Allsafe – Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts IRead More

Regexploit – Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service (ReDoS). More info on the Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input strings can make the regular expression matcher go into crazy backtracking loopsRead More

Metarget – Framework Providing Automatic Constructions Of Vulnerable Infrastructures

1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. 1.1 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spent on testing PoC orRead More

Damn-Vulnerable-GraphQL-Application – Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook’s GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook’s GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities. DVGA has numerousRead More

Fawkes – Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More

Damn-Vulnerable-Bank – Vulnerable Banking Application For Android

Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application. How to Use Application Clone the repository and run the Backend Server as per instructions in the link. We have released the Apk so after downloading install it via adbRead More

CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation _____ _________________ ___________ / __ / ___| ___ ___| ___| ___ | / / `–.| |_/ / |_ |Read More

Vulnerable-AD – Create A Vulnerable Active Directory That’S Allowing You To Test Most Of Active Directory Attacks In Local Lab

Create a vulnerable active directory that’s allowing you to test most of active directory attacks in local lab.Main Features Randomize Attacks Full Coverage of the mentioned attacks you need run the script in DC with Active Directory installed Some of attacks require client workstation Supported Attacks Abusing ACLs/ACEs Kerberoasting AS-REP Roasting Abuse DnsAdmins Password inRead More

dorkScanner – A Typical Search Engine Dork Scanner Scrapes Search Engines With Dorks That You Provide In Order To Find Vulnerable URLs

A typical search engine dork scanner that scrapes search engines with queries that you provide in order to find vulnerable URLs.IntroductionDorking is a technique used by newsrooms, investigative organisations, security auditors as well as tech savvy criminals to query various search engines for information hidden on public websites and vulnerabilities exposed by public servers. DorkingRead More

X