NA

CVE-2019-19781

Published: 27/12/2019 Updated: 20/01/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citrix application_delivery_controller_firmware 10.5

citrix application_delivery_controller_firmware 11.1

citrix application_delivery_controller_firmware 12.0

citrix application_delivery_controller_firmware 12.1

citrix application_delivery_controller_firmware 13.0

citrix netscaler_gateway_firmware 10.5

citrix netscaler_gateway_firmware 11.1

citrix netscaler_gateway_firmware 12.0

citrix netscaler_gateway_firmware 12.1

citrix gateway_firmware 13.0

Mailing Lists

Citrix Application Delivery Controller and Citrix Gateway remote code execution proof of concept exploit ...
Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit ...
This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 105, 111, 120, 121, and 130, to execute an arbitrary command payload ...
This is an nmap nse script to test for the path traversal vulnerability in Citrix Application Delivery Controller (ADC) and Gateway ...
This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 105 ...

Metasploit Modules

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.

msf > use exploit/linux/http/citrix_dir_traversal_rce
msf exploit(citrix_dir_traversal_rce) > show targets
    ...targets...
msf exploit(citrix_dir_traversal_rce) > set TARGET < target-id >
msf exploit(citrix_dir_traversal_rce) > show options
    ...show and set options...
msf exploit(citrix_dir_traversal_rce) > exploit
Citrix ADC (NetScaler) Directory Traversal Scanner

This module exploits a directory traversal vulnerability (CVE-2019-19781) within Citrix ADC (NetScaler). It requests the smb.conf file located in the /vpns/cfg directory by issuing the request /vpn/../vpns/cfg/smb.conf. It then checks if the server is vulnerable by looking for the presence of a "[global]" directive in smb.conf, which this file should always contain.

msf > use auxiliary/scanner/http/citrix_dir_traversal
msf auxiliary(citrix_dir_traversal) > show actions
    ...actions...
msf auxiliary(citrix_dir_traversal) > set ACTION < action-name >
msf auxiliary(citrix_dir_traversal) > show options
    ...show and set options...
msf auxiliary(citrix_dir_traversal) > run

Github Repositories

CVE-2019-19781 CVE-2019-19781 Module for Router Scan Project How To Use prepare pip3 install ipcalc,requests usage python3 scannerpy Copyright some part of this repository that send tcp response is partly forked from trustedsec/cve-2019-19781 with some changes for APIs of Router Scan Project

Audit Guide for the Citrix ADC Vulnerability CVE-2019-19871. Collected from multiple sources and threat assessments. Will be updated as new methods come up.

Update 1-22-2020 There is now a tool from FireEye that will help scan these items below The key to this is that you need to have enough logs to go back to 1-9-2020 to have a chance to see what was done beyond the exploit was ran If it finds XML payload files then you need to use the information below to make a decision on what action to take wwwfireeyecom/blog/pr

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

CVE-2019-19781 This was only uploaded due to other researchers publishing their code first We would have hoped to have had this hidden for awhile longer while defenders had appropriate time to patch their systems We are all for responsible disclosure, in this case - the cat was already out of the bag Exploits: CVE-2019-19781 Citrixmash (CVE-2019-19781 exploit) root@stronghol

Exploit Citrix - Remote Code Execution Bug: CVE-2019-19781 This tool is ported to Golang from githubcom/trustedsec/cve-2019-19781/blob/master/citrixmashpy Writeup and mitigation: wwwtrustedseccom/blog/critical-exposure-in-citrix-adc-netscaler-unauthenticated-remote-code-execution/ Forensics and IoC Blog: wwwtrustedseccom/blog/netscaler-remote-code

CVE-2019-19781 To use this scanner goto cve-2019-19781azurewebsitesnet Features Scan for IPs/Hostnames that are exposted to CVE 2019 19781 Scan offline database for leaked wildcard certificates Credits This project is based on this project: Citrixmash v01 - Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 Tool Written by: Rob Simon and Dave Kennedy Contr

CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit

CVE-2019-19781 Remote Code Execution (RCE) in Citrix Application Delivery Controller and Citrix Gateway A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution EDIT:

Here a list of useful information about threats and scams related to Coronavirus Disease 2019 (COVID-19)

COVID-19 Response Covid19 Response will share tools and resources for security incident response and cyber defence, aimed to help systems adminstrators or anyone to protect against threats using desease outbreak as a vector cve-2019-19781 - Check citrix gateway that are vulnerable to CVE-2019-19781 threatlist - Hashes, files, phishing, etc Useful Links Windows Defender AT

Test a host for susceptibility to CVE-2019-19781

check-cve-2019-19781 🔎🐞 This utility determines if a host appears susceptible to CVE-2019-19781 Requirements Python versions 36 and above Note that Python 2 is not supported Installation From a release: pip install githubcom/cisagov/check-cve-2019-19781/releases/download/v102/cve_2019_19781-102-py3-none-anywhl

Simple tool for testing vulnerability to CVE 2019-19781

CVE-2019-19781 The intent of this project is to wrap up the tool published by CISA to test for vulnerably for CVE-2019-19781 See wwwus-certgov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability for the CERT announcement about the tool See the following for more information on the vulnerability: supportcitrixcom/article

IOCs for CVE-2019-19781

CVE-2019-19781_IOCs IOCs for CVE-2019-19781 citrixhoneypotnslookuptxt contains whois results for the IP addresses listed in ipstxt these were the addresses that showed up most frequently in the logs of the honeypot discussed here: wwwdigitalshadowscom/blog-and-research/cve-2019-19781-analyzing-the-exploit/

Citrix Unauthorized Remote Code Execution Attacker - CVE-2019-19781

Citrix Unauthorized Remote Code Execution Attacker - CVE-2019-19781 References: blogfox-itcom/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc/ Bypassing: 1 - Deleted / Modified scripts at: /vpn//vpns/portal/scripts/* 2 - Forward Slash ("/") issues after perl commnad injection (template injection) attack

Citrix ADC Remote Code Execution

CVE-2019-19781 Citrix ADC Remote Code Execution python usage: python CVE-2019-19781py 1921683

My Citrix ADC NetScaler CVE-2019-19781 Vulnerability DFIR notes.

