Kubernetes-Goat – Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

  The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer to https://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some   Upcoming Training’s and Sessions DEFCON DEMO Labs https://forum.defcon.org/node/237237 Cloud Village – DEFCON https://cloud-village.org/#talks?collapseMadhuAkula Recent KubernetesRead More

Ad-Honeypot-Autodeploy – Deploy A Small, Intentionally Insecure, Vulnerable Windows Domain For RDP Honeypot Fully Automatically

Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirtwith QEMU/KVM (but it can be customized easily for cloud-based solutions). Used for painlessly set up a small Windows Domain from scratch automatically (without user interaction) for the purpose of RDP Honeypot testing. Features a Domain Controller,Read More

Allsafe – Intentionally Vulnerable Android Application

Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy hacking! Useful Frida Scripts IRead More

Regexploit – Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service (ReDoS). More info on the Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input strings can make the regular expression matcher go into crazy backtracking loopsRead More

Metarget – Framework Providing Automatic Constructions Of Vulnerable Infrastructures

1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. 1.1 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spent on testing PoC orRead More

Damn-Vulnerable-GraphQL-Application – Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook’s GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook’s GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities. DVGA has numerousRead More

Fawkes – Tool To Search For Targets Vulnerable To SQL Injection (Performs The Search Using Google Search Engine)

Fawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine. Options -q, –query – Dork that will be used in the search engine. -r, –results – Number of results brought by the search engine. -s, –start-page – Home page of search results. -t, –timeout – TimeoutRead More

Damn-Vulnerable-Bank – Vulnerable Banking Application For Android

Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application. How to Use Application Clone the repository and run the Backend Server as per instructions in the link. We have released the Apk so after downloading install it via adbRead More

CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation _____ _________________ ___________ / __ / ___| ___ ___| ___| ___ | / / `–.| |_/ / |_ |Read More

Vulnerable-AD – Create A Vulnerable Active Directory That’S Allowing You To Test Most Of Active Directory Attacks In Local Lab

Create a vulnerable active directory that’s allowing you to test most of active directory attacks in local lab.Main Features Randomize Attacks Full Coverage of the mentioned attacks you need run the script in DC with Active Directory installed Some of attacks require client workstation Supported Attacks Abusing ACLs/ACEs Kerberoasting AS-REP Roasting Abuse DnsAdmins Password inRead More

X