CVE-2014-0160

Training how access machines and other stuff

CyberSecurity Training how access machines and other stuff (like Reports) attackmitreorg/ githubcom/VirusTotal/yara wwwexploit-dbcom/google-hacking-database githubcom/cogsec-collaborative/AMITT ( docsgooglecom/document/d/1Kc0O7owFyGiYs8N8wSq17gRUPEDQsD5lLUL_3KGCgRE/edit#heading=hy91ekx93tbw2) githubcom/sbilly/awesome-sec

Heartbleeder Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build Pull requests welcome Usage $ heartbleeder examplecom INSECURE - examplecom:443 has the heartbeat extension enabled and is vulnerable

Awesome Hacking -An Amazing Project A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General

Build a local copy of CVE (NVD and Japanese JVN). Server mode for easy querying.

go-cve-dictionary This is tool to build a local copy of the NVD (National Vulnerabilities Database) [1] and the Japanese JVN [2], which contain security vulnerabilities according to their CVE identifiers [3] including exhaustive information and a risk score The local copy is generated in sqlite format, and the tool has a server mode for easy querying [1] enwikipedia

2nd Assignment of Software Engineering Course in UNIST

Assignment 2 Introduction In this assignment, you will use a fuzzing tool called AFL++ which is a community-maintained fork of the original fuzzing tool called AFL Since there is no fundamental difference between AFL++ and AFL, we will refer to AFL++ just as AFL Part 1 will help you set up your environment Part 2 will guide you through a demo where you will fuzz a dummy libr

Welcome Cybersecurity's World. An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources in Cybersecurity.

Cybersecurity Welcome to the most extensive collection of encyclopedic knowledge in the world of Cybersecurity: An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources in Cybersecurity Thanks to all c

Dockerfile to create a Heartbleed-able interactive container

heartbleed-docker-container Dockerfile to create a Heartbleed-able interactive container Why? I didn't want to mess with Go in my system so I made a Heartbleed-able container with the tool precompiled and ready to check for the vuln Usage Pull the trusted build: docker pull rcmorano/heartbleed Or build an image from source Dockerfi

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analys

Export Prisma Cloud container findings to a CI pipeline, and identify un-triaged findings.

Prisma Cloud Pipeline Triage Export Prisma Cloud container findings to a CI pipeline, and identify un-triaged findings Prisma Cloud's container scanning feature (formerly called Twistlock) has a web UI to review findings in You can also define triage rules to ignore findings There are a number of example integrations into CI pipelines, which all follow the same pattern:

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

List of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Should you discover a vulnerability, please follow this guidance to

liste/description des outils livrés dans Kali Linux

LISEZ MOI Au départ pensé pour un apprentissage personnel et une recherche rapide par mots clés, cette page à vocation à faire une (nouvelle) liste/description des outils livrés dans Kali Linux Peut être utile (ou pas) aux débutants qui, comme moi, ne les connaissent pas encore et souhaitent sélectionner l'outi

A collection of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (�

awesome hacking chinese version

超棒黑客必备表单 English Version 一份精美的黑客必备表单,灵感来自于超棒的机器学习，如果您想为此列表做出贡献（欢迎），请在github给我一个pull或联系我@carpedm20，有关可供下载的免费黑客书籍列表，请点击此处。 目录 系统方面 教程 工具 Docker 常用 逆向方面 教程 工具 常用 Web�

Awesome Hacking A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General

Heartbleed (CVE-2014-0160) client exploit

Pacemaker Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160) Compatible with Python 2 and 3 Am I vulnerable? Run the server: python pacemakerpy In your client, open localhost:4433/ (replace the hostname if needed) For example: curl localhost:4433/

INC

Heartbleed A checker (site and tool) for CVE-2014-0160 Public site at filippoio/Heartbleed/ Tool usage: Heartbleed [-service="service_name"] examplecom[:443] Heartbleed service_name://examplecom[:443] Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR (recently changed) See the online FAQ for an explanation of

A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.

