Kadimus - LFI Scanner & Exploitation Tool

Kadimus – LFI Scanner & Exploitation Tool

Kadimus is an LFI scanner and exploitation tool for Local File Inclusion vulnerability detection and intrusion. Installation

Then you can run the configure file:

Then:

Features Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
LastPass Leaking Passwords Via Chrome Extension

LastPass Leaking Passwords Via Chrome Extension

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Password Cracking, Web Hacking | Add a Comment
SessionGopher - Session Extraction Tool

SessionGopher – Session Extraction Tool

SessionGopher is a PowerShell Session Extraction tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. The tool can find and decrypt saved session information for remote access tools. It has WMI functionality built in so it can be run remotely, its […]

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Windows Hacking | Add a Comment
Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version

We actually use Ubiquiti Wi-Fi Gear and have found it pretty good, I didn’t realise their security was so whack and they were using PHP 2.0.1 from 1997! In this case a malicious URL can inject commands into a Ubiquiti device which surprise, surprise, runs the web service as root. Apparently, they also got scammed […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Wireless Hacking | Add a Comment
Powerfuzzer - Automated Customizable Web Fuzzer

Powerfuzzer – Automated Customizable Web Fuzzer

Powerfuzzer is a highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer) based on many other Open Source fuzzers available and information gathered from numerous security resources and websites. It was designed to be user-friendly, modern, effective and to work consistently. It is also designed and coded to be modular and extendable, […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment
Angry IP Scanner - Fast Network Scanner

Angry IP Scanner – Fast Network Scanner

Angry IP scanner is a very easy to use, fast network scanner – basically a cross-platform IP address and port scanner. It can scan IP addresses in any range as well as any their ports, it’s also very lightweight and doesn’t require any installation, it can be freely copied and used anywhere. Angry IP scanner […]

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
WikiLeaks Exposes Massive CIA Leak Including Hacking Tools

WikiLeaks Exposes Massive CIA Leak Including Hacking Tools

WikiLeaks has dropped another massive bomb called “Vault7“, basically a massive CIA leak which covers documents, correspondence, hacking tools, exploits and much more. It details sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Smart TVs. The first installment published already contains 7,818 web pages with 943 attachments […]

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Legal Issues, Privacy | Add a Comment
mongoaudit - MongoDB Auditing & Pen-testing Tool

mongoaudit – MongoDB Auditing & Pen-testing Tool

mongoaudit is a CLI tool for MongoDB auditing of servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB […]

Tags: , , , , , , , , , , ,

Posted in: Countermeasures, Database Hacking, Security Software | Add a Comment
Another MongoDB Hack Leaks Two Million Recordings Of Kids

Another MongoDB Hack Leaks Two Million Recordings Of Kids

No surprises here, but there’s been another big MongoDB hack and from the looks of it, it’s been owned for quite some time. This time 2 million records from over 820,000 accounts have been leaked due to yet another default MongoDB installation with no authentication listening on the public IP address. The terrible part is, […]

Tags: , , , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities | Add a Comment
Termineter - Smart Meter Security Testing Framework

Termineter – Smart Meter Security Testing Framework

Termineter is a Python Smart Meter Security Testing framework which allows authorised individuals to test Smart Meters for vulnerabilities such as energy consumption fraud, network hijacking, and more. Many of these vulnerabilities have been highlighted by the media and advisories have been sent out by law enforcement agencies. The goal of a public release for […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Hardware Hacking, Network Hacking | Add a Comment