XML External Entity – XXE Injection Payload List
In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to...
What are the Types of Malware Infecting Your Computer
Malware is a malicious computer program that is designed to infect your system and gain access to sensitive information without the user's permission. Software is referred to known as malware based upon the intention of the developer. If the intent of any software design is malicious – that program is considered malware. Based on the intent of the intruder or hacker, malware can be...
Corsy : CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known mis-configurations in CORS implementations. Requirements It only works with Python 3 and has the following depencies: tldrequests To install these dependencies, navigate to the tool directory and execute pip3 install -r requirements.txt Also Read - Glances : Top/htop Alternative For GNU/Linux, BSD, Mac OS & Windows OS Usage Using Corsy is pretty simple python3 corsy.py -u https://example.com A...
Flan : A Pretty Sweet Vulnerability Scanner
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. It is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan Scan...
Antispy : Free But Powerful Anti Virus & Rootkits Toolkit
AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors. Development IDE: Visual Studio 2008Userspace: MFCWDK: WDK7600Third-party Library: Codejock toolkit pro Features Currently,the following features are available(including but...
RE:TERNAL : Repo Containing Docker-Compose Files & Setup Scripts
RE:TERNAL is a centralized purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities. The simulations are mapped to the MITRE ATT&CK framework. This repo contains the compose file in order to set up the reternal platform via docker. An additional...
SSHTunnel : SSH Tunnels To Remote Server
SSHTunnel is a tool for SSH tunnels to remote server. Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easy_install sshtunnel or conda install -c conda-forge sshtunnel to have it installed in your environment. For installing from source, clone the repo and run: python setup.py install Also Read - DetectionLab : Vagrant & Packer Scripts To Build A Lab Environment Testing The Package In order to run...
Glances : Top/htop Alternative For GNU/Linux, BSD, Mac OS & Windows OS
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface. It can also work in client/server mode. Remote monitoring could be done via terminal, Web interface or API (XML-RPC and RESTful). Stats can also be...
Leprechaun : Tool Used To Map Out Network Data Flow To Help Penetration Testers
Leprechaun purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment...
RDPThief : Extracting Clear Text Passwords From mstsc.exe Using API Hooking
RDPThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the shellcode in mstsc.exe. The DLL has been converted to shellcode using the sRDI...
.png "Shoggoth – Asmjit Based Polymorphic Encryptor")
