{"uuid": "fbaef0af-c298-4003-b892-480c0d9cf6dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-35803", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3121", "content": "25 Tools \ud83d\udd27 \ud83d\udd27 - Hackers Factory\n\n\u200b\u200bstratosphere\n\nA free and open source #OSINT platform that automatically collects every page you visit, building a private knowledge base you can analyze with Jupyter notebooks and an extensible suite of web apps including:\n\n\u2022 LinkedIn contacts and companies explorer: Explore previously browsed LinkedIn profiles and companies\n\u2022 Google search results: Review your past Google search results\n\u2022 vk.com contacts explorer: Explore previously seen vk.com contacts, highlighting their connections\n\u2022 Flows overview: Overview of web traffic intercepted in the last 10 minutes\n\nhttps://github.com/elehcimd/stratosphere\n\n#cybersecurity #infosec\n\n\u200b\u200bFreeroute\n\nA traffic router which can direct traffic to different gateways based on destination domain. It is designed to be used in conjunction with a VPN client such as OpenVPN, to allow traffic to be routed to the VPN or directly to the internet.\n\nhttps://github.com/admitrievsky/freeroute\n\n#cybersecurity #infosec #privacy\n\n\u200b\u200bCVE-2023-2255\n\nRemote documents loaded without prompt via IFrame\n\nhttps://github.com/elweth-sec/CVE-2023-2255\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-32235\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.\n\nhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bEasyScan\n\nA Python script that analyzes the security of a given website by inspecting its HTTP headers and DNS records. The script generates a security report with recommendations for addressing potential vulnerabilities.\n\nhttps://github.com/introvertmac/EasyScan\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bCloudPrivs\n\nDetermine privileges from cloud credentials via brute-force testing.\n\nhttps://github.com/AbstractClass/CloudPrivs\n\n#infosec #pentesting #redteam\n\nBadZure\n\nBadZure orchestrates the setup of Azure Active Directory tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.\n\nhttps://github.com/mvelazc0/BadZure\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-3460\n\nUnauthorized admin access for Ultimate Member plugin POC.\n\nhttps://github.com/Fire-Null/CVE-2023-3460\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bNoSQL Injection\n\nThe Power of Secure Coding Practices: Safeguarding MongoDB Against Exploitation.\n\nhttps://github.com/kiliczsh/nosql-injection\n\n#cybersecurity #infosec\n\n\u200b\u200bFindmytakeover\n\nFind dangling domains in a multi cloud environment.\n\nhttps://github.com/anirudhbiyani/findmytakeover\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2023-35803\n\nPoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine.\n\nhttps://github.com/lachlan2k/CVE-2023-35803\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bPerfExec Tooling PoC\n\nThe code is not super clean but project contains an example performance dll that will run CMD.exe and a .NET assembly that will execute the DLL or gather performance data locally or remotely.\n\nhttps://github.com/0xthirteen/PerfExec\n\n#cybersecurity #infosec\n\n\u200b\u200bSharpDXWebcam \n\nUtilizing the DirectX and DShowNET assemblies to record video from the host's webcam.\n\nhttps://github.com/snovvcrash/SharpDXWebcam\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bDocumentSpark\n\nSimple secure document viewing server. Converts a document to a picture of its pages. Content disarm and reconstruction. CDR. Formerly p2. The CDR solution for BrowserBox Pro remote browser isolation.\n\nhttps://github.com/dosyago/documentspark\n\n#cybersecurity #infosec\n\n\u200b\u200bVenera Framework\n\nA tool for automating customized tests and attacks agaist many kinds of protocol. It relies on a scripting engine based on the Lua scripting language that makes it possible to create modules for all types of checks and exploits.\n\nhttps://github.com/farinap5/Venera\n\n#infosec #pentesting #redteam\n\n\u200b\u200bNavgix\n\nA multi-threaded golang tool that will check for nginx alias traversal vulnerabilities.\n\nhttps://github.com/hakaioffsec/navgix\n\n#infosec #pentesting #bugbounty\n\n1/2", "creation_timestamp": "2023-07-15T21:16:33.000000Z"}