Thruk Monitoring Web Interface 3.06 - Path Traversal exploit.
https://sploitus.com/exploit?id=EDB-ID:51509

Exploit for SQL Injection in Osgeo Geoserver exploit
https://sploitus.com/exploit?id=1E160E89-84F9-5C59-8AD3-AA10716AD031

the Deepfake Offensive Toolkit

dot (aka Deepfake Offensive Toolkit) makes real-time, controllable deepfakes ready for virtual cameras injection. identity verification and video conferencing systems, for the use by security analysts, Red Team members, and biometrics researchers.

https://github.com/sensity-ai/dot

#Red_Team

Active Directory Security Guide

#Red_Team

CVE-2023-34362: MOVEit Transfer Unauthenticated RCE

https://github.com/sfewer-r7/CVE-2023-34362

"Above"
Network Vulnerability Scanner

fully autonomous and works in passive mode, creating no noise on the air.
It supports 18 protocols:

MACSec
DTP
EDP
CDP
LLDP
MNDP
OSPF
EIGRP
VRRP
HSRP
ESRP
GLBP
STP
PVST
LLMNR
NBT-NS
MDNS
DHCPv6

https://github.com/c4s73r/Above


#Red_Team

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51529

Jobpilot v2.61 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38800

The Shop v2.5 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38798

WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit exploit
https://sploitus.com/exploit?id=1337DAY-ID-38804

Symantec SiteMinder WebAgent v12.52 - Cross-site noscripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51530

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password exploit
https://sploitus.com/exploit?id=EDB-ID:51531

Groomify v1.0 - SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38799

Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38801

Symantec SiteMinder WebAgent v12.52 - Cross-site noscripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38803

The Shop v2.5 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51525

Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-38802

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) exploit
https://sploitus.com/exploit?id=EDB-ID:51528

Groomify v1.0 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51526

Jobpilot v2.61 - SQL Injection exploit
https://sploitus.com/exploit?id=EDB-ID:51527

Exploit for Improper Privilege Management in Wpdeveloper Reviewx exploit
https://sploitus.com/exploit?id=26859AB8-2F07-5DDE-BCF9-43BC1B71A140

Credential Dumping – Active Directory Reversible Encryption

Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies

——————————————————-
https://www.hackingarticles.in/credential-dumping-active-directory-reversible-encryption/

NucleiFuzzer = Nuclei + Paramspider

#Red_Team

NucleiFuzzer is a powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applications.
NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities

https://github.com/0xKayala/NucleiFuzzer

Awesome-web3-Security

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

https://github.com/Anugrahsr/Awesome-web3-Security

#Red_Team

Uncover the Top 10 MITRE ATT&CK Techniques

Based on the analysis of over 500,000 malware samples, The Red Report 2023 identifies most prevalent MITRE ATT&CK tactics and techniques leveraged by attackers. Download this new report to obtain valuable insights to strengthen your organization’s security posture against the latest threats.

Download link: https://www.picussecurity.com/hubfs/RedReport2023/RedReport2023-Picus.pdf

vulscan - Vulnerability Scanning with Nmap

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB.

Vulnerability Database:
There are the following pre-installed databases available at the moment:

scipvuldb.csv - https://vuldb.com
cve.csv - https://cve.mitre.org
securityfocus.csv - https://www.securityfocus.com/bid/
xforce.csv - https://exchange.xforce.ibmcloud.com/
expliotdb.csv - https://www.exploit-db.com
openvas.csv - http://www.openvas.org
securitytracker.csv - https://www.securitytracker.com (end-of-life)
osvdb.csv - http://www.osvdb.org (end-of-life)

https://github.com/scipag/vulscan

Hook, Line, and Phishlet: Conquering AD FS with Evilginx

https://research.aurainfosec.io/pentest/hook-line-and-phishlet/