PyWhatCMS – Unofficial WhatCMS API Package

Python package for whatcms.com APIThe package provides a simple way to use the whatcms.org API for detecting 467 different Content Management Systems (CMS)Installationpip install pywhatcmsUsageFirst of all, import pywhatcms:from pywhatcms import whatcmsQuery a domain:whatcms(‘API-KEY’, ‘blog.underc0de.org’)Obtain info:whatcms.namewhatcms.codewhatcms.confidencewhatcms.cms_urlwhatcms.versionwhatcms.msgwhatcms.idwhatcms.requestwhatcms.request_webDownload Pywhatcms

Link: http://feedproxy.google.com/~r/PentestTools/~3/MipV-mhuXs0/pywhatcms-unofficial-whatcms-api-package.html

Freddy – Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.This useful extension was originally developed by Nick Bloor (@nickstadb) for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented at Black Hat USA 2017 and DEF CON 25. In their work they reviewed a range of JSON and XML serialisation libraries for Java and .NET and found that many of them support serialisation of arbitrary runtime objects and as a result are vulnerable in the same way as many serialisation technologies are – snippets of code (POP gadgets) that execute during or soon after deserialisation can be controlled using the properties of the serialized objects, often opening up the potential for arbitrary code or command execution.Further modules supporting more formats including YAML and AMF are also included, based on the paper Java Unmarshaller Security – Turning your data into code execution and tool marshalsec by Moritz Bechler.This Burp Suite extension implements both passive and active scanning to identify and exploit vulnerable libraries.Freddy FeaturesPassive ScanningFreddy can passively detect the use of potentially dangerous serialisation libraries and APIs by watching for type specifiers or other signatures in HTTP requests and by monitoring HTTP responses for exceptions issued by the target libraries. For example the library FastJson uses a JSON field $types to specify the type of the serialized object.Active ScanningFreddy includes active scanning functionality which attempts to both detect and, where possible, exploit affected libraries.Active scanning attempts to detect the use of vulnerable libraries using three methods: exception-based, time-based, and Collaborator-based.Exception BasedIn exception-based active scanning, Freddy inserts data into the HTTP request that should trigger a known target-specific exception or error message. If this error message is observed in the application’s response then an issue is raised.Time BasedIn some cases time-based payloads can be used for detection because operating system command execution is triggered during deserialisation and this action blocks execution until the OS command has finished executing. Freddy uses payloads containing ping [-n|-c] 21 127.0.0.1 in order to induce a time delay in these cases.Collaborator BasedCollaborator-based payloads work either by issuing a nslookup command to resolve the Burp Suite Collaborator-generated domain name, or by attempting to load remote classes from the domain name into a Java application. Freddy checks for new Collaborator issues every 60 seconds and marks them in the issues list with RCE (Collaborator).Supported TargetsThe following targets are currently supported (italics are new in v2.0):JavaBlazeDS AMF 0 (detection, RCE)BlazeDS AMF 3 (detection, RCE)BlazeDS AMF X (detection, RCE)Burlap (detection, RCE)Castor (detection, RCE)FlexJson (detection)Genson (detection)Hessian (detection, RCE)Jackson (detection, RCE)JSON-IO (detection, RCE)JYAML (detection, RCE)Kryo (detection, RCE)Kryo using StdInstantiatorStrategy (detection, RCE)ObjectInputStream (detection, RCE)Red5 AMF 0 (detection, RCE)Red5 AMF 3 (detection, RCE)SnakeYAML (detection, RCE)XStream (detection, RCE)XmlDecoder (detection, RCE)YAMLBeans (detection, RCE).NETBinaryFormatter (detection, RCE)DataContractSerializer (detection, RCE)DataContractJsonSerializer (detection, RCE)FastJson (detection, RCE)FsPickler JSON support (detection)FsPickler XML support (detection)JavascriptSerializer (detection, RCE)Json.Net (detection, RCE)LosFormatter (detection, RCE) – Note not a module itself, supported through ObjectStateFormatterNetDataContractSerializer (detection, RCE)ObjectStateFormatter (detection, RCE)SoapFormatter (detection, RCE)Sweet.Jayson (detection)XmlSerializer (detection, RCE)Released under agpl-3.0, see LICENSE for more informationDownload Freddy

