CamRaptor – Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. Features Exploits vulnerabilities in most popular camera models such as Novo, CeNova and QSee. Optimized to exploit multiple cameras at one time from list with threading enabled. Simple CLI and API usage. Installation pip3 install git+https://github.com/EntySec/CamRaptor Basic usageRead More

Dent – A Framework For Creating COM-based Bypasses Utilizing Vulnerabilities In Microsoft’s WDAPT Sensors

More Information If you want to learn more about the techniques utlized in this framework please take a look at this article. Description This framework generates code to exploit vulnerabilties in Microsoft Defender Advanced Threat Protection’s Attack Surface Reduction (ASR) rules to execute shellcode without being detected or prevented. ASR was designed to be theRead More

Php_Code_Analysis – San your PHP code for vulnerabilities

This script will scan your code the script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI command_injection features fast simple report usage: python code.py <file name> >>> this will scan one filepython code.py >>> this will scan full folder (.)python code.py <path> >>> scan full folder Download Php_Code_Analysis

DNSObserver – A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester’s server for out-of-band DNS interactions and sends notifications with the received request’s details via Slack. DNSObserver can help you find bugs such as blind OS command injection, blind SQLi, blind XXE, and manyRead More

Nginxpwner – Tool to look for common Nginx misconfigurations and vulnerabilities

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Install: cd /optgit clone https://github.com/stark0de/nginxpwnercd nginxpwnerchmod +x install.sh./install.sh Usage: Target tab in Burp, select host, right click, copy all URLs in this host, copy to a filecat urllist | unfurl paths | cut -d”/” -f2-3 | sort -u > /tmp/pathlist Or getRead More

Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities

VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability databases, which in itself does not make sense becauseRead More

ThreatMapper – Identify Vulnerabilities In Running Containers, Images, Hosts And Repositories

The Deepfence Runtime Threat Mapper is a subset of the Deepfence cloud native workload protection platform, released as a community edition. This community edition empowers the users with following features: Visualization: Visualize kubernetes clusters, virtual machines, containers and images, running processes, and network connections in near real time. Runtime Vulnerability Management: Perform vulnerability scans onRead More

Watson – Enumerate Missing KBs And Suggest Exploits For Useful Privilege Escalation Vulnerabilities

[*] Watson is a .NET tool designed to enumerate missing KBs and suggest exploits for Privilege Escalation vulnerabilities. Supported Versions Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, 1909, 2004 Server 2016 & 2019 Usage C:> Watson.exe __ __ _ / / / __ _| |_ ___ ___ _ __ / / /Read More

KICS – Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. Support of other solutions and additional cloud providers are on the roadmap. Getting StartedRead More

cve_manager_VS – A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule

A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product on github originally by Antonios Atlasis SyncsRead More

X