TLS Channel TLS Channel is a library that implements a ByteChannel interface over a TLS (Transport Layer Security) connection It delegates all cryptographic operations to the standard Java TLS implementation: SSLEngine; effectively hiding it behind an easy-to-use streaming API, that allows to securitize JVM applications with minimal added complexity In other words, a simple l

Obtaining all projects potentially affected by HartBleed

HartBleed - What is still vulnerable? What Really Happened? The history of HartBleed is fascinating While the vulnerability in OpenSSL has been fixed, but how much code in public repositories is still not fixed? The following repositories might contain vulnerable code (the latest change is pre-2015) and they also have been modified recently, threfore they may still be in active

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analy

A list of web application security

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @drakyanerlanggarizkiwardhana Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacki

Awesome Hacking A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General

Cybersecurity Welcome to the most extensive collection of encyclopedic knowledge in the World of CyberSecurity: An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources in Cybersecurity Thanks to all c

Awesome Penetration Testing A collection of awesome penetration testing resources

Awesome Penetration Testing ("githubcom/Muhammd/Awesome-Pentest") A collection of awesome penetration testing resources You can also contribute with a beer IRL or with buymeacoffeecom Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penet

OpenSSL Heartbleed (CVE-2014-0160) Fix script

openssl-heartbleed-fix OpenSSL Heartbleed (CVE-2014-0160) Fix script Sammy Fung sammy@sammyhk OpenSSL Heartbleed ([CVE-2014-0160] (wwwus-certgov/ncas/alerts/TA14-098A)) bug is now discovered by network security professionals, which many systems using some OpenSSL versions are affected In theory, it is assumed that SSL certificates on many web servers are affected, so

Awesome_Security A collection of awesome software, libraries, documents, books, resources and cool stuff about security Inspired by awesome-php, awesome-python Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources Awesome Security Network Scann

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

Shodani data analüüsimine ja visualiseerimine

EE-skaneerimine ja analüüsimine Eesmärk on skaneerida kogu EE Internet ja leida lahendus, mis võimaldaks töödelda saadud skaneeringu tulemusi sellisele kujule, et neid andmeid oleks võimalik hoiustada ajalooliselt, ja et tekiks visuaalne arusaam turvanõrkustega seadmetest ja veebiteenustest EE Internetis Hetke lahenduse ülevaa

A collection of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Should you discover a vulnerability, please follow this guidance to

Security router changelog

The securityrouterorg project is a network operating system and software distribution based on OpenBSD which is developed and maintained by Halon Security New systems are deployed by downloading a software image The easiest way to update existing systems is to perform an automatic update from within the product's administration New major versions can contain configurat

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Should you discover a vulnerability, please follow this guidance to

Keeping Secrets: Multi-objective Genetic Improvement for Detecting and Reducing Information Leakage Submitted to ASE22 Disclaimer: The material here is under review and not meant for distribution Please do not use or reveal information on this site or share the link until the paper review period is complete Test Subjects There are 6 test subjects used in the research: Appl

List of security tools for pen-testing, vulnerability scanning, malware analysis, and reverse engineering

infosecpractitionerlist List of publicly available security tools for pen-testing, vulnerability scanning, malware analysis, and reverse engineering Contents SDL Tools Microsoft Surface Attack Analyzer 20 Microsoft Threat Modeling Tool Attack Trees to model threats SDL Security Bug Bar Template Penetration tools Penetration Testing Distributi*ns Docker for Penetration Testi

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

zju_cloudnative student id: 22321201 pr: add cve-2014-0160 and cve-2022-0778, update contribution documents #126

Keeping Secrets: Multi-objective Genetic Improvement for Detecting and Reducing Information Leakage Mesecan, Ibrahim; Blackwell, Daniel; Clark, David; Cohen, Myra B; Petke, Justyna The artifacts for "Keeping Secrets: Multi-objective Genetic Improvement for Detecting and Reducing Information Leakage", published at 37th IEEE/ACM International Conference on Automated Sof

Let's explore the limitless possibilities of technology together! 🌟 What's Inside? Penetration Testing Resources Explore a List of Outstanding Resources for Penetration Testing and Proactive Cybersecurity Tactics Penetration testing, also known as ethical hacking, involves conducting approved, simulated cyberattacks on computer systems and their physical setups to