Link: http://feedproxy.google.com/~r/PentestTools/~3/9_sH_VhkADw/freddy-automatically-identify.html

mongoBuster – Hunt Open MongoDB Instances

Hunt Open MongoDB instances!FeaturesWorlds fastest and most efficient scanner ( Uses Masscan ).Scans entire internet by default, So fire the tool and chill.Hyper efficient – Uses Go-routines which are even lighter than threads.Pre-Requisites -Go language ( sudo apt install golang )Masscan ( sudo apt install masscan )Tested on Ubuntu & Kali linuxHow to install and run -git clone https://github.com/yashpl/mongoBuster.gitcd mongoBustergo build mongobuster.go utils.gosudo ./mongobusterNote: Run it with sudo as Masscan requires sudo access.Flags – Flag Description –max-rate= (int) Defines maximum rate at which packets are generated and sent. Default is 100. –out-file= (string) Name of file to which vulnerable IPs will be exported. -v Display error msgs from non-vulnerable servers NOTE -Using ridiculous values for max-rate flag like 10000+ will most likely bring down your own network infrastructure.Recommended value is to start with –max-rate 500 for consumer Gigabit routers.Download mongoBuster

Link: http://www.kitploit.com/2019/04/mongobuster-hunt-open-mongodb-instances.html

Pepe – Collect Information About Email Addresses From Pastebin

Collect information about leaked email addresses from PastebinAboutScript parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person about his leaked password, at the end every information lands in Elasticsearch for further exploration.It supports only one format – email:password.Everything else will not work!For now, notification works when it finds match on FullContact and next sends you email address and associated social media accounts.Requirements:Python 3FullContact API https://www.fullcontact.com/developer/GooglePipl API https://pipl.com/api/HaveIBeenPwnedSafePush (for notification – optional – In progress) https://www.pushsafer.com/Trumail https://trumail.io/Gmail account (sending emails)Elasticsearch (optional)pip install -r requirementsConfig{“domains": { #domains to whitelist or blacklist "whitelist": [""], "blacklist": ["yahoo.com"]},"keys": { #API KEYS "pushsafer": "API_KEY", "fullcontact": "API_KEY", "pipl": "API_KEY"},"gmail": { #GMAIL credentials and informational message that will be send "username": "your_username@gmail.com", "password": "password", "message": "Hey,\n\nI am a security researcher and I want to inform you that your password !PASSWORD! has been leaked and you should change it immediately.\nThis email is part of the research, you can find more about it on https://medium.com/@wojciech\n\nStay safe!"},"elasticsearch": { #ElasticSearch connection info "host": "127.0.0.1", "port": 9200}}Usageroot@kali:~/PycharmProjects/pepe# python pepe.py -husage: pepe.py [-h] [–file FILE] [–stream] [–interactive] [–modules MODULES [MODULES …]] [–elasticsearch] [–whitelist] [–blacklist] ,=. ,=””==.__.=" o".___ ,=.==" ___/ ,==.," , , \,==="" < ,==) "'"=._.==) `=='' `" ` clover/snark^ http://ascii.co.uk/art/platypus Post Exploitation Pastebin Emails github.com/woj-ciech medium.com/@woj_ciech Example: python pepe.py --file <dump.txt> –interactive –whitelist python pepe.py –file <dump.txt> –modules hibp google trumail –elasticsearch –blacklistoptional arguments: -h, –help show this help message and exit –file FILE Load file –stream Stream Pastebin –interactive Interactive mode –modules MODULES [MODULES …] Modules to check in non-interactive mode –elasticsearch Output to ElasticSearch –whitelist Whitelist –blacklist BlacklistExampleInteractive mode, each email is checked individually and specific module is executed.root@kali:~/PycharmProjects/pepe# python pepe.py –file paste.txt –interactive –blacklist———————–Found email [REDACTED]@hotmail.com with password [REDACTED]———————–[A] Add domain hotmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> G—Google Search—http://[REDACTED]http://[REDACTED]http://[REDACTED][A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> N———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]———————–[A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> F—FullContact—[REDACTED] [REDACTED]< br/>https://twitter.com/[REDACTED]https://facebook.com/[REDACTED]https:/linkedin.com/[REDACTED][A] Add domain gmail.com to blacklist[T] Test[G] Google search[H] HaveIBeenPwned[P] Pipl[F] FullContact[I] Inform[N] Next> P—Pipl—Name: [REDACTED][REDACTED] years oldJobs:Quality Control [REDACTED] (since 2018)[REDACTED] Review [REDACTED] (2017-2018)[REDACTED] Attorney [REDACTED] (2017-2018)[REDACTED] Attorney at [REDACTED] (2017-2017)…[REDACTED] (2012-2012)[REDACTED] Assistant at [REDACTED] (2012-2012)Author/Founder at [REDACTED] (2009-2011)https://www.linkedin.com/in/[REDACTED]http://www.facebook.com/people/[REDACTED]http://twitter.com/[REDACTED]http://pinterest.com/[REDACTED]https://plus.google.com/[REDACTED]…[REDACTED]Non-interactive mode, when only choosen modules are executed against email addressess.root@kali:~/PycharmProjects/# python pepe.py –file pastetest.txt –blacklist –modules hibp google fullcontact trumail –elasticsearch———————–Found email [REDACTED]@hotmail.com with password [REDACTED]————————–Google Search—https://pastebin.com/[REDACTED]—Have I Been Pwned—LinkedIn—FullContact—No results—Trumail—Email test passed———————–Found email charlie.[REDACTED]@live.com with password [REDACTED]————————–Google Search—https://justpaste.it/[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—MyHeritageRiverCityMediaTumblrYouveBeenScraped—FullContact—Charlie [REDACTED]https://twitter.com/[REDACTED][REDACTED]—Trumail—Email test passed———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]———————– —Google Search—http://[REDACTED]http://[REDACTED]http://[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—BTSecExactisHauteLookHouzzLinkedIn—FullContact—[REDACTED] [REDACTED]https://www.facebook.com/[REDACTED][REDACTED]—Trumail—Email test passed———————–Found email [REDACTED].[REDACTED]@gmail.com with password [REDACTED]————————–Google Search—https://[REDACTED]https://[REDACTED]https://[REDACTED]https://pastebin.com/[REDACTED]—Have I Been Pwned—LastfmLinkedInMySpaceTrillianTumblr—FullContact—[REDACTED] [REDACTED] [REDACTED].https://www.facebook.com/[REDACTED]https://plus.google.com/[REDACTED]https://www.linkedin.com/in/[REDACTED]http://www.pinterest.com/[REDACTED]https://twitter.com/[REDACTED]https://youtube.com/user/[REDACTED][REDACTE D]ScreensDownload Pepe

