Security Training Share
Cheetah is a dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey. Cheetah’s working principle is that it can submit a large number of detection passwords based on...
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface....
Altman3 Introduction Altman3 is a penetration testing software, which is web-hosted on Github Pages. Up to now, the software is capable of: Webshell module: the xml definition is adopted for customized script type and function, as...
phpbash is a standalone, semi-interactive web shell. Its main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors,...
Introduce WeBaCoo – Web Backdoor Cookie Script-Kit. aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web...
PyShell – Shellify Your HTTP Command Injection! Did firewall get you down? Are your reverse-shell connection attempts being filtered? Are you stuck working solely over HTTP / HTTPS? Then this just might be just...
Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper. Chooper is a very cool webshell client with wide types of server-side...
ShellComm is a simple interactive CLI remote shell communicator. Sometimes, during a pentest, you get to upload a shell but you can’t upload a heavy, complex one for whatever reason. In those situations, you can...
Weevely is a webshell management tool written in python. Weevely tutorial article describes from basic to advance its most function on your penetration testing. Weevely is available on Kali Linux. Weevely is a command...
Like any thing has two sides, hackers can both malicious attacks damage, the same can also use their own technology to find the system vulnerabilities, defects, etc., and then notify the relevant enterprises to...
LDAP-credentials-collector-backdoor-generator Idea About This script Last year, during external network VAPT of a client I got inside the network using vulnerable web application. Once I was inside, I observed there is an intranet application...
b374k PHP Webshell This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser...
From SQL injection to RCE Once a MySQL database server has been compromised at the root level, it’s often possible to escalate this access to full system level access. In your penetration testing, it...
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most direct and effective, and...
Suggested Reading Linux news