to cause a buffer overflow in a vulnerable program and have it to call a function. Based on the buffer size in the porgram, the attack program will...
View ArticleClik here to view.
NodeJS HTTP(S) Login Form Bruteforcer.
A number of great open source bruteforce tools exist. However they are not able to handle the nonce-based CSRF protection embedded into Rails and Django. This tool addresses this by first grabbing the...
View ArticleClik here to view.
Scapyarpspoof is a Simple effective and useful ARP spoofer script with scapy.
scapyarpspoof is a Simple effective and useful ARP spoofer script with scapy. This will arpspoof x.x.x.5 on your network sending requests to the target and replies to the router. Classic MiTM using ARP...
View Article