Link: http://www.kitploit.com/2019/04/pepe-collect-information-about-email.html

W12Scan – A Simple Asset Discovery Engine For Cybersecurity

ChineseW12scan is a network asset discovery engine that can automatically aggregate related assets for analysis and use.Here is a web source program, but the scanning end is at w12scan-clientThinkingBased on python3 + django + elasticsearch + redis and use the web restful api to add scan targets.FeatureWebPowerful search syntaxSearch for cms, service, titles, country regions, etc., to quickly find relevant targets.title=“abc” # Search from the titleheader=“abc” # Search from http headerbody=“123” # Search from body texturl = “*.baidu.com” # Search for subdomains of baidu.comip = ‘1.1.1.1’ # Search from IP,support ‘192.168.1.0/24’ and ‘192.168.1.*’port = ‘80’ # Search form portapp = ’nginx’ # Search applicationcountry = ‘cn’ # Search from countryservice = ‘mysql’ # Search from servicebug = ‘xx’ # Search from VulnerabilityCustom assertBy customizing a company-related domain name or ip asset, w12scan will automatically help you find the corresponding asset target. When you browse the target, there is a prominent logo to remind you of the target’s ownership.Automatic associationEnter the target details. If the target is ip, all domain names on the ip and all domain names on the c class will be automatically associated. If the target is a domain name, the adjacent station, segment c and subdomain are automatically associated.Multi-node managementWEB will check the status of the node every few minutes, you can see the number of node scans and the node scan log.Task restfulProvides an interface to add tasks, you can add it on the WEB side or integrate it in any software.Scanning endPocCall the latest poc script online via airbugBuilt-in scan scriptCommon vulnerability verification service built into the scanner.ScanningUse masscan,nmap,wappalyzer,w11scanEasy to distributeThis is taken into account in the design of the program architecture. It is very easy to distribute and run the scan terminal directly on another machine. It also can be distributed based on docker, celery service.InstallationQuickly build an environment with dockergit clone https://github.com/boy-hack/w12scancd w12scandocker-compose up -dWait a while to visit http://127.0.0.1:8000Telegram GroupTelegram Group:https://t.me/joinchat/MZ16xA9dfmJCYm4kbv15nADownload W12Scan

