Forwarded from AppSec Guy
CVE yoki CWE dasturlari tugatilishi yaxshigina impact ko'rsatadi, AppSecga ayniqsa.
Yangi chiqqan vulnerability lar track qilinib unga raqami berilmaydi, masalan CVE-2025-12345 qilib. O'zi bundan muammo yo'qqa o'xshaydi Shaptolini shu versiyasida ATO deb yozib ketaveramiz vulnerability nomini, lekin baribir confusion bo'ladi.
Impact to'g'ridan-tog'ri bizga bilinmaydi, bundan ko'proq U.S. foydalanadi o'zini assetlarida.
Yana CVE database bilan ishlaydigan Vulnerability Scanner lar ancha qiynaladi.
Lekin CWE tugatilishi katta "chaos" bo'lsa kerak) OWASP faqat 10 ta vulnerability type ko'rsatadi, vulnerability ni mana shu deb ko'rsatgani CWE yaxshi.
Hullas bu framework bilan standartlar edi dunyo shunga qarab ish qiladigan, endi aniq narsa bo'lmasa tartibsizlik bo'ladi.
P.S. CVE assignment yoniq qolarkan)
@AppSec_guy
Yangi chiqqan vulnerability lar track qilinib unga raqami berilmaydi, masalan CVE-2025-12345 qilib. O'zi bundan muammo yo'qqa o'xshaydi Shaptolini shu versiyasida ATO deb yozib ketaveramiz vulnerability nomini, lekin baribir confusion bo'ladi.
Impact to'g'ridan-tog'ri bizga bilinmaydi, bundan ko'proq U.S. foydalanadi o'zini assetlarida.
Yana CVE database bilan ishlaydigan Vulnerability Scanner lar ancha qiynaladi.
Lekin CWE tugatilishi katta "chaos" bo'lsa kerak) OWASP faqat 10 ta vulnerability type ko'rsatadi, vulnerability ni mana shu deb ko'rsatgani CWE yaxshi.
Hullas bu framework bilan standartlar edi dunyo shunga qarab ish qiladigan, endi aniq narsa bo'lmasa tartibsizlik bo'ladi.
P.S. CVE assignment yoniq qolarkan)
@AppSec_guy
image_2025-04-18_12-51-13.png
159.8 KB
ncdu — diskdagi bo‘sh joyni tahlil qilish uchun eng qulay vositalardan biri hisoblanadi. Uda yarim-grafikli interfeys mavjud, bu bizga ishlashni ancha osonlashtiradi.
ncdu Linux distributivlarida odatda oldindan o‘rnatilmagan bo‘ladi.
How to install and use:
#ncdu
ncdu Linux distributivlarida odatda oldindan o‘rnatilmagan bo‘ladi.
How to install and use:
apt install ncdu
ncdu /
#ncdu
🔥1
Forwarded from OSINT
Mr.Holmes: комплексный инструмент для OSINT-анализа
#OSINT
Mr.Holmes — многофункциональный инструмент для сбора информации по IP-адресам, доменам, email, геолокации и другим данным. Поддерживает работу в Linux, macOS, Windows и Termux. Полезен для пентестеров, специалистов по безопасности и исследователей.
🔗 Исходный код: GitHub
LH | News | OSINT | AI
#OSINT
Mr.Holmes — многофункциональный инструмент для сбора информации по IP-адресам, доменам, email, геолокации и другим данным. Поддерживает работу в Linux, macOS, Windows и Termux. Полезен для пентестеров, специалистов по безопасности и исследователей.
LH | News | OSINT | AI
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
Forwarded from Cat Seclist
BlackOps Field Exploiter v2.1
A comprehensive penetration testing and CTF toolkit powered by Gemini AI for enhanced vulnerability analysis.
https://github.com/liyander/blackops-field-vulnerability-exploiter
A comprehensive penetration testing and CTF toolkit powered by Gemini AI for enhanced vulnerability analysis.
https://github.com/liyander/blackops-field-vulnerability-exploiter
Forwarded from Codeby
Getleak — это инструмент с открытым исходным кодом, предназначенный для обнаружения утечек конфиденциальных данных в репозиториях Git. Он помогает выявлять ключи API, пароли, токены доступа и другую чувствительную информацию, которая могла быть случайно добавлена в код.