CVE-2014-0160-Scanner This is a simple php command line script to check an array of domains for the CVE-2014-0160 vuln to run: php indexphp Credits: It uses the service provided by filippoio/Heartbleed/

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (�

OpenSSL TLS heartbeat read overrun (CVE-2014-0160)

openmagic openmagic can assist you in the automating testing and exploiting of systems vulnerable to the OpenSSL TLS heartbeat read overrun (CVE-2014-0160) The base module wraps a modified version of the "ssltestpy" program by Jared Stafford and provides the following additional features: Save the leaked data in a raw format for later analisys Resolve the IP so tha

a collection of best pentest resources

pentest-tools a collection of best pentest resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Contents Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence (OSINT) Resources Social

CVE info of GIT commits for OpenSSL

openssl-cve Table of Contents Overview YAML Format Proposal for CVE Git Commits YAML Format Proposal for CVE Checking Rules Help is Needed from OpenSSL Developers Overview CVE info of GIT commits for OpenSSL This repo provides CVE info of GIT commits for the OpenSSL git repo Such CVE info can be used by the bomsh tool to create the CVE database for OpenSSL, which is then use

超棒黑客必备表单 English Version 一份精美的黑客必备表单,灵感来自于超棒的机器学习，如果您想为此列表做出贡献（欢迎），请在github给我一个pull或联系我@carpedm20，有关可供下载的免费黑客书籍列表，请点击此处。 目录 系统方面 教程 工具 Docker 常用 逆向方面 教程 工具 常用 Web�

this note is a vulnerability resource for peoples who learn penetration testing. feel free to add some other sources on this note

This note contains the vulnerability apps to improve your skill on penetration testing and hacking Contents Web Application Mobile Applicaton Thick Client OS and Hardware Cyber Physical System Cloud Infrastructure Cryptocurrency and Blockchain Vulnerability as a Service Web Application Damn Vulnerable Web Application (DVWA) Buggy Web Application (bWAPP) JuiceShop Multilidae

multiple net tools over a docker's busybox image

Recon Net Tools Multiple net tools over a docker's busybox image The main idea is to create a set of tools to be easily copied and started on a limited/small machine List of tools: ag heartbleeder lsciphers ncat nmap nping objcopy objdump readelf size socat strings go_metaDataPdf go_sshCrack go_sshSwarm go_tcpProxy go_sshTunnel go_shell go_forensicImage go_getGeoTagPhot

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Should you discover a vulnerability, please follow this guidance to

sslscan tests SSL/TLS enabled services to discover supported cipher suites

sslscan2 sslscan version 2 has now been released This includes a major rewrite of the backend scanning code, which means that it is no longer reliant on the version of OpenSSL for many checks This means that it is possible to support legacy protocols (SSLv2 and SSLv3), as well as supporting TLSv13 - regardless of the version of OpenSSL that it has been compiled against This

Dockerfile for testing CVE-2014-0160 Heartbleed exploitation.

Testing Heartbleed with Nginx Dockerfile This repository contains Dockerfile of Nginx with the vulnerable OpenSSL version (101f) for testing CVE-2014-0160 Heartbleed Vulnerability Base Docker Image debian:latest Installation Install Docker Example with Debian: apt-get install -y docker Download from public Docker Hub Registry the debian base image: docker pull debian

README This is a fork of ioerror's version of sslscan (the original readme of which is included below) Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output Highlight CBC ciphers on SSLv3 (POODLE) Highlight 3DES and RC4 ciphers in output Highlight PFS+GCM ciphers as good in output Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily♥ welcome (✿◕‿◕) Please check t

heartbleed-masstest for the top sites in the MENA region

heartbleed-masstest This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) This repo was created in a separate part as an initiative to track the top sites in the MENA region Our work is based on the script test found here: (githubcom/musalbas/heartbleed-masstest) This repo also contains test results for the Al

Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

libfuzzer-workshop Materials of "Modern fuzzing of C/C++ Projects" workshop The first version of the workshop had been presented at ZeroNights'16 security conference Disclaimer This workshop was originally developed in 2016 As of today (2021 and beyond), the practical side of the workshop might be not working right away, because libFuzzer greatly evolved over