Link: http://www.kitploit.com/2019/04/w12scan-simple-asset-discovery-engine.html

Chkdfront – Check Domain Fronting

chkdfront checks if your domain fronting is working by testing the targeted domain (fronted domain) against your domain front domain.FeaturesChecking your domain fronted against the domain front.Searching an expected string in the response to indicate success.Showing troubleshooting suggestions when a test fails based on the failure natural.Inspecting the HTTP request and response when a test fails. (optionally if succeeded).Troubleshooting with various checks (ping, HTTP, nslookup) when a test fails. (optionally if succeeded).Support testing though proxy.DemoPlease check the demo https://asciinema.org/a/nA9wBiuSDLDH9SunQ8GxKT2raInstallation$ gem install chkdfrontUsageHelp menu: -f, –front-target URL Fronted target domain or URL. e.g. images.businessweek.com -d, –domain-front DOMAIN DomainFront domain. e.g. df36z1umwj2fze.cloudfront.net -e, –expect STRING Expect a given string that indicates success. (case-sensitive) e.g. It works -p, –provider NUM Choose CDN / Domain Front Provider: [0] Auto (default – auto tune request. Extra request to detect) [1] Amazon (tune request for Amazon domain fronting) [2] Azure (tune request for Azure domain fronting) [3] Alibaba (tune request for Alibaba domain fronting) -t, –troubleshoot [DOMAIN] Force troubleshooting procedures. execute troubleshooting procedures(ping, http, nslookup) for all parties (optional: original domain where CDN forwards, to include in the checks) e.g. c2.mydomain.com –proxy USER:PASS@HOST:PORT Use proxy settings if you’re behind proxy. e.g. user1:Pass123@localhost:8080 –debug Force debugging. show response’s body and low-level request and response debug trace. (default enabled when test fails.) -h, –help Show this message.Usage: / usr/local/bin/chkdfront Example: /usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net /usr/local/bin/chkdfront -f images.businessweek.com -d df36z1umwj2fze.cloudfront.net –debug -t c2.mysite.comContributingFork it ( https://github.com/KINGSABRI/chkdfront/fork )Create your feature branch (git checkout -b my-new-feature)Commit your changes (git commit -am ‘Add some feature’)Push to the branch (git push origin my-new-feature)Create a new Pull RequestDownload Chkdfront

