Forwarded from CYBER TRICKS ZONE 🇮🇳🚩 (𝙋𝙧𝙤𝙩𝙤𝙘𝙤𝙡 𝙉𝙞𝙘𝙠)
Bugbounty Notes 📒
Inclue OWASP Top 10 And more
#bugbounty #Infsoec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out 👌
Inclue OWASP Top 10 And more
#bugbounty #Infsoec
Amazing Git Repo : https://github.com/Voorivex/pentest-guide
Check This Out 👌
GitHub
GitHub - Voorivex/pentest-guide: Penetration tests guide based on OWASP including test cases, resources and examples.
Penetration tests guide based on OWASP including test cases, resources and examples. - Voorivex/pentest-guide
👍1
GHunt (v2) is Google's offensive framework designed for efficient development. It is currently focused on OSINT, but any Google-related usage is possible..
♾ https://github.com/mxrch/GHunt
♾ https://systemweakness.com/google-mail-hacking-ghunt-v2-gmail-osint-6c76ce78ad35
♾ https://github.com/mxrch/GHunt
♾ https://systemweakness.com/google-mail-hacking-ghunt-v2-gmail-osint-6c76ce78ad35
⚙️ Complete Bug Bounty tool List ⚙️
Enjoy :)
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
Nmap https://nmap.org
Masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
@freehackingresources
Enjoy :)
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
Nmap https://nmap.org
Masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
@freehackingresources
GitHub
GitHub - rbsec/dnscan
Contribute to rbsec/dnscan development by creating an account on GitHub.
👌2
MYBB_1.8.32_LFI_RCE
MyBB 1.8.32 – Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script…
Download: https://system32.ink/news-feed/p/194/
MyBB 1.8.32 – Chained LFI Remote Code Execution (RCE) (Authenticated) python exploit script…
Download: https://system32.ink/news-feed/p/194/
hackebds(2023.1.29 0.3.3)
Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal,Pure static backdoor .Armv5, Armv7, Armv8, mipsel, mips,mips64,mipsel64,powerpc, powerpc64,sparc,sparc64 are now supported, and they are still being updated (PS:bash support is added to the reverse shell after version 0.3.1). If the backdoor of the reverse shell is generated with the - power parameter, the reverse shell will continue to be generated on the target machine)
Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips, mips64, mipsel64, powerpc, powerpc64,sparc are now supported, and they are still being updated|
Generate bind of various architectures bind_Shell file.
Support command line generation backdoor and shell code, Strong anti hunting ability,characterized by light, small, efficient and fast
Download: https://system32.ink/news-feed/p/204/
Generate backdoor programs of various architectures. The backdoor program is packaged in shellless pure shellcode and is smal,Pure static backdoor .Armv5, Armv7, Armv8, mipsel, mips,mips64,mipsel64,powerpc, powerpc64,sparc,sparc64 are now supported, and they are still being updated (PS:bash support is added to the reverse shell after version 0.3.1). If the backdoor of the reverse shell is generated with the - power parameter, the reverse shell will continue to be generated on the target machine)
Generate reverse_shell shellcode of various architectures during the exploit process, and no null bytes, which facilitates the exploitation of memory corruption vulnerabilities on embedded devices. Armv5, Armv7, Armv8, mipsel, mips, mips64, mipsel64, powerpc, powerpc64,sparc are now supported, and they are still being updated|
Generate bind of various architectures bind_Shell file.
Support command line generation backdoor and shell code, Strong anti hunting ability,characterized by light, small, efficient and fast
Download: https://system32.ink/news-feed/p/204/
Forwarded from 卩ro 爪Cracker
CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack
https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html
https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html
Security Affairs
CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack
Lexmark released a firmware update to fix a remote code execution flaw, tracked as CVE-2023-23560, that impacts more than 100 printer models.
OSINT tool to investigate GitHub profiles
https://github.com/mxrch/gitfive
Receive your WhatsApp messages on Telegram
https://github.com/subinps/TG-WhatsApp
Detecting Windows x86 API hooking and modification
https://github.com/ytk2128/api-monitor32
Sharing directory and files from cli to ios and android devices without need of an extra clien app
https://github.com/parvardegr/sharingl
https://github.com/mxrch/gitfive
Receive your WhatsApp messages on Telegram
https://github.com/subinps/TG-WhatsApp
Detecting Windows x86 API hooking and modification
https://github.com/ytk2128/api-monitor32
Sharing directory and files from cli to ios and android devices without need of an extra clien app
https://github.com/parvardegr/sharingl
🏆1
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
Download: https://system32.ink/news-feed/p/198/
This will help to bypass WAF and execute PHP reverse shell for RCE.
Download: https://system32.ink/news-feed/p/198/
CVE-2022-26485 exploit(UAF in XSLT parameter processing, bugzilla )
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Mozilla have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <
⚠️Tested against Firefox 78.0 (Windows)
Download: https://system32.ink/news-feed/p/199/
Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Mozilla have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox <
97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. ⚠️Tested against Firefox 78.0 (Windows)
Download: https://system32.ink/news-feed/p/199/
👍3
PoC of CVE-2021-34514(Windows Kernel EoP vuln, ALPC OOB)
Download: https://system32.ink/news-feed/p/201/
Download: https://system32.ink/news-feed/p/201/
🔥🔥🔥VMware vRealize Log Insight VMSA-2023-0001 Technical Deep Dive
This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details about how this vulnerability works.
💥PoC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs:
💾 VMware vRealize Log Insight Directory Traversal Vulnerability
(CVE-2022-31706)
💾 VMware vRealize Log Insight broken access control Vulnerability
(CVE-2022-31704)
💾 VMware vRealize Log Insight contains an Information Disclosure Vulnerability
(CVE-2022-31711)
Download:https://system32.ink/news-feed/p/205/
This vulnerability is exploitable in the default configuration for VMware vRealize Log Insight. We have successfully reproduced this exploit and would like to provide the technical details about how this vulnerability works.
💥PoC for VMSA-2023-0001 affecting VMware vRealize Log Insight which includes the following CVEs:
💾 VMware vRealize Log Insight Directory Traversal Vulnerability
(CVE-2022-31706)
💾 VMware vRealize Log Insight broken access control Vulnerability
(CVE-2022-31704)
💾 VMware vRealize Log Insight contains an Information Disclosure Vulnerability
(CVE-2022-31711)
Download:https://system32.ink/news-feed/p/205/
Tracr: Compiled Transformers as a Laboratory for Interpretability
git clone https://github.com/deepmind/tracr
cd tracr6
pip3 install .7
https://github.com/deepmind/tracrhttps://arxiv.org/abs/2301.05062v1
GitHub
GitHub - google-deepmind/tracr
Contribute to google-deepmind/tracr development by creating an account on GitHub.
🤩2👍1