Ethical Hacking Tutorials , Pentesting Resources

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

A curated list of awesome Hacking tutorials, tools and resources

Awesome Hacking -An Amazing Project A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request! For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General N

A checker (site and tool) for CVE-2014-0160

Heartbleed A checker (site and tool) for CVE-2014-0160 Public site at filippoio/Heartbleed/ Tool usage: Heartbleed [-service="service_name"] examplecom[:443] Heartbleed service_name://examplecom[:443] Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR (recently changed) See the online FAQ for an explanation of

Use the docker to build a vulnerability environment

docker-vulnerability-environment 这个项目是为了使用 docker 部署 Web 漏洞测试环境, 可随时创建随时删除。 当前项目包括: bWAPP、DVWA、OWASP Broken Web Applications Project等多个漏洞测试环境。 环境列表 bWAPP xssed DVWA WebGoat DVWA-WooYun-edition DSVW WAVSEP OWASP Security Shepherd OWASP Broken Web Applications Project(未完成) xvw

README This is a fork of ioerror's version of sslscan (the original readme of which is included below) Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output Highlight CBC ciphers on SSLv3 (POODLE) Highlight RC4 ciphers in output Highlight GCM ciphers as good in output Highlight NULL (0 bit), weak (<40 bit) and medium (40 < n <= 56) c

Awesome Hacking A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General

HeartbleedProject #!/usr/bin/python added option to the payload length of the heartbeat payload Don't forget to "chmod 775 /attackpy" to make the code executable Use eg "/attackpy wwwseedlabelggcom -l 0x4001" to send the heartbeat request with payload length variable=0x4001 The author disclaims copyright to this source code Code originally from

This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) based on the input file for the urls.

HeartBleed-Vulnerability-Checker author = 'WaQas-JaMal' Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguinorg) & The author disclaims copyright to this source code ''' I have modified this script to take any input url file Check it for valid tld from provided set of urls, create unique set and parse that to

nmap NSE plugin to scan for the Heartbleed vulnerability in OpenSSL

nmap-heartbleed nmap NSE plugin to scan for the Heartbleed Vulnerability in OpenSSL See: wwwopensslorg/news/secadv_20140407txt cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2014-0160 Authors and License in the file

Docker image for a Debian Wheezy with heartbleeder bug in it

##Docker image simonswine/wheezy-with-heartbleed Docker image with Heartbleed vulnerable SSL library (CVE-2014-0160) With nginx and self signed certs

PenTest - Penetration Testing Tools Downloader

בס״ד ⚜️ Aภl๏miuภuຮ ⚜️ ⫷ HacKingPro ⫸ ⫷ TryHackMe | KoTH ⫸ ⫷ Privilege-Escalation⫸ ⫷ ScanPro | Linfo | Diablo ⫸ ⫷ Offensive-Security | PenTest ⫸ ⫷ Goals | Studies | HacKing | AnyTeam ⫸ 🤩 Awesome Penetration Testing A collection of awesome penetration testing resources, tools and other shiny things Contents Andro

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

A Terminal UI for browsing security vulnerabilities (CVEs)

flawz is a Terminal User Interface (TUI) for browsing the security vulnerabilities (also known as CVEs) As default it uses the vulnerability database (NVD) from NIST and provides search and listing functionalities in the terminal with different theming options For example, to view details on the notorious xz vulnerability: flawz --feeds 2024 --query xz

a lot of resources :D

A collection of awesome software, libraries, documents, books, resources and cool stuff about security Awesome Security Network Scanning / Pentesting Monitoring / Logging IDS / IPS / Host IDS / Host IPS Honey Pot / Honey Net Full Packet Capture / Forensic Sniffer Security Information & Event Management VPN Fast Packet Processing Firewall Anti-Spam Docker Endpoint

visualiseerimisplatvorm-DATA Lahendus 1 Kasutan test1_backupcsv datat ja logstashi kv pluginat: kv { source => "TAGS" field_split => ";" value_split => ":" target => "TAGS" } Tulemus on: Tekivad field-id aga puudulikud, nt Isegi ku mul on CSV failis TAGS headi