Основные возможности
git clone https://github.com/gitleaks/gitleaks
cd gitleaks
go install
gitleaks detect --source=<путь_к_репозиторию>
Пример конфигурации кастомного файла
custom-rules.json с правилами сканирования{
"rules": [
{
"description": "API Key Detection",
"regex": "AKIA[0-9A-Z]{16}",
"tags": ["key", "AWS"]
},
{
"description": "Generic Password",
"regex": "(?i)(password|pwd|pass)\\s*[=:]\\s*['\"]?[a-zA-Z0-9@#\\$%\\^&\\*]+['\"]?",
"tags": ["password"]
}
]
}gitleaks detect --source=<путь_к_репозиторию> --config=custom-rules.json
Please open Telegram to view this post
VIEW IN TELEGRAM
Security-Tip
Replace your basic dirsearch fuzz command with this combination
dirsearch -u https://example.com -e
php,html,js,json,txt,xml,zip,sql,asp,aspx,jsp,action,conf ,config,bak,log, old, inc -x 400,403,404 -t 50 --recursion "404"
Hope this helps
Replace your basic dirsearch fuzz command with this combination
dirsearch -u https://example.com -e
php,html,js,json,txt,xml,zip,sql,asp,aspx,jsp,action,conf ,config,bak,log, old, inc -x 400,403,404 -t 50 --recursion "404"
Hope this helps
🔥2
Find hidden GET parameters in javascript files
assetfinder https://example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"; done
#BugBountytip
assetfinder https://example.com | gau | egrep -v '(.css|.png|.jpeg|.jpg|.svg|.gif|.wolf)' | while read url; do vars=$(curl -s $url | grep -Eo "var [a-zA-Z0-9]+" | sed -e 's,'var','"$url"?',g' -e 's/ //g' | grep -v '.js' | sed 's/.*/&=xss/g'); echo -e "\e[1;33m$url\n\e[1;32m$vars"; done
#BugBountytip
👍1
Forwarded from Cat Seclist
[ Scopify - the "Netify" Reconnaissance Tool ]
Scopify is a Python command-line tool designed for penetration testers and bug bounty hunters to quickly gather and analyze infrastructure information (CDN, Hosting, SaaS) for a target company by scraping netify.
It optionally leverages OpenAI's API to provide AI-driven analysis of the gathered infrastructure, highlighting potential areas of interest and suggesting reconnaissance methodologies.
By Jason Haddix.
🔗Tool: https://github.com/Arcanum-Sec/Scopify
Scopify is a Python command-line tool designed for penetration testers and bug bounty hunters to quickly gather and analyze infrastructure information (CDN, Hosting, SaaS) for a target company by scraping netify.
It optionally leverages OpenAI's API to provide AI-driven analysis of the gathered infrastructure, highlighting potential areas of interest and suggesting reconnaissance methodologies.
By Jason Haddix.
🔗Tool: https://github.com/Arcanum-Sec/Scopify
Forwarded from Whitehat Lab
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.
No heist story…
No heist story…
Path traversal уязвимость приводящая к выполнению произвольного кода (RCE) без аутентификации
/commandcenter/deloyWebpackage.do, в результате чего Commvault получит ZIP-файл с внешнего сервера../../Reports/MetricsUpload/shell/commandcenter/deployWebpackage.do/reports/MetricsUpload/shell/.tmp/dist-cc/dist-cc/shell.jspРейтинг CVSS - 9.0
Уязвимость устранена в версии 11.38
#cve #rce #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/antonioCoco/RoguePotato
Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System
GitHub
GitHub - antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System
Another Windows Local Privilege Escalation from Service Account to System - antonioCoco/RoguePotato
SecList for CyberStudents
https://github.com/itm4n/PrintSpoofer
itm4n’s blog
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…