Based on a Splunk perspective Below resources show that ingesting your logs is essential from proper analysis of the Indicators Of Compromise Never waste a good crisisingest all the logs! Impact / Root Cause: Remote pre-auth arbitrary command execution due to logic vuln ie reliable execution possible Some Resources supportcitrixcom/article/CTX267027 www

Citrix ADC Remote Code Execution

CVE-2019-19781 Citrix ADC Remote Code Execution python usage: python CVE-2019-19781py 1921683

Indicator of Compromise Scanner for CVE-2019-19781

Indicator of Compromise Scanner for CVE-2019-19781 This repository contains a utility for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781 The utility, and its resources, encode indicators of compromise collected during FireEye Mandiant investigations To learn more, please read the blog announcing this tool's release In summary the utility will:

CVE-2019-19781 Attack Triage Script

CVE-2019-19781 CVE-2019-19781 Attack Triage Script The script can be run on your affected Citrix ADC devices to assist in determining if a compromise has occured It will quicky capture any associated commands or files that were used as part of the attack (unless cleanup has occured): $ /CVE-2019-19781-Triagesh Disclaimer: Best efforts were made to test the script provided, h

Remote Code Execution Exploit (CVE-2019-19781)- Citrix Application Delivery Controller &amp; Gateway Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ] Usage : bash CVE-2019-19781sh IP_OF_VULNURABLE_HOST COMMAND_TO_EXECUTE eg : bash CVE-2019-19781sh XXXXXXXX 'cat /etc/passwd' Live Demo of Exploiting

Repository for penetration testing tools

Pentest-Detections Repository for penetration testing tools WannaCry_NotPetya_FastDetect : Vulnerability scanner for MS17-010 IPv4, IPv6 compatible Very fast and flexible Citrix_CVE-2019-19781 : Vulnerability scanner for Citrix CVE-2019-19781 Very fast and flexible

Check ADC for CVE-2019-19781

ADC-19781 Several checks for CVE-2019-19781 Module installation Download the two files (ADC-19781psd1 &amp; ADC-19781psm1) and put them in one of the following locations: C:\Users\%USERNAME%\Documents\WindowsPowerShell\Modules\ADC-19781 C:\Program Files\WindowsPowerShell\Modules\ADC-19781 Import Module Import-Module ADC-19781 There

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

CVE-2019-19781 Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ] Usage : bash CVE-2019-19781sh IP_OF_VULNURABLE_HOST COMMAND_TO_EXECUTE eg : bash CVE-2019-19781sh XXXXXXXX 'cat /etc/passwd' Reference : supportcitrixcom/article/CTX267027 nvdnistgov/vuln/detail/CVE-2019-19781 https:/

Shitrix : CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit

CVE-2019-19781 Simple POC to test if your Citrix ADC Netscaler is vulnerable to CVE-2019-19781 Usage : python &lt;TARGET&gt; &lt;TARGETPORT&gt; &lt;CMD&gt; This is proxified by default on tor default port --&gt; 127001:9050 You'll need PySocks, requests and urllib3 Security advisory supportcitrixcom/article/CTX267027

批量概念驗證用

CVE-2019-19781 批量概念驗證用 使用限制 1使用前資料夾內需包含"datatxt"檔案,內容為19216810/24\n 19216820/24\n 2僅在linux下執行, python3 CVE-2019-19781-test_batapy 3若可成功執行並發現漏洞,匯出於"CVE-2019-19781txt"

🔬 Jupyter notebook to help automate some of the forensic analysis related to Citrix Netscalers compromised via CVE-2019-19781

Citrix Analysis Notebook A jupyter notebook to aid in automating some of the forensic analysis related to Citrix Netscaler hosts compromised via CVE-2019-19781 For help retrieving artifacts to examine see this Citrix triage script All notes/suggestions are welcome Feel free to submit pull requests or issues Disclaimer: Not intended to be a be-all end-all solution, just ther

Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781

shitsniffer Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781 Results are output as JSON which can be wrangled quite nicely into a meaningful PowerBI report It does this by querying Shodan for all results in a particular country matching a search string By default, it searches country:AU has_ssl:true with the

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

CVE-2019-19781 Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ] Usage : bash CVE-2019-19781sh IP_OF_VULNURABLE_HOST COMMAND_TO_EXECUTE eg : bash CVE-2019-19781sh XXXXXXXX 'cat /etc/passwd'

Search data for trickiness and obfuscation.

trickt Finds and converts obfuscated strings into a human readable form Install $ pip3 install trickt Run Searching individual strings I refer to obfuscation as trickiness because I'm a child at heart trickt outputs strings as byte strings so you can see if there are goofy characters visually You can pass a file path to read and de

