اپ آسیب پذیر به #Spring4shell :
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner
https://github.com/jbaines-r7/spring4shell_vulnapp
اکسپلویت :
https://news.1rj.ru/str/Peneter_Tools/274
توضیحات اضافی :
https://news.1rj.ru/str/learnpentest/513
اسکنر spring4shell :
https://github.com/jfrog/jfrog-spring-tools
https://github.com/hillu/local-spring-vuln-scanner
GitHub
GitHub - jbaines-r7/spring4shell_vulnapp: Intentionally Vulnerable to Spring4Shell
Intentionally Vulnerable to Spring4Shell. Contribute to jbaines-r7/spring4shell_vulnapp development by creating an account on GitHub.
Tools and PoCs for Windows syscall investigation.
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
https://github.com/daem0nc0re/AtomicSyscall#syscalldumper
GitHub
GitHub - daem0nc0re/AtomicSyscall: Tools and PoCs for Windows syscall investigation.
Tools and PoCs for Windows syscall investigation. Contribute to daem0nc0re/AtomicSyscall development by creating an account on GitHub.
EventPipe - An IPC method to transfer binary data between processes using event objects
https://www.x86matthew.com/view_post?id=eventpipe
https://www.x86matthew.com/view_post?id=eventpipe
14 Payload Repositories to find all the required Payloads & Attack Vectors.
https://twitter.com/harshbothra_/status/1509870706347032579?s=20
Payloads All The Things
1. https://github.com/swisskyrepo/PayloadsAllTheThings
2. https://github.com/payloadbox/
3. https://github.com/s0md3v/AwesomeXSS
4. https://github.com/0xInfection/Awesome-WAF
5. https://github.com/omurugur/SQL_Injection_Payload
6. https://github.com/Muhammd/Awesome-Payloads
7. https://github.com/foospidy/payloads
8. https://github.com/1N3/IntruderPayloads
9. https://github.com/pgaijin66/XSS-Payloads
10. https://github.com/terjanq/Tiny-XSS-Payloads
11. https://github.com/chinarulezzz/pixload
12. https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
13. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
14. https://github.com/danielmiessler/SecLists
https://twitter.com/harshbothra_/status/1509870706347032579?s=20
Payloads All The Things
1. https://github.com/swisskyrepo/PayloadsAllTheThings
2. https://github.com/payloadbox/
3. https://github.com/s0md3v/AwesomeXSS
4. https://github.com/0xInfection/Awesome-WAF
5. https://github.com/omurugur/SQL_Injection_Payload
6. https://github.com/Muhammd/Awesome-Payloads
7. https://github.com/foospidy/payloads
8. https://github.com/1N3/IntruderPayloads
9. https://github.com/pgaijin66/XSS-Payloads
10. https://github.com/terjanq/Tiny-XSS-Payloads
11. https://github.com/chinarulezzz/pixload
12. https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet
13. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
14. https://github.com/danielmiessler/SecLists
Twitter
Harsh Bothra
14 Payload Repositories to find all the required Payloads & Attack Vectors. 🧵
A testing Red Team Infrastructure created with Docker
https://github.com/DFlavian/Red-Team-Infrastructure
+ Extra:
https://www.ired.team/offensive-security/red-team-infrastructure
https://github.com/DFlavian/Red-Team-Infrastructure
+ Extra:
https://www.ired.team/offensive-security/red-team-infrastructure
GitHub
GitHub - DFlavian/Red-Team-Infrastructure: A testing Red Team Infrastructure created with Docker
A testing Red Team Infrastructure created with Docker - DFlavian/Red-Team-Infrastructure
وب شل soap روی IIS
https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap
https://github.com/0xbad53c/webshells/blob/main/iis/soapshell.soap
https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap
https://github.com/0xbad53c/webshells/blob/main/iis/soapshell.soap
0Xbad53C
IIS - SOAP | Navigating The Shadows
This page describes how to run shellcode from a webshell with a .soap extension. Sometimes web applications use upload blacklists and forget about this extension type.
HaxUnit combines multiple active and passive subdomain enumeration tools and port scanning tools with vulnerability discovery tools.
https://github.com/Bandit-HaxUnit/haxunit
https://github.com/Bandit-HaxUnit/haxunit
PoC Exploit Released for MacOS SUHelper Root Privilege Escalation (CVE-2022-22639)
https://github.com/jhftss/CVE-2022-22639
https://github.com/jhftss/CVE-2022-22639
GitHub
GitHub - jhftss/CVE-2022-22639: CVE-2022-22639: Get a Root Shell on macOS Monterey
CVE-2022-22639: Get a Root Shell on macOS Monterey - jhftss/CVE-2022-22639
Boopkit :
* Remote code injection via TCP with malicious eBPF installed on the server.
* Tested on Linux kernel 5.17
* "This is NOT an exploit!"
https://github.com/kris-nova/boopkit
#linux #backdoor
* Remote code injection via TCP with malicious eBPF installed on the server.
* Tested on Linux kernel 5.17
* "This is NOT an exploit!"
https://github.com/kris-nova/boopkit
#linux #backdoor
GitHub
GitHub - krisnova/boopkit: Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More…
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin. - krisnova/boopkit
Improving software supply chain security
https://github.com/slsa-framework/slsa-github-generator-go
https://github.com/sigstore/sigstore
https://github.com/ossf/scorecard
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
https://github.com/slsa-framework/slsa-github-generator-go
https://github.com/sigstore/sigstore
https://github.com/ossf/scorecard
https://security.googleblog.com/2022/04/improving-software-supply-chain.html
GitHub
GitHub - slsa-framework/slsa-github-generator-go
Contribute to slsa-framework/slsa-github-generator-go development by creating an account on GitHub.
Borat Rat Source Code:
https://github.com/vxunderground/MalwareSourceCode/blob/main/Leaks/Win32/Win32.Borat.7z
https://github.com/vxunderground/MalwareSourceCode/blob/main/Leaks/Win32/Win32.Borat.7z
#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI
https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
GitHub
VMware-CVE-2022-22954/CVE-2022-22954.yaml at main · sherlocksecurity/VMware-CVE-2022-22954
POC for VMWARE CVE-2022-22954. Contribute to sherlocksecurity/VMware-CVE-2022-22954 development by creating an account on GitHub.
Peneter Tools
#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml
nuclei Template for Detect:
https://github.com/projectdiscovery/nuclei-templates/pull/4113
https://github.com/projectdiscovery/nuclei-templates/pull/4113
GitHub
Added VMware Workspace ONE Access - Freemarker SSTI by ehsandeep · Pull Request #4113 · projectdiscovery/nuclei-templates
Co-Authored-By: Sherlock Secure 52328067+sherlocksecurity@users.noreply.github.com
https://github.com/sherlocksecurity/VMware-CVE-2022-22954
Template Validation
I've validated this template loc...
https://github.com/sherlocksecurity/VMware-CVE-2022-22954
Template Validation
I've validated this template loc...
Privilege Escalation vulnerability in Amazon Web Service (AWS) VPN Client (CVE-2022-25165).
blog: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
POC : https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25166
blog: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
POC : https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25166
#nginx 0-day on latest nginx-1.21.6
Github: https://github.com/gamozolabs/nginx_shitpost
by https://twitter.com/gamozolabs
Github: https://github.com/gamozolabs/nginx_shitpost
by https://twitter.com/gamozolabs