Recent content by enhackapt

JavaScript: #! /usr/bin/env python #coding=utf-8 import hashlib import time import math import base64 import urllib import urllib2 import sys def microtime(get_as_float = False) : if get_as_float: return time.time() else: return '%.8f %d' % math.modf(time.time()) def...

JavaScript: ## Django上传文件目录穿越漏洞——CVE-2021-31542 ## 漏洞描述 Django 3.2.1, 3.1.9, and 2.2.21: CVE-2021-31542: Potential directory-traversal via uploaded files 在这些版本的Django中使用`MultiPartParser`, `UploadedFile`, 和 `FieldFile` 时，存在构造特别的文件名../等进行目录穿越漏洞。 构造文件名参考：/tmp/../path ## 修复方案： 空文件名和带..的文件名都将拒绝...

JavaScript: ## 漏洞标题为：Django 任意文件读取 ## 漏洞类型为：路径遍历 ## 漏洞等级为：中危 ## 漏洞简介为 Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 在 django 中发现了一个路径注入问题，如果启用了模块 django.contrib.admindocs，恶意管理员用户就可以披露文件系统上文件的存在。 经过身份验证的恶意管理员可以披露任意文件的存在。 ## 漏洞cve为：CVE-2021-33203...

Python: 1. Dubbo端口未授权访问 ``` 一条命令判断： echo ls | nc -i 1 116.62.162.75 20880 telnet远程连接 root@vulhunt:~# telnet 116.62.162.75 20880 Trying 116.62.162.75... Connected to 116.62.162.75. Escape character is '^]'. ls + 类 + 方法，查看注册的生产者，使用invoke未授权调用 dubbo>ls...

Python: import urlparse import requests if messageIsRequest: request = messageInfo.getRequest() analyzedRequest = helpers.analyzeRequest(messageInfo) # returns IResponseInfo headers = analyzedRequest.getHeaders() print(headers) url =...

JavaScript: #!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options...

JavaScript: #JMET The Java Message Exploitation Tool ____ _______________ / / |/ / ____/_ __/ __ / / /|_/ / __/ / / / /_/ / / / / /___ / / \____/_/ /_/_____/ /_/ https://github.com/matthiaskaiser/jmet Description JMET was released at Blackhat USA 2016 and is an...

Reconnaissance is the first phase of penetration testing, which means gathering information before planning any actual attack . Therefore, Ashok is an incredibly fast reconnaissance tool designed specifically for the reconnaissance phase. In Ashok-v1.1, you can find advanced google dorker and...

Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main purpose is to provide unique representations (fingerprints) of malware requests to help identify them. Unique means that each fingerprint is only seen in one specific...

Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence ) and Cyber Intelligence gathering activities. It combines various open source tools into a user-friendly interface, simplifying the data collection and analysis process for researchers and cybersecurity professionals ...

Modify SEOmanagerenewUnfollow ••• Yesterday 1:52 AM Views: 17 Add Bookmark Thief Raccoon is a tool designed for educational purposes to demonstrate how to conduct phishing attacks on various operating systems . The tool aims to raise awareness of cybersecurity threats and help users...

Make the LKM rootkit visible again. For example, it involves getting the memory address of the rootkit's "show_module" function and using it to call it, add it back to lsmod so that the LKM rootkit can be removed. We can get the function address in a very simple kernel using /sys/ kernel...

Mass-Assigner - A simple tool to detect mass assignment vulnerabilities by modifying JSON fields in HTTP requests. 4 months ago at 8:30 AM | Sponsored Post by FaradaySEC | Multi-User Penetration Testing Environment Zion 3R Mass Assigner is a powerful tool designed to identify and exploit...

Damn Vulnerable Drone is a deliberately vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for practical drone hacking. Damn Vulnerable Drone is a virtual simulation environment designed for offensive security professionals...

Analysis process cs clone Compare the cloned HTML with the original HTML feature: The IFRAME tag is uppercase and has a length and width of 0. The script tag loads the js path as "/jquery/jquery.min.js" Order Features: When the IFRAME tag and the script tag appear at the same...