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Assembly Batchfile Blade C C# C++ CSS Clojure Dart Dockerfile Elixir Erlang F# Go Groovy HCL HTML Haskell Java JavaScript Jinja Jupyter Notebook Kotlin MDX Makefile Markdown Mustache Objective-C Others PHP Perl Python QML Ruby Rust SCSS Shell Smarty Starlark Svelte Swift TeX Twig TypeScript Vue

DFIR notes for Citrix ADC (NetScaler) appliances vulnerable to CVE-2019-19781

CVE-2019-19781 DFIR notes CVE-2019-19781 scanner CVE-2019-19781 Honeypot Reach me on Twitter @x1sec

CVE-2019-19781 Citrix RCE

CVE-2019-19781 Citrix ADC Remote Command Execution Reference: wwwexploit-dbcom/exploits/47901

CVE-2019-19781 bash exploit

citrixsh CVE-2019-19781 bash exploit using : bash citrixsh $domaincom Cyber-WarriorOrg / AKINCILAR / mit

Citrix Netscaler RCE

CVE-2019-19781 Citrix Netscaler RCE

修改的poc,适用于python3

CVE-2019-19781-poc 修改的poc,适用于python3 python3 CVE-2019-19781py examplecom

Expands an autonomous system (AS) number into prefixes or individual host IP addresses

xpasn Expands an autonomous system (AS) number to it's prefixes/networks or individual IP addresses Useful to chain into other tools that accept hosts via standard input, such as httprobe or vulnerability scanners Installation If you have a Go environment ready to go: go get githubcom/x1sec/xpasn Precompiled executables for Window

A small collection of network traffic packet captures

pcap A small collection of network traffic packet captures CVE-2019-19781 Added on 2020-01-14 to host PCAP referenced in the "Rough Patch: I Promise It'll Be 200 OK" blog: First PCAP file - GET request for exploit scanning - checking conf file for a 200 OK response Second PCAP file - POST request exploiting the vulnerability using TrustedSec's publicly-ava

Notes about all the stuff I have to lookup

centos Notes about all the stuff I have to lookup centos yum install nfs-utils mkdir /var/backups mount -t nfs 1010010:/backups /var/backups /etc/fstab 1010010:/backups /var/backups nfs defaults 0 0 firewall-cmd --permanent --zone=public --add-service=nfs iptables -S yum -y install epel-release hto

Detect and log CVE-2019-19781 scan and exploitation attempts.

Honepot for CVE-2019-19781 (Citrix ADC) Detect and log CVE-2019-19781 scan and exploitation attempts Requirements: python3 openssl Usage: Clone repo: git clone githubcom/MalwareTech/CitrixHoneypotgit CitrixHoneypot &amp;&amp; cd CitrixHoneypot Make ssl and logs directory: mkdir logs ssl Generate self signed SSL certificate: openssl req -newkey rsa:2048 -no

a script to look for CVE-2019-19781 Vulnerability within a domain and it's subdomains

citrixvulncheck A script to look for CVE-2019-19781 Vulnerability within a domain and it's subdomains

My working exploit script for Shitrix (CVE-2019-19781)

Shitrix-CVE-2019-19781 My working approach to exploiting Shitrix Updated 21st July, 2020 - now supports multi-worded commands and forward slashes You need curl &gt;= 7420 Call it with, eg: /shitrixsh target port ls -al

A fast multi threaded scanner for Citrix ADC (NetScaler) CVE-2019-19781 - Citrixmash / Shitrix

CVE-2019-19781 citrixmash scanner A multithreaded scanner for Citrix appliances that are vulnerable to CVE-2019-19781 The scanner does not attempt to compromise/exploit hosts and avoids downloading any sensitive content A HEAD request is used to determine if a target is vulnerable False positives are reduced by verifying a specific value in the content-length header response

CVE-2019-19781

CVE-2019-19781-exploit CVE-2019-19781 kfire/1172html

Detect-CVE-2019-19781 Set the $IP variable to your own server to detect if its vulnerable

Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API.

CVE-2019-19781 Automated script for Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API You must have a Shodan account to use this script Click here if you don't have Shodan account Installation Install dependencies # CentOS &amp; Fedora yum install git python3 -y # Ubuntu &amp; Debian apt install git python3 python3-pip

This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information

CVE-NetScalerFileSystemCheck This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information The following files and logs will be checked (Latest version 113): Template folders for XML files Apache Access logfiles Apache Error logfiles Cron Jobs Backdoor Scripts Crypto Miner Bash logfiles Getting Started

All Working Exploits

Remote Code Execution Exploit (CVE-2019-19781)- Citrix Application Delivery Controller &amp; Gateway Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ] Usage : bash CVE-2019-19781sh IP_OF_VULNURABLE_HOST COMMAND_TO_EXECUTE eg : bash CVE-2019-19781sh XXXXXXXX 'cat /etc/passwd' Live Demo of Exploiting

A Citrix Netscaler honeypot

Honeypot for CVE-2019-19781 (Citrix ADC) Detect and log CVE-2019-19781 scan and exploitation attempts Based on MalwareTech's Citrix honeypot but heavily rewritten Prerequisites openssl (used only once, to create a self-signed HTTPS certificate) a working MySQL server (only if you use the MySQL output plugin) Usage Check the installation document for more informatio

