Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.
GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it’s natural to wonder what’s driving interest.
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.
Read the rest of ZigDiggity – ZigBee Hacking Toolkit now! Only available at Darknet.
Le 13 août 2019, lors de la publication mensuelle de ses correctifs, Microsoft a corrigé plusieurs vulnérabilités affectant les services de bureau à distance (Remote Desktop Services, RDS). Parmi les failles corrigées, quatre d’entre elles, critiques, permettent une exécution de …
Source de l’article sur CERT-FR
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
RandIP – Network Mapper Features
You can download RandIP here:
randip-master.zip
Or read more here.
Read the rest of RandIP – Network Mapper To Find Servers now! Only available at Darknet.
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back.
Tor enables users to surf the internet, chat and send instant messages anonymously, and is used by a wide variety of people for both licit and illicit purposes.
Read the rest of Nipe – Make Tor Default Gateway For Network now! Only available at Darknet.
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
There are various ‘egg’ modules which contain patterns to scan for, it can scan through files recursively limited by file extension and logs results to an XML text file.
It’s also fairly easy to extend and add your own modules/eggs/languages.
Manual Static Analysis Tool Language Support
Languages it can scan for vulnerabilities are:
You can download Mosca here:
Mosca-master.zip
Or read more here.
Read the rest of Mosca – Manual Static Analysis Tool To Find Bugs now! Only available at Darknet.
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.
Blackbox (external)
In this mode, you are using the permutations list to conduct scans.
Read the rest of Slurp – Amazon AWS S3 Bucket Enumerator now! Only available at Darknet.
Surprise, surprise, surprise – an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
US Government security has often been called into question but we’d hope in 2019 it would have gotten better and at least everyone would have adopted the anti-virus solution introduced in 2013..
A committee report (PDF) examining a decade of internal audits this week concluded that outdated systems, unpatched software, and weak data protection are so widespread that it’s clear American bureaucrats fail to meet even basic security requirements.
Read the rest of US Government Cyber Security Still Inadequate now! Only available at Darknet.
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment.
Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use it to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.
Le 18 juin 2019, Oracle a publié un avis de sécurité hors de son cycle habituel de correctifs pour une vulnérabilité jugée critique.
Cette faille d’identifiant CVE-2019-2729 affecte les serveurs WebLogic et peut conduire à une exécution de code arbitraire à distance sans qu’une …
Source de l’article sur CERT-FR
