β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.
F E A T U R E S :
Port scanning
Network mapping
Dos attack
Html code injection
Javascript code injection
Download intercaption and replacement
Sniffing
Dns spoofing
Background audio reproduction
Images replacement
Drifnet
Webpage defacement and more ...
Depencies:
nmap
hping3
build-essential
ruby-dev
libpcap-dev
libgmp3-dev
tabulate
terminaltables
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/LionSec/xerosploit
2) cd xerosploit && sudo python install.py
3) sudo xerosploit
4) CHOOSE option
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.
F E A T U R E S :
Port scanning
Network mapping
Dos attack
Html code injection
Javascript code injection
Download intercaption and replacement
Sniffing
Dns spoofing
Background audio reproduction
Images replacement
Drifnet
Webpage defacement and more ...
Depencies:
nmap
hping3
build-essential
ruby-dev
libpcap-dev
libgmp3-dev
tabulate
terminaltables
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/LionSec/xerosploit
2) cd xerosploit && sudo python install.py
3) sudo xerosploit
4) CHOOSE option
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - LionSec/xerosploit: Efficient and advanced man in the middle framework
Efficient and advanced man in the middle framework - LionSec/xerosploit
Forwarded from DailyCVE
π΅Ethereum Aleth denial of service vulnerability:
https://dailycve.com/ethereum-aleth-denial-service-vulnerability-0
https://dailycve.com/ethereum-aleth-denial-service-vulnerability-0
Dailycve
Ethereum Aleth denial of service vulnerability | CVE
Details:
Ethereum Aleth is an Ethereum community customer program built on the C++ language that follows the Ethereum protocol.
Version <=1.8.0 of the Aleth Ethereum C++ client has a service denial flaw. The weakness originates in the config.json fileβ¦
Forwarded from DailyCVE
Dailycve
OFCMS has XSS vulnerability | CVE
Details:
OFCMS is a Java version of the CMS framework, a Java technology-based content management system.
OFCMS has a vulnerability to XSS. This vulnerability can be exploited by attackers to access personal information, such as user cookies.
References:β¦
Forwarded from UNDERCODE NEWS
Unilever CEO: "Employees will never return to the office five days a week"
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty references :
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
β β β Uππ»βΊπ«Δπ¬πβ β β β
HackerOne
Anghami - Bug Bounty Program | HackerOne
The Anghami Bug Bounty Program enlists the help of the hacker community at HackerOne to make Anghami more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminallyβ¦
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Espressif ESP-IDF buffer error vulnerability:
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability
Dailycve
Espressif ESP-IDF buffer error vulnerability | CVE
Details:
Espressif ESP-IDF is a development platform developed by Espressif for the Internet of Things. There is a buffer error flaw in Espressif ESP-IDF, which can be abused by attackers to crash applications. The following products and versions areβ¦
Forwarded from DailyCVE
Dailycve
SaferVPN security vulnerabilities | CVE
Details:
SaferVPN SaferVPN, a VPN alternative, is SaferVPN. SaferVPN 5.0.3.3 to 5.0.4.15 has security bugs that attackers can manipulate to improve their privileges.
Affected Versions:
5.0.3.3 to 5.0.4.15
References:
https://vimeo.com/459654003β¦
Forwarded from UNDERCODE NEWS
Google, "Through four zero-day vulnerabilities, someone attacks Windows and Android"
#Vulnerabilities
#Vulnerabilities
UNDERCODE COMMUNITY
Do you wat this apple script ?
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
WELL DONE !!!
This program provides further decompiling and decoding of a disassembled run-only AppleScript.
For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler
Running this program will create a new file from the input file annotated with:
1) AEVT codes and their human-readable descriptions;
2) Decoded hard-coded strings;
3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>
4) where <file> is a text file output from the AppleScript-Disassembler.
aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Jinmo/applescript-disassembler: A simple run-only applescript disassembler
A simple run-only applescript disassembler. Contribute to Jinmo/applescript-disassembler development by creating an account on GitHub.
Forwarded from DailyCVE
π΅A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client):
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client
Dailycve
A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client) | CVE
Details:
Qiyou E-sports Accelerator is an e-sports-level online competitive gaming accelerator.
There is a DLL hijacking flaw in the Unusual Games E-sports accelerator (Windows client). Attackers are able to run malicious code exploiting this loophole.β¦
Forwarded from DailyCVE
π΅Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities:
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities
Dailycve
Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities | CVE
Details:
Zhejiang Lande Network Technology Co., Ltd.'s business scope covers: computer applications, network technology and product creation, professional services, incorporation of computer systems, and technical services for intelligent buildingβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
CEO of Twitter: Trump's ban is the right decision, but it sets a troubling precedent.
#International
#International
Forwarded from DailyCVE
π΅File upload vulnerability exists in CatfishCMS:
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
https://dailycve.com/file-upload-vulnerability-exists-catfishcms
Dailycve
File upload vulnerability exists in CatfishCMS | CVE
Details:
Catfish CMS is a PHP content management framework which is free and open source.
CatfishCMS has a weakness for file transfer, which can be used to access server access permissions by attackers.
References:
http://www.catfish-cms.com/