Check your website for CVE-2019-19781 Vulnerable

CVE-2019-19781-Checker Check your website for CVE-2019-19781 Vulnerable #VISIT citrix-checkercom TO CHECK IF YOU ARE VULNERABLE FOR CVE-2019-19781 PLEASE USE OUR CHECKER TWO TIMES TO BE SURE This website gives you the results if your service is vulnerable for CVE-2019-19781 There is a responder policy to mitigate the issue until there is a permanent fix To apply the

citrix-vuln-checker run the script in your terminal to check if your CITRIX SERVER is vulnerable to the CVE-2019-19781

Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts

Citrix ADC (NetScaler) Honeypot Detects and logs payloads for CVE-2019-19781 (Shitrix / Citrixmash) Logs failed login attempts Serves content and headers taken from real appliance in order to increase chance of indexing on search engines (eg google, shodan etc) Installation Precompiled Precompiled Linux (x64) package available here mkdir citrix-honeypot cd citrix-honeypot

Indicator of Compromise Scanner for CVE-2019-19781

Indicator of Compromise Scanner for CVE-2019-19781 This repository contains a utility for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781 The utility, and its resources, encode indicators of compromise collected during FireEye Mandiant investigations To learn more, please read the blog announcing this tool's release In summary the utility will:

Automated forensic script hunting for cve-2019-19781

CVE-2019-19781-Forensic Note : My advice is now to use the official tool published by fireeye &amp; citrix : githubcom/fireeye/ioc-scanner-CVE-2019-19781 This little script was created to help security analyst to discover traces of successful CVE-2019-19781 exploits on their systems Feel free to fork and improve ! You can find an example of output on a compromised

Automated script for Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.

CVE-2019-19781 Automated script for Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API You must have a Shodan account to use this script Click here if you don't have Shodan account Installation Install dependencies # CentOS &amp; Fedora yum install git python3 -y # Ubuntu &amp; Debian apt install git python3 python3-pip

Python CVE-2019-19781 exploit

CVE-2019-19781 Just a python3 CVE-2019-19781 exploit for Citrix behind a cache This version accepts '&lt;', '&gt;', '|', '2&gt;&amp;1' etc USAGE python3 CVE-2019-19781py citrixexampleorg 'cat /etc/passwd' Todo Repeat if Age header in response Continuous mode -c Check mode (Get /vpn//vpns/cfg/s

uSIEM Sigma Rule Engine

uSIEM Sigma Rule Engine uSIEM Sigma Rule Engine Native Rule engine based on githubcom/SigmaHQ/sigma How it works All SIGMA rules that don't depend on a time interval are checked against each log if the log category/service matches the rules The following SIGMA rule is checked against every log marked as webserver (uSIEM Log Event of type WebServer) If the rule h

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Arduino C C# C++ CSS Clojure D Dockerfile Eagle Emacs Lisp G-code GAP Go HTML Java JavaScript Jinja Jupyter Notebook Logos Lua Makefile Objective-C Others PHP Pascal Perl PowerShell Python QML Ruby Rust SCSS Shell Smarty Swift TeX TypeScript Vala Verilog Vue Arduino soramimi/ESP8266Tweet - Twi

Create hyperlinks for security information like CVEs and CWEs

Jekyll Secinfo This Jekyll pluging provides a tag and filter that turns references to security related info (CVEs, CWEs and DIVD case numbers) into clickable links Installation Add this line to your Gemfile: group :jekyll_plugins do gem "jekyll-secinfo" end And then execute: $ bundle

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

check-your-pulse This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510 The Cybersecurity and Infrastructure Security Agency (CISA) has seen many organ izations breached despite patching their appliance because of Active Directory credentials (to include Domain Admin) harvested prior to

A docker container for parsing vulnerability data from Cyber Advisory Feeds into Tenable.sc.

VulnFeed 2 Tenb VulnFeed 2 Tenb is a way to parse vulnerability data from Cyber Advisory Feeds into Tenablesc Integrate Tenablesc with any of the supported Cyber Advisory Organizational feeds (US-CERT, MS-ISAC, CIS, CERT, etc) to automatically pull in advisory alerts, rather than manually copying/pasting them in If the advisory contains a CVE, a query will be created within

DeepCASE Dataset This research uses two datasets for its evaluation: Lastline dataset HDFS dataset Lastline dataset The real-world Lastline dataset consists of 20 international organizations that use 395 detectors to monitor 388K devices* This resulted in 105M security events for 291 unique types of security events collected over a 5-month period Events include policy vi

DeepCASE Dataset This research uses two datasets for its evaluation: Lastline dataset HDFS dataset Lastline dataset The real-world Lastline dataset consists of 20 international organizations that use 395 detectors to monitor 388K devices* This resulted in 105M security events for 291 unique types of security events collected over a 5-month period Events include policy vi

Shodan_SHIFT Shodan SHIFT demonstrates one of many useful use cases for using Shodan to threat hunt Specifically, SHIFT assists a user with identification of vulnerable source and destination IP addresses contained in a packet capture file based on CVEs reported by Shodan Installation Python3 and tshark are required for shift to work properly Additionaly, the provided requir

Critical CVE's in last 5 years. CVE Exploits.

Common-Vulnerability-Exposure-CVE- Critical CVE's in last 5 years CVE Exploits 1 CVE-2014-0160 - Heartbleed The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet SSL/TLS provides communica

an awesome list of honeypot resources

Awesome Honeypots A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Discover more awesome lists at sindre

An awesome list of honeypot resources. With repository stars⭐ and forks🍴

Awesome Honeypots A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Discover more awesome lists at 279159

Senarai susun atur honeypot yang hebat, serta komponen berkaitan dan banyak lagi, dibahagikan kepada kategori seperti Web, perkhidmatan dan lain-lain, dengan tumpuan pada projek sumber terbuka dan percuma.

