Friday, February 23, 2024
Home Tools


The latest hacking and hacker tools. Open source offensive and defensive security tools. Browse interactive maps of offensive security tools used by malicious actors and cybercriminals. Check out some live threat maps and malware intelligence databases.

This will be a curated list of mostly open source hacking tools. These can range from Red Teaming offensive security tools to fuzzers and debuggers for malware analysis. We are always looking for new state of the art tools that can be used for security professionals. Please feel free to send us a tool via email or one of our social media accounts.

Kafka UI 0.7.1 Command Injection

Authored by h00die-gr3y, BobTheShopLifter, Thingstad | Site A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell...

WEBIGniter 28.7.23 Cross Site Scripting

Authored by Sagar Banwa WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability. advisories | CVE-2023-46391 Change Mirror Download # Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)# Exploit Author:...

ITFlow Cross Site Request Forgery

Authored by stehled | Site ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability. advisories | CVE-2024-25344 Change Mirror Download # CVE: CVE-2024-25344# CWE: CWE-352# Vendor:

Fuelflow 1.0 SQL Injection

Authored by nu11secur1ty Fuelflow version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: fuelflow-1.0-Copyright-©-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi## Author: nu11secur1ty## Date: 02/21/24## Vendor: Software: Reference: Description:The email parameter...

WordPress 6.4.3 Username Disclosure

Authored by h4shur WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Change Mirror Download # Title: wordpress 6.4.3 - Username Disclosure# Author: h4shur# date:2024-02-21#...

Ivanti Connect Secure Unauthenticated Remote Code Execution

Authored by sfewer-r7 | Site This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either...

Yealink Configuration Encrypt Tool Static AES Key

Authored by Jeroen J.A.W. Hermans A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality...

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

Authored by Johannes Volpel, Mike Klostermaier | Site OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities. advisories | CVE-2024-25973, CVE-2024-25974 Change...

Online Library Management System 3 Password Reset

Authored by SoSPiro Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for...

SureMDM On-Premise CAPTCHA Bypass / User Enumeration

Authored by Jonas Benjamin Friedli SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities. advisories | CVE-2023-3897 Change Mirror Download # Exploit Title: SureMDM On-premise < 6.31 -...
Error decoding the Instagram API json