An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Soon...
https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
Webpack-信息收集工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:小洲 团队:横戈安全团队,未来一段时间将陆续开源工具,欢迎关注微信公众号: 定位:协助红队人员快速的信息收集,测绘目
Subdomain enumeration,Web scraping and finding usernames automation script written in python
Kunyu(坤舆) - More efficient corporate asset collection English | 中文文档 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is act
MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def
Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux
log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do
An Obfuscation-Neglect Android Malware Scoring System Quark-Engine is also bundled with Kali Linux, BlackArch. A trust-worthy, practical tool that's r
EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di
MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl
Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的clas
jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br
StrongBox 🔐 A secure way of storing your passwords. 🔑 Why to use StrongBox? StrongBox makes it possible to have a random generated strong password i
tinyman_exploit_finder There was a big tinyman exploit. You can read about it he
Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/
ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,
IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t
A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts
PyExtractor is a decompiler that can fully decompile exe's compiled with pyinstaller or py2exe with additional features such as malware checker/detector! Also checks file(s) for suspicious words, dis
CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz
Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett
214 Dec 19, 2022
12 Nov 22, 2022
772 Jan 05, 2023
2.2k Jan 08, 2023
15 May 21, 2022
2 Dec 12, 2021
1k Jan 04, 2023
240 Dec 21, 2022
2 Mar 19, 2022
75 Nov 25, 2022
194 Jan 01, 2023
5 Dec 25, 2021
9 Dec 27, 2022
81 Dec 23, 2022
18 Nov 22, 2021
133 Dec 24, 2022
12 Dec 30, 2022
56 Jul 31, 2022
30 Nov 19, 2022
622 Jan 04, 2023