Awesome Honeypots A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Discover more awesome lists at sindre

Lotus Lua Scripts is a repository containing a collection of Lua scripts designed to scan for various vulnerabilities.

Lotus Scripts 🌺📜 Welcome to the official Lotus Lua Scripts repository! Here, we provide a collection of Lua scripts to scan different vulnerabilities Scripting Progress 📁 This table shows the progress of our tool and script development in Lua We've already rewritten some of our tools, such as the SQLiDetector and Simple SSTI Detector, and we're currently wo

AD-Pentesting-Tools Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection EDR Evasion - Logging Evasion External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass JMX Exploitation Citrix Netscaler Pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

AD-Pentesting-Tools Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vul

Lotus Lua Scripts is a repository containing a collection of Lua scripts designed to scan for various vulnerabilities.

Lotus Scripts 🌺📜 Welcome to the official Lotus Lua Scripts repository! Here, we provide a collection of Lua scripts to scan different vulnerabilities Scripting Progress 📁 This table shows the progress of our tool and script development in Lua We've already rewritten some of our tools, such as the SQLiDetector and Simple SSTI Detector, and we're currently wo

cve-2019-11510, cve-2019-19781, cve-2020-5902,               cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865

APT-Backpack Most common used CVE's by APT, legitimate RAT and other tools used by adversary CVE's CVE-2019-11510 (Pulse Connect Secure 82 83 90) Unauth file read CVE-2019-19781 (Citrix ADC &amp; Gateway) Directory Traversal CVE-2020-5902 (F5 Big IP) RCE CVE-2021-1497 (Cisco HyperFlex HX)

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

AD-Pentesting-Tools Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection EDR Evasion - Logging Evasion External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass JMX Exploitation Citrix Netscaler Pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

AD-Pentesting-Tools Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vul

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

In this repo you will find the Penetration Testing tools available on the internet

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentesters-toolbox Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentesters-toolbox General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scan

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection EDR Evasion - Logging Evasion External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass JMX Exploitation Citrix Netscaler Pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Red-Team-Essentials Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection EDR Evasion - Logging Evasion External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass JMX Exploitation Citrix Netscaler Pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Useful Pentest tool links

Pentest-Tools Red-Team-Essentialss General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vu

Welcome to Goby Goby is a new generation network security assessment tool It can efficiently and practically scan vulnerabilities while sorting out the most complete attack surface information for a target enterprise Goby can also quickly penetrate the company intranet based on a company's vulnerabilities exposed to the Internet We strive for Goby to become a more vita

Windows Active Directory penetration testing Technical notes and list of tools, scripts and Windows commands that I find useful during internal penetration tests (Windows environment/Active Directory) The output files included here are the results of tools, scripts and Windows commands that I ran against a vulnerable Windows AD lab that I created to test attacks/exploits and d

A curated list of my GitHub Stars

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents AutoIt Batchfile BitBake BlitzBasic C C# C++ CSS CoffeeScript Dart Dockerfile Erlang Go HTML Hack Java JavaScript Jupyter Notebook Kotlin Lua Makefile Nim Objective-C Others PHP Pascal Perl PowerShell Python Raku Ruby Rust Scala Shell Smarty TypeScript Vala Visual Basic Visual Basic NET Vue YAR

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools Windows Active Directory Pentest General usefull Powershell Scripts githubcom/S3cur3Th1sSh1t/WinPwn - 😎 githubcom/dafthack/MailSniper githubcom/putterpanda/mimikittenz githubcom/dafthack/DomainPasswordSpray githubcom/mdavis332/DomainPasswordSpray - same but kerberos auth for more stealth and lockout-sleep git

Master-Cheat-Sheet Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets Resource Azure Red Team Master Azure Active Directory References ejpt-cheatsheet Pwntools Cheatsheet Awesome-CobaltStrike-Resources

List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

Master-Cheat-Sheet General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scan

这是fscan的内网修改版。

fscan-Intranet 简介 这是fscan的内网修改版。 修改版 正式版下载首先附上作者原作,为作者的开源精神和一个nice的作品点赞 fscan的web扫描功能调用了xray的poc,这个确实非常好用,但是也造成了流量过大、速度过慢等问题。对于fscan还是更多应用在内网渗透中,而在内网渗透中对于薅洞的需

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞, 对功能进行强化以及脚本进行分类添加,自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

POC-S: POC-T Strengthen Version POC-T加强版 POC-T的wiki文档请看doc目录 前言: 目前 法律免责声明 未经事先双方同意,使用POC-S攻击目标是非法的。 POC-S仅用于安全测试目的 特点 兼容POC-T的语法 良好的poc分类,灵活的poc加载方式,支持单文件,批量,任意目录的加载方式 提供pocs/poc-s终端命令,让

Recent-CVE Collection of sample code needed for a simulated red team exercise CVE-2021-28476 - Microsoft Hyper-V Remote Code Execution Vulnerability in vmswitchsys CVE-2021-1732 - Microsoft Windows Win32k Elevation of Privilege Vulnerability CVE-2021-28482 - Microsoft Exchange Deserialization to Post-Auth RCE CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution CV

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

A red team toolkit aka ART toolkit refers to a collection of tools, techniques, and methodologies used by penetration testers for convenient use of tools and techniques in order to get results faster. An ART toolkit also contains necessary commands which are really helpful for the pentesters.