PenTest - Penetration Testing Tools Downloader

בס״ד ⚜️ Aภl๏miuภuຮ ⚜️ ⫷ HacKingPro ⫸ ⫷ TryHackMe | KoTH ⫸ ⫷ Privilege-Escalation⫸ ⫷ ScanPro | Linfo | Diablo ⫸ ⫷ Offensive-Security | PenTest ⫸ ⫷ Goals | Studies | HacKing | AnyTeam ⫸ 🤩 Awesome Penetration Testing A collection of awesome penetration testing resources, tools and other shiny things Contents Andro

Apaixonado por tecnologia, educação e por mudar a vida das pessoas através da programação e haking 💠CyberStorm Entre para nossa comunidade no discord Lista de Recursos de Teste de Penetração 📡 Recursos de teste de penetração Lançamento do Metasploit:Curso gratuito de metasploit de seguranç

List of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing A collection of awesome penetration testing and offensive cybersecurity resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Should you discover a vulnerability, please follow this guidance to

Awesome Hacking -An Amazing Project A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request! For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General N

An ongoing collection of awesome ethical hacking tools, software, libraries, learning tutorials, frameworks, academic and practical resources

Cybersecurity Ethical Hacking Welcome to the World of Web Hacking Cybersecurity: An ongoing collection of awesome ethical hacking tools, software, libraries, learning tutorials, frameworks, academic and practical resources Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection o

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

Test websites for Heartbleed vulnerability (CVE 2014-0160)

#Heartbleed Test Chromium Extension# ###Test websites for Heartbleed vulnerability (CVE 2014-0160)### This extension queries filippoio/Heartbleed/ and displays an icon in the address bar if a website is found vulnerable For more information on the Heartbleed Bug, visit heartbleedcom/

Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160)

MaltegoHeartbleed Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160) For more information read the write-up on my blog: disk0nn3ctsvbtlecom/maltego-openssl-heartbleed-transform

CVE-2014-0160 (Heartbeat Buffer over-read bug)

HeartLeak Yet, another exploitation script for the most buzzed bug of all the time The script has two features: scan: Generates random hosts (IP addresses), checks if they supports OpenSSL, test them if they vulnerable to CVE-2014-0160 (Heartbeat Buffer over-read bug) and save vulnerable hosts in a TXT file monitor: This keeps sending malicious heartbeat requests, dumps leaked

POC for CVE-2014-0160 (Heartbleed) for DTLS

heartbleed-dtls-test POC for CVE-2014-0160 (Heartbleed) for DTLS License This code is licensed uder the BSD 3-Clause License (file LICENSE), which is 99% identical to Go's license (file LICENSEgolang) Given that large parts of this code are copied/inspired by golang's tls code, both license files are included to adhere to golang's license

Multi-threaded tool for scanning many hosts for CVE-2014-0160.

This tool allows you to scan multiple hosts for Heartbleed, in an efficient multi-threaded manner This tests for OpenSSL versions vulnerable to Heartbleed without exploiting the server, so the heartbeat request does not cause the server to leak any data from memory or expose any data in an unauthorized manner This Mozilla blog post outlines the method used Usage: ssltestpy

A website to check servers for the OpenSSL Heartbleed vulnerability

makeItBleed Is a tool/website to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160) Visit makeitbleedorg

Honeypot for Heartbleed

Heartpot This Python script is a tiny honeypot for Heartbleed(CVE-2014-0160) If you use this script by default port(443/tcp), you should run by root Usage: heartpotpy Output format: Date/time, Source IP address, Protocol, Payload Output example: [2014-04-13 01:59:23],192168122,SSL,1803000003014000 2014/Apr/13th wwwmorihi-socnet/ Kazuaki Morihisa (@k_morihisa)

cve-2014-0160-Yunfeng-Jiang The reading course report Reading_Course_Reportpdf Detect tools 1) heartbleedpy (gistgithubcom/eelsivart/10174134) Usage: python heartbleedpy hostname 2) ssltestpy (githubcom/Lekensteyn/pacemaker/blob/master/ssltestpy) Usage: python ssltestpy hostname 3) check-ssl-heartbleedpl ( githubcom/noxxi/p5-ssl-tools/b

Heartbleed

Heartbleed chrome plugin DEPRECATED Chrome plugin who will look-up if the current site (and all subdomains called) are vulnerable to CVE-2014-0160 The vulnerability check is done by an API service who's now dead (it wasn't in 2014!) May the code can be useful to someone anyway, if someone found a new API provider for heartbleed check See also, the edited CVE-2014-0

A checker (site and tool) for CVE-2014-0160. Software from @FiloSottile for iSC Inc..