Link: http://www.kitploit.com/2019/04/chkdfront-check-domain-fronting.html

QRLJacker v2.0 – QRLJacking Exploitation Framework

QRLJacker is a highly customizable exploitation framework to demonstrate “QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code as the main way to login users to different services!Prerequisites before installing:Linux or MacOS. (Not working on windows)Python 3.7+Installing instructions:Update Firefox browser to the latest versionInstall the latest geckodriver from https://github.com/mozilla/geckodriver/releases and extract the file then do :chmod +x geckodriversudo mv -f geckodriver /usr/local/share/geckodriversudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriversudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriverClone the repo with git clone https://github.com/OWASP/QRLJacking then do cd QRLJacking/QRLJackerInstall all the requirements with pip install -r requirements.txtNow you can run the framework with python3 QrlJacker.py –helpTested onUbuntu 18.04 Bionic BeaverKali Linux 2018.x and upUsageCommandline argumentsusage: QrlJacker.py [-h] [-r ] [-x ] [–debug] [–dev] [–verbose] [-q]optional arguments: -h, –help show this help message and exit -r Execute a resource file (history file). -x Execute a specific command (use ; for multiples). –debug Enables debug mode (Identifying problems easier). –dev Enables development mode (Reloading modules every use). –verbose Enables verbose mode (Display more details). -q Quit mode (no banner).Main menu helpGeneral commands================= Command Description ——— ————- help/? Show this help menu. os Execute a system command without closing the framework banner Display banner. exit/quit Exit the framework.Core commands============= Command Description ——— ————- database Prints the core version and then check if it’s up-to-date. debug Drop into debug mode or disable it. (Making identifying problems easier) dev Drop into development mode or disable it. (Reload modules every use) verbose Drop into verbose mode or disable it. (Make framework displays more details) reload/refresh Reload the modules database.Resources commands================== Command Description ——— ————- history Display commandline most important history from the beginning. makerc Save the most important commands entered since start to a file. resource <file> Run the commands stored in a file.Sessions management commands============================ Command Description ——— ————- sessions (-h) Dump session listings and display information about sessions. jobs (-h) Displays and manages jobs.Module commands=============== Command Description ——— ————- list/show List modules you can use. use <module> Use an available module. info <module> Get information about an available module. previous Runs the previously loaded module. search <text> Search for a module by a specific text in its name or in its description.Module menu helpGeneral commands================= Command Description ——— ————- help/? Show this help menu. os <command> Execute a system command without closing the framework banner Display banner. exit/quit Exit the framework.Core commands============= Command Description ——— ————- database Prints the core version and then check if it’s up-to-date. debug Drop into debug mode or disable it. (Making identifying problems easier) dev Drop into development mode or disable it. (Reload modules every use) verbose Drop into verbose mode or disable it. (Make framework displays more details) reload/refresh Reload the modules database.Resources commands================== Command Description ——— ————- history Display commandline most important history from the beginning. makerc Save the most important commands entered since start to a file. resource <file> Run the commands stored in a file.Sessions management commands============================ Command Description ——— ————- sessions (-h) Dump session listings and display information about sessions. jobs (-h) Displays and manages jobs.Module commands=============== Command Description ———- ————– list/show List modules you can use. options Displays options for the current module. set Sets a context-specific variable to a value. run Launch the current module. use <module> Use an available module. info <module> Get information about an available module. search <text> Search for a module by a specific text in its name or in its description. previous Sets the previously loaded module as the current module. back Move back from the current context.Sessions command help menuusage: sessions [-h] [-l] [-K] [-s] [-k] [-i]optional arguments: -h Show this help message. -l List all captured sessions. -K Remove all captured sessions. -s Search for sessions with a specifed type. -k Remove a specifed captured session by ID -i Interact with a captured session by ID.Jobs command help menuusage: jobs [-h] [-l] [-K] [-k]optional arguments: -h Show this help message. -l List all running jobs. -K Terminate all running jobs. -k Terminate jobs by job ID or module nameTaking advantage of the coreCommands autocompleteThe autocomplete feature that has been implemented in this framework is not the usual one you always see, here are some highlights:It’s designed to fix typos in typed commands to the most similar command with just one tab click so saerch becomes search and so on, even if you typed any random word similar to an command in this framework. For you lazy-ones out there like me, it can predict what module you are trying to use by typing any part of it. For example if you typed use wh and clicked tab, it would be replaced with use grabber/whatsapp and so on. I can see your smile, You are welcome! If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted. Some less impressive things like autocomplete for options of the current module after set command, autocomplete for modules after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing. Finally, you’ll find the normal autocompletion things you were using before, like commands autocompletion and persistent history, etc… AutomationAs you may noticed, you can use a resource file from command-line arguments before starting the framework itself or send commands directly.Inside the framework you can use makerc command like in Metasploit but this time it only saves the correct important commands.There are history and resource commands so you don’t need to exit the framework.You can execute as many commands as you want at the same time by splitting them with semi-colon and many more left to be discovered by yourself.Searching for modules in QRLJacker is so easy, you can search for a module by its name, something written in its description or even the author name.OWASP’s links referencehttps://www.owasp.org/index.php/QRLJackinghttps://www.owasp.org/index.php/OWASP_QRLJackerDownload QRLJacker

Link: http://feedproxy.google.com/~r/PentestTools/~3/juZIlVyrDiM/qrljacker-v20-qrljacking-exploitation.html

Mysql-Magic – Dump Mysql Client Password From Memory

The mysql client read the password, then write this for some malloc’ed memory, and free it, but just because a chunk was freed doesn’t mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory.The main goal is get the password passed through tty, but sometimes it also gets the password passed from command line (-pxxxxxx).Tested in mysql Ver 15.1 Distrib 10.3.13-MariaDB, for Linux (x86_64) using readline 5.1Compilingfor compile you only need to run make, if you want add some flags, for any reason, you can do that with CFLAGS=myflags make.if the system mysql client is not placed at /usr/bin/mysql you’ll need compile with CFLAGS=-DMYSQLCLI=/path/to/mysql makeOptionsmysql-magic [options] -o <offset> comma-separated list of offset -s search the memory for passwords and get offset -d <dir> Write heap to the folder -l Listen mode, wait for outgoing ipv4 connections on port 3306 -r <secs> Sleep time (Default: 3 seconds) -p Use process_vm_readv instead of /proc/pid/mempass -d is a good thing to do, the password, and some informations like old queries, can remain in memory, so you can analyse this and maybe build a wordlist based on it, if the password don’t are in the offsetDemoDownload Mysql-Magic