ART-TOOLKIT A red team toolkit aka ART toolkit refers to a collection of tools, techniques, and methodologies used by penetration testers for convenient use of tools and techniques in order to get results faster An ART toolkit also contains necessary commands which are really helpful for the pentesters Red Teaming tool General usefull Powershell Scripts AMSI Bypass restrictio

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Pentest-Tools Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets

Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner C

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Attack surface mapping

Welcome to Goby Goby is a new generation network security assessment tool It can efficiently and practically scan vulnerabilities while sorting out the most complete attack surface information for a target enterprise Goby can also quickly penetrate the company intranet based on a company's vulnerabilities exposed to the Internet We strive for Goby to become a more vita

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

poc

描述 基于Pocsuite3框架 所有的POC都使用python3从新编写或修改 部分POC并未有环境进行测试 所有的POC都只写了verify POC将会不定期更新 主要方便工作中的漏洞验证 有任何问题请Issue 问题说明 部分使用了socket包的POC如果无法验证漏洞是因为python2转python3的编码问题, python3的 socketsend()需要的

Master-Cheat-Sheet Windows Active Directory Pentest Lateral Movement POST Exploitation Wrapper for various tools Pivot Active Directory Audit and exploit tools Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner File / Directory / Parameter discovery Crawler Web Exploitation Tools REST API Audit SAML Login Swagger File API Attack Windows Privilege Escalation / Audit Windows Privilege Abuse (Privilege Escalation) T3 Enumeration Linux Privilege Escalation / Audit Exfiltration Reverse Engineering / decompiler Forensics Network Attacks Red-Team SIEM Scanner / Exploitation-Frameworks / Automation Payload Generation / AV-Evasion / Malware Creation Shellcode Injection Loader / Packer / Injectors EDR Evasion - Logging Evasion Useful Binary Modification tools External Penetration Testing Specific Service Scanning / Exploitation Command & Control Frameworks VBA Rust Go Cobalt Strike Stuff Android Linux MacOSX Specific Wifi Tools Android / Nethunter NAT Slipstreaming Raspberri PI Exploitation Physical Security / HID/ETH Emulator Social Engeneering Defender Guides / Tools / Incident Response / Blue Team Wordlists / Wordlist generators AD Lab Environment Obfuscation Hash Crack / Decryption Source Code / Binary Analysis Nim MISC Big-IP Exploitation Azure Cloud Tools Anonymous / Tor Projects Exploit Search Industrial Control Systems Network access control bypass Jenkins JMX Exploitation Citrix Netscaler Pwn mikrotik pwn Red Team infrastructure setup Bypass SPF/DKIM/DMARC Redis Exploitation Apache Tomcat Exploitation SSRF Exploitation LFI exploitation MondoDB Redis Couchdb Exploitation XXE Elasticsearch / Kibana Exploitation RMI attacks JSON Web Token Analysis / Exploitation Docker Exploitation PHP exploits Cloud attack tools Bluetooth / low energy Wireless / Radio Exploitation APT / Malware Emulation / Defense Check Hash Crack / Lookup OSCP Lists / tools / help ASPX Webshells PHP Webshells JSP WebShells Other Tool-Lists / Cheat Sheets Resource Azure Red Team Master Azure Active Directory References ejpt-cheatsheet Pwntools Cheatsheet Awesome-CobaltStrike-Resources

List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point.

Master-Cheat-Sheet General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scan

Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that I find useful during internal penetration tests

Windows Active Directory penetration testing Technical notes, AD pentest methodology, list of tools, scripts and Windows commands that I find useful during internal penetration tests (Windows environment) The output files included here are the results of tools, scripts and Windows commands that I ran against a vulnerable Windows AD lab that I created to test attacks/exploits a

Recent Articles

Threat Landscape Trends – Q1 2020
Symantec Threat Intelligence Blog • Critical Attack Discovery and Intelligence Team • 09 Jun 2023

A look at the cyber security trends from the first three months of 2020.

Posted: 9 Jun, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q1 2020A look at the cyber security trends from the first three months of 2020.Towards the end of the first quarter of 2020, we took a look through telemetry from our vast range of data sources and selected some of the trends that stood out.

From COVID-19-themed malicious email and BEC scams to vulnerability exploits and IoT attacks, let’s take a q...

Patch now? Why enterprise exploits are still partying like it's 1999
The Register • Davey Winder • 08 Sep 2021

Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?

Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example.
Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, liste...

Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Threatpost • Elizabeth Montalbano • 19 Aug 2021

Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization.
However, investigators found that officials were informed of the flaw in its servers and had at least two opportunities to fix it before the attack, mainly due to lack of coordination between teams responsible for...

Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years
welivesecurity • 29 Jul 2021

The leading cybersecurity and law enforcement agencies from the United States, the United Kingdom, and Australia have issued a joint cybersecurity advisory focusing on the top 30 vulnerabilities that were commonly abused by threat actors over the course of 2020 and 2021.
The advisory, coauthored by the United States’ Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom’s National Cyber Security Center (NCSC) and the Aus...

Here's a list of the flaws Russia, China, Iran and pals exploit most often, say Five Eyes infosec agencies
The Register • Gareth Corfield • 29 Jul 2021

Get our weekly newsletter And you've patched them all, haven't you, diligent readers?

Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them.
Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer. Tracked as CVE-2019-19781, the vuln has been the subject of repeated p...

Top CVEs Trending with Cybercriminals
Threatpost • Becky Bracken • 16 Jul 2021

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures (CVEs) threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for.
An analysis of such chatter, by Cognyte, examined 15 cybercrime forums between Jan. 2020 and March 2021. In its report, researchers highlight what CVEs are the most frequently mentioned and try to determine where attackers might strike next.
“Our findings reveal...

Risk and reward: Nefilim ransomware gang mainly targets fewer, richer companies and that strategy is paying off, warns Trend Micro
The Register • Gareth Corfield • 09 Jun 2021

Criminal operators emerged from woodwork just as COVID hit the West

The Nefilim ransomware gang might not be the best known or most prolific online extortion crew but their penchant for attacking small numbers of $1bn+ turnover firms is paying off, according tot he latest research.
The crew has made comparatively fewer headlines next to better-known criminals such as Darkside, perpetrators of the infamous US Colonial Pipeline attack, but analysis from security shop Trend Micro has shown the crooks appear to be going for big companies in the hope of extract...

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
Threatpost • Lindsey O'Donnell • 05 Mar 2021

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15.
In order to evade detection, Gafgyt_tor uses Tor to hide its command-and-control (C2) communications, and encry...

VMWare Patches Critical RCE Flaw in vCenter Server
Threatpost • Elizabeth Montalbano • 24 Feb 2021

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution (RCE) flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system to find other vulnerable points of network entry to take over affected systems.
Positive Technologies researcher Mikhail Klyuchnikov dis...

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Threatpost • Tara Seals • 21 Oct 2020

Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups.
That’s according to the National Security Agency (NSA), which released a “top 25” list of the exploits that are used the most by China-linked advanced persistent threats (APT), which include the likes of Cactus Pete, TA413, Vicious Panda and Winniti.
The Feds...

Election Systems Under Attack via Microsoft Zerologon Exploits
Threatpost • Lindsey O'Donnell • 13 Oct 2020

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.
Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

Ray‑Ban parent company reportedly suffers major ransomware attack
welivesecurity • 24 Sep 2020

Luxottica, the world’s leading eyewear producer, has allegedly fallen victim to a ransomware attack that affected its Italian and Chinese operations alike. The Italy-based eyewear giant – which boasts brands such as Ray-Ban, Oakley, and Persol in its portfolio as well as produces eyeglasses for fashion labels such as Burberry, Prada, Chanel, and Versace – appears to have been hit over the weekend.
Details of the alleged attack are not immediately clear, but according to BleepingCompu...

Doppelpaymer ransomware crew fingered for attack on German hospital that caused death of a patient
The Register • Gareth Corfield • 23 Sep 2020

Same mob promised not to target healthcare facilities

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources.
The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
That ransomware infection, activated last week, is said by local prosecutors to have led to the death of one ...

Doppelpaymer ransomware crew fingered for attack on German hospital that caused death of a patient
The Register • Gareth Corfield • 23 Sep 2020

Same mob promised not to target healthcare facilities

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources.
The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
That ransomware infection, activated last week, is said by local prosecutors to have led to the death of one ...

Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNs
The Register • Gareth Corfield • 16 Sep 2020

Please just patch your infrastructure, begs US-CISA What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran.
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cybe...

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Threatpost • Lindsey O'Donnell • 14 Sep 2020

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the...

What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds
The Register • Shaun Nichols in San Francisco • 14 Sep 2020

Beijing's snoops don't even need zero-days to break into valuable networks

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.
Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted.
In a joint statement, the FBI and Homeland Security's Cybersecu...

Pioneer Kitten APT Sells Corporate Network Access
Threatpost • Elizabeth Montalbano • 01 Sep 2020

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity.
Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services. Researchers observed an actor associated with the group advertising access to compromised network...

Citrix Warns of Critical Flaws in XenMobile Server
Threatpost • Lindsey O'Donnell • 12 Aug 2020

Citrix is urging users to immediately patch a pair of critical flaws in its flagship mobile device management software. If exploited, the flaws could allow remote, unauthorized attackers to access domain account credentials – ultimately opening the door to a treasure trove of corporate data, including email and web applications.
The flaws exist in Citrix Endpoint Management (CEM), often referred to as XenMobile Server, which enables businesses to manage employees’ mobile devices and m...

Hackers Look to Steal COVID-19 Vaccine Research
Threatpost • Tara Seals • 16 Jul 2020

Threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S.
That’s according to a joint alert from the U.S. Department of Homeland Security (DHS), the U.K.’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE),  issued Thursday.
The 14-page advisory details the recent activity of Russi...

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees
The Register • Shaun Nichols in San Francisco • 08 Jul 2020

Eleven flaws cleaned up including one that may be exploited to sling malware downloads Australian PM says nation under serious state-run 'cyber attack' – Microsoft, Citrix, Telerik UI bugs 'exploited'

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products.
The bundle includes fixes for one code injection bug, three information disclosure flaws, three elevation of privilege bugs, two cross-site scripting vulnerabilities, one denial-of-service hole, and one authorization-bypass flaw.
Affected gear includes the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of an...

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Threatpost • Tara Seals • 07 Jul 2020

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.
The Citrix products  (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 coun...

