Home Tools

Tools

The latest hacking and hacker tools. Open source offensive and defensive security tools. Browse interactive maps of offensive security tools used by malicious actors and cybercriminals. Check out some live threat maps and malware intelligence databases.

This will be a curated list of mostly open source hacking tools. These can range from Red Teaming offensive security tools to fuzzers and debuggers for malware analysis. We are always looking for new state of the art tools that can be used for security professionals. Please feel free to send us a tool via email or one of our social media accounts.

Omada Identity Cross Site Scripting

0
Authored by Daniel Hirschberger | Site sec-consult.com Omada Identity versions prior to 15U1 and 14.14 hotfix #309 suffer from a persistent cross site scripting vulnerability. advisories | CVE-2024-52951 Change Mirror Download SEC Consult...

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download

0
Authored by LiquidWorm | Site zeroscience.mk ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the...

ProjectSend R1605 Unauthenticated Remote Code Execution

0
Site metasploit.com This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user...

CUPS IPP Attributes LAN Remote Code Execution

0
Authored by Spencer McIntyre, RageLtMan, Simone Margaritelli, Ryan Emmons | Site metasploit.com This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The...

Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control

0
Authored by LiquidWorm | Site zeroscience.mk The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify...

Ivanti EPM Agent Portal Command Execution

0
Authored by Spencer McIntyre, James Horseman, Zach Hanley | Site metasploit.com This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client...

Palo Alto PAN-OS Authentication Bypass / Remote Command Execution

0
Site github.com Proof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution. advisories | CVE-2024-0012, CVE-2024-9474

WordPress Really Simple Security Authentication Bypass

0
Authored by Antonio Francesco Sardella | Site github.com WordPress Really Simple Security plugin versions prior to 9.1.2 proof of concept authentication bypass exploit. advisories | CVE-2024-10924

Pyload Remote Code Execution

0
Authored by Spencer McIntyre, jheysel-r7 | Site metasploit.com CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code...

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

0
Authored by Andreas Kolbeck, Steffen Robertz | Site sec-consult.com Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files,...
Error decoding the Instagram API json