Link: http://feedproxy.google.com/~r/PentestTools/~3/koY9c2YGnzc/mysql-magic-dump-mysql-client-password.html

Free Cynet Threat Assessment for Mid-sized and Large Organizations

If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to qualifying organizations for a limited time only. Based on more than 72-hours of data collection, the assessment gives organizations the ability to benchmark their security posture against their industry peers and provides actionable insights.How do you qualify? If your organization has at least 300 endpoints, you can take advantage of this free offer, to find out what your exposed attack surfaces are and understand what you can do to respond to attacks currently active in your environment. The assessment includes:Live attack indicators such as malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc.Attack surfaces on host and application surfaces: unpatched vulnerabilities risk ranked  Benchmark of your security posture in comparison to your industry peers:Risk score based on total findings.User identity attack surface: risk ranking of user accounts.Security decision makers can take advantage of this offer to achieve (with no-obligation) full visibility into their actual security posture, highlighting what their needs are and providing a clear picture of risk ranking into threats and vulnerabilities. Given that most threat assessments for mid-sized organizations begin at $25-thousand, and considering what the Cynet assessment provides, this is a very attractive offer for the security-conscious organization.   Cynet has heavily focused efforts into research in the threat landscape, especially among its install base, and over the last few months has seen a clear increase in live attacks during new deployments.  Said Cynet CEO and co-founder Eyal Gruner, “We frequently discover live malicious activity in the networks of organizations when we do initial deployment of the Cynet platform. One of our first tasks upon deploying  is to identify and remediate these risks.”It is important to note that organizations are almost always unaware of the malicious activity, and additionally, most do not understand the capacity of the attacker’s ability to maneuver in stealth mode. This leaves a large gap between what many organizations think is going on in their networks and the actual threat reality, providing them with a false sense of security. With this in mind, the Cynet solution provides a proactive approach to threat assessment and response. Said Gruner, “We decided to offer this threat assessment to organizations, whether they are Cynet customers or not. We believe that instead of waiting for product deployments, organizations will get more benefit by addressing the issues we typically encounter, up-front and before deploying full-scale.”  Educating organizations in cyber security best practices is part of Cynet’s mission. Said Gruner, “We want people to realize that the risks are there, even when you don’t see them. Security has to be more than just buying a product to say you have it. You need visibility, and results with clear, actionable deductions. At Cynet, we want to help organizations achieve this.”Try Cynet’s Free Threat Assessment here.

Link: http://feedproxy.google.com/~r/PentestTools/~3/nSnlxp2L5PU/free-cynet-threat-assessment-for-mid.html

Pocsuite3 – An Open-Sourced Remote Vulnerability Testing Framework

pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.FeaturesPoC scripts can running with attack,verify, shell mode in different wayPlugin ecosystemDynamic loading PoC script from any where (local file, redis , database, Seebug …)Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan …)Results can be easily exportedDynamic patch and hook requestsBoth command line tool and python package import to useIPV6 supportGlobal HTTP/HTTPS/SOCKS proxy supportSimple spider API for PoC script to useIntegrate with Seebug (for load PoC from Seebug website)Integrate with ZoomEye (for load target from ZoomEye Dork)Integrate with Shodan (for load target from Shodan Dork)Integrate with Ceye (for verify blind DNS and HTTP request)Friendly debug PoC scripts with IDEsMore …Screenshotspocsuite3 console modepocsuite3 shell modepocsuite3 load PoC from Seebugpocsuite3 load multi-target from ZoomEyepocsuite3 load multi-target from ShodanRequirementsPython 3.4+Works on Linux, Windows, Mac OSX, BSDInstallationThe quick way:$ pip install pocsuite3Or click here to download the latest source zip package and extract$ wget https://github.com/knownsec/pocsuite3/archive/master.zip$ unzip master.zipThe latest version of this software is available from: http://pocsuite.orgDocumentationDocumentation is available in the english docs / chinese docs directory.Download Pocsuite3

Link: http://feedproxy.google.com/~r/PentestTools/~3/x6R6agm_yNE/pocsuite3-open-sourced-remote.html