secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
secDevLabs:-- A #laboratory for learning #secure #web #development in a #practical manner.
By provisioning local #environments via docker-compose, you will learn how the most #critical web #application #security risks are #exploited and how these #vulnerable codes can be fixed to mitigate them.
After forking this repository, you will find multiple intended vulnerable apps based on real-life scenarios in various languages such as #Golang, #Python and #PHP. A good start would be installing the ones you are most familiar with. You can find instructions to do this on each of the apps.
#Download #Link:-
https://github.com/globocom/secDevLabs
Photos from National Cyber Security Services's post
UFONet - #Denial of #Service Toolkit.
#UFONet is a #toolkit designed to launch #DDoS and #DoS #attacks.it runs on many platforms. It requires #Python (>=3) and requires :-#whois,#pycurl,#geoip,#crypto,#scanpy,#requests.
#Download #Link:-
https://github.com/epsylon/ufonet
UFONet - #Denial of #Service Toolkit.
#UFONet is a #toolkit designed to launch #DDoS and #DoS #attacks.it runs on many platforms. It requires #Python (>=3) and requires :-#whois,#pycurl,#geoip,#crypto,#scanpy,#requests.
#Download #Link:-
https://github.com/epsylon/ufonet
Photos from National Cyber Security Services's post
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
hidden-tear- #ransomware #open-#sources
It's a ransomware-like file #crypter sample which can be modified for specific purposes.
Features:-
-Uses #AES #algorithm to #encrypt files.
-Sends encryption key to a #server.
-Encrypted files can be #decrypt in #decrypter program with encryption key.
-Creates a text file in Desktop with given message.
-Small file size (12 KB)
-Doesn't detected to #antivirus programs
#Download #Link:-
https://github.com/goliate/hidden-tear
Photos from National Cyber Security Services's post
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
WordPress-PT:-- #Exploiting #Wordpress #vulnerabilities discovered via #WPScan.
Objective: Find, #analyze, recreate, and #document five vulnerabilities affecting an old version of WordPress.
Setup:-
1. #VirtualBox - #Virtual #machine #manager.
2. #Kali #Linux - #Attack #OS of choice.
3. #WPDistillery - Creating a locally hosted Wordpress #site.
4. #WPScan - #Vulnerability #scanner.
1. CVE-2018-6390 - Denial Of Service Overflow (#DOS)
2. CVE-2015-5622 - Cross-Site Scripting (#XSS)
3. CVE-2017-9061 - Error in Upload when the file's too large
4. CVE 2015-5714 - Shortcode Tags
5. CVE 2017-6817 - Authenticated XSS in #Youtube #URL Embeds
#Download #Link:-
https://github.com/bryanvnguyen/WordPress-PT
Photos from National Cyber Security Services's post
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
XSRFProbe:-- The Prime Cross-Site Request Forgery (#CSRF) #Audit and #Exploitation #Toolkit.
#XSRFProbe is an #advanced Cross-Site Request Forgery (CSRF/ #XSRF) Audit and Exploitation Toolkit. Equipped with a #powerful crawling engine and numerous systematic checks, it is able to detect most cases of CSRF #vulnerabilities, their related #bypasses and further generate (#maliciously) exploitable proof of concepts with each found vulnerability.
Features:-
1. Performs several types of checks before declaring an endpoint as #vulnerable.
2. Can detect several types of Anti-CSRF tokens in POST requests.
3. Works with a powerful crawler that features continuous crawling and scanning.
4. Out of the box support for custom #cookie values and generic headers.
5. Accurate Token-Strength Detection and Analysis using various #algorithms.
6. It can generate both normal as well as maliciously exploitable CSRF proof of concepts.
7. Well documented code and highly generalized #automated workflow.
8. The user is in control of everything whatever the scanner does.
9. Has a user-friendly interaction #environment with full verbose support.
10. Detailed logging system of errors, vulnerabilities, tokens, and other stuff.
#Download #Link:-
https://github.com/0xInfection/XSRFProbe
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky
Rucky:-- A simple to use #USB #HID #Rubber #Ducky LaunchPad for #Android.
A USB HID Rubber Ducky Script All-In-One tool.
#Download #Link:-
https://github.com/mayankmetha/Rucky