Exploitation / Network PenTest
by do son · Published October 21, 2017 · Last modified November 4, 2024
NodeJS Debugger Command Injection /exploits/multi/misc/nodejs_v8_debugger.rb Metasploit module This module uses the “evaluate” request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to...
Social-Engineering-Payloads This is a collection of generic payloads that I have used successfully for the red team and social engineering assessments. Any questions, comments, or concerns should be addressed to t3ntman@gmail.com or...
WebDAVC2 LAST/CURRENT VERSION: 0.3 Author: Arno0x0x – @Arno0x0x WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent, running on...
wePWNise wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked...
DDEAutoCS A cobalt strike script that integrates DDEAuto Attacks (launches a staged powershell CS beacon) Author: Matt Ettelaie (github.com/p292) (https://uk.linkedin.com/in/mettelaie) KPMG UK Cyber Defence Services – kpmg.co.uk/cyber Credits to @armitagehacker...
Exploitation / Network PenTest
by do son · Published October 15, 2017 · Last modified November 4, 2024
ASLRay Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying Properties: ASLR bypass Cross-platform Minimalistic Simplicity Unpatchable Dependencies: Linux 2.6.12+ – will work on any x86-64 Linux-based OS BASH –...
Exploitation / Network PenTest
by do son · Published October 15, 2017 · Last modified November 12, 2017
EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test, often times companies leverage egress filtering in order to prevent...
Exploitation / Network PenTest
by do son · Published October 13, 2017 · Last modified November 5, 2017
Avoidz v1.3 tools to bypass most Anti Virus software This tool Generate encoded powershell with Metasploit payloads, convert C, C#, py, go Templates to EXE’s Author: Mascerano Bachir [...
FireAway-Next Generation Firewall Bypass Tool Fireaway is a tool for auditing, bypassing, and exfiltrating data against layer 7/AppID inspection rules on next generation firewalls, as well as other deep packet...
Exploitation / Network PenTest
by do son · Published October 10, 2017 · Last modified November 4, 2024
CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0 Apache Tomcat 8.5.0 to 8.5.22 Apache Tomcat...
CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution (RCE) vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled (via setting the “read-only” initialization parameter of the Default servlet to “false”)...
Embed and hide any file in HTML Author: Arno0x0x – @Arno0x0x What this tool does is taking a file (any type of file), encrypt it, and embed it into an HTML...
DNS Delivery Author: Arno0x0x – @Arno0x0x DNSDelivery provides delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel. DNSDelivery has to sides: The server side, coming...
Exploitation / Network PenTest
by do son · Published September 28, 2017 · Last modified November 4, 2024
isip Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Install git clone https://github.com/halitalptekin/isip.git cd isip pip install -r requirements.txt Usage Packet...
Exploitation / Network PenTest
by do son · Published September 25, 2017 · Last modified November 4, 2024
zirikatu – Fud Payload generator script Download git clone https://github.com/pasahitz/zirikatu.git Usage Run zirikatu chmod +x zirikatu.sh ./zirikatu.sh Generate FUD payload. Choose a payload Change icon, if you want Start msf listener Get meterpreter session...
Support Securityonline.info site. Thanks!