Heartbleed A checker (site and tool) for CVE-2014-0160 Software from @FiloSottile for iSC Inc

Heartbleed The Heartbleed bug CVE-2014-0160 is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server The contents of the stolen data depend on what is there in the memory of the server It could potentially contain private keys, TLS session keys, usernames, passwords, credit cards, etc The vulnerabilit

Utilities to test javascript projects

smpl-build-test Changelog v080 2014-04-11: [SECURITY] Update paraffin to v092 Fix Heartbleed (CVE-2014-0160) bug when using Sauce Connect Links Code statistics Licence This project is licenced under the MIT Licence See LICENCEtxt for details

Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. 🗝️ 🔓

Heartbleed (CVE-2014-0160) Setup You will require docker in order to perform the setup The exploit, dynamically generates the random bytes from the Client Hello message, therefore you will need to link the library when building the executable The required package to be installed, in order to link properly: sudo apt-get install libssl-dev

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.

Arad Socket Arad Socket is a library that implements a ByteChannel interface over a TLS (Transport Layer Security) connection It delegates all cryptographic operations to the standard Java TLS implementation: SSLEngine; effectively hiding it behind an easy-to-use streaming API, that allows to securitize JVM applications with minimal added complexity In other words, a simple l

More than 21K security related open source tools, sorted by star count. Both in markdown and json format.

所有收集类项目 说明 English Version 因Github Readme显示行数有限, 当前页面显示的为不完整版, 只显示了星数最高的前1000个工具 点击查看完整版 工具列表 [70102星][10d] [JS] trekhleb/javascript-algorithms JavaScript算法和数据结构 [66889星][3m] [Py] thealgorithms/python Python实现的所有算法 [61315星][10d] [JS]

Discover an awesome compilation of tools, libraries, and resources for robust security. From network to web security, find everything you need to enhance your security expertise.

AwesomeSecurity Explore a curated collection of fantastic software, libraries, documents, books, and resources dedicated to security From network and endpoint protection to threat intelligence and web security, find a comprehensive list of tools and information to enhance your security knowledge and practices Table of Contents AwesomeSecurity Network Scanning / Pentesting

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ActionScript Agda ApacheConf Assembly Batchfile Bro C C# C++ CSS Clojure CoffeeScript Common Lisp Component Pascal Cuda Elm Erlang Go HTML Haskell Java JavaScript Julia Jupyter Notebook Kotlin LiveScript Lua Makefile Nginx OCaml Objective-C Objective-C++ Others PHP Perl PigLatin PowerShell Pytho

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Awesome Security A collection of awesome software, libraries, documents, books, resources and cool stuff about security Inspired by awesome-php, awesome-python Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources Awesome Security Network Scann

Repository Docker

Repositorio de Contenedores de Seguridad docker pull kalilinux/kali-linux-docker official Kali Linux docker pull owasp/zap2docker-stable - official OWASP ZAP docker pull wpscanteam/wpscan - official WPScan docker pull pandrew/metasploit - docker-metasploit docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA) docker pull wpscanteam/vulnerablewordpress - Vulnera

CTF machine Writeup

VULNIX writeup nmap -p- Target_ip 2 nmap -sV -A —script vuln Target_ip root@v5ha1i:~# nmap -sV -A --script Vuln 192168122130 Starting Nmap 770 ( nmaporg ) at 2020-06-18 02:23 EDT Nmap scan report for 192168122130 Host is up (00017s latency) Not shown: 988 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 59p1 Debian

A python wrapper around https://cve.circl.lu.

ares ares is an APACHE licensed library written in Python providing an easy to use wrapper around cvecircllu This library has been tested with Python 27x and Python 36+ Installation: From source use $ python setuppy install or install from PyPi $ pip install ares Documentation: GET /a