US-CERT lists the 10 most-exploited security bugs and, yeah, it's mostly Microsoft holes people forgot to patch
The Register • Shaun Nichols in San Francisco • 14 May 2020

Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week

Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware.
A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe.
Microsoft ranks highly in the list because its software is widely used, and pro...

Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence
The Register • Gareth Corfield • 05 May 2020

Just ask us if you need help, urge NCSC and CISA

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.
The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password spraying” campaign targeting healthcare and medical research organisations.
Hostile countries are also said to be abusing a specific Citrix vulnerability ...

Surprise surprise! Hostile states are hacking coronavirus vaccine research, warn UK and USA intelligence
The Register • Gareth Corfield • 05 May 2020

Just ask us if you need help, urge NCSC and CISA Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response

Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning.
The National Cyber Security Centre (NCSC) and America’s Cybersecurity and Infrastructure Security Agency (CISA) cautioned of a “password spraying” campaign targeting healthcare and medical research organisations.
Hostile countries are also said to be abusing a specific Citrix vulnerability ...

Google: We've blocked 126 million COVID-19 phishing scams in the last week
The Register • Paul Kunert • 17 Apr 2020

240 million daily virus themed spams as 'bad actors' feed on people's fear

In the past week, some 18 million COVID-19 phishing emails were sent via Gmail to unsuspecting marks, according to Google.
"No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today.
The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab data and resources f...

Google: We've blocked 126 million COVID-19 phishing scams in the past week
The Register • Paul Kunert • 17 Apr 2020

240 million daily virus themed spams as 'bad actors' feed on people's fear ASEAN economic bloc calls for regional fake news crushing co-operation

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google.
"No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19," said Neil Kumaran, products manager for Gmail, and Sam Lugani, lead security PMM, G Suite and CP platform, today.
The pair said phishing is still the "most effective method" that scammers deploy to compromise accounts and grab dat...

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
Threatpost • Lindsey O'Donnell • 25 Mar 2020

Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.”
Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Researchers said it’s unclear if APT41 attempted exploitation en ma...

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
The Register • Shaun Nichols in San Francisco • 06 Feb 2020

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.
Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway. A successful exploit would give hackers a foothold in a compromised network.
The infosec biz, whose researchers discovered and disclosed the vulnerability in December of last year, has bee...

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole
The Register • Shaun Nichols in San Francisco • 06 Feb 2020

Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked 'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.
Positive Technologies today estimated that thousands of companies remain open to the takeover vulnerability in Citrix ADC and Gateway. A successful exploit would give hackers a foothold in a compromised network.
The infosec biz, whose researchers discovered and disclosed the vulnerability in December of last year, has bee...

Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned
The Register • Shaun Nichols in San Francisco • 23 Jan 2020

Handy FireEye tool roots out indicators of compromise

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday.
The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of compromise for the so-called "Shitrix" arbitrary code execution vulnerability in Citrix's Application Delivery Controller and Gateway products. The tool can be run on any Citr...

Still losing sleep over that awful Citrix bug? This scanner is here to help... you realize you've already been pwned
The Register • Shaun Nichols in San Francisco • 23 Jan 2020

Handy FireEye tool roots out indicators of compromise As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC

Citrix and FireEye have released a new security tool to help admins find out if their servers have been hacked via the high-profile CVE-2019-19781 flaw that was disclosed in December but only patched on Monday.
The free application, shared under the Apache 2.0 open-source license, will scan devices for indications of compromise for the so-called "Shitrix" arbitrary code execution vulnerability in Citrix's Application Delivery Controller and Gateway products. The tool can be run on any Citr...

PoC Exploits Do More Good Than Harm: Threatpost Poll
Threatpost • Lindsey O'Donnell • 22 Jan 2020

When it comes to the release of proof-of-concept (PoC) exploits, more security experts agree that the positives outweigh the negatives, according to a recent and informal Threatpost poll.
Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a “good idea” to publish PoC code for zero days. Up to 38 percent of respondents, meanwhile, argued it wasn’t a good idea.
The debate comes on the heels of PoC code being released last we...

Citrix Accelerates Patch Rollout For Critical RCE Flaw
Threatpost • Lindsey O'Donnell • 21 Jan 2020

Citrix has quickened its rollout of patches for a critical vulnerability (CVE-2019-19781) in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products, on the heels of recent proof-of-concept exploits and skyrocketing exploitation attempts.
Several versions of the products still remain unpatched – but they will be getting a patch sooner than they were slated to. While Citrix originally said some versions would get a patch Jan. 31, it has now also shortened that timefr...

As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC
The Register • Gareth Corfield • 20 Jan 2020

SD-WAN WANOP will have to wait a few days, though

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation.
As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution.
In other words, baddies not on your network could get into it and start running all kinds of malicious soft...

As miscreants prey on thousands of vulnerable boxes, Citrix finally emits patches to fill in hijacking holes in Gateway and ADC
The Register • Gareth Corfield • 20 Jan 2020

SD-WAN WANOP will have to wait a few days, though

Citrix has rushed out official fixes for the well-publicised vuln in some of its server products after miscreants were seen deploying their own custom patches that left a backdoor open for later exploitation.
As previously reported, vulnerabilities in Citrix Application Delivery Encoder and Citrix Gateway could allow remote attackers to carry out unauthenticated code execution.
In other words, baddies not on your network could get into it and start running all kinds of malicious soft...

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

'Friendly' hackers are seemingly fixing the Citrix server hole – and leaving a nasty present behind
The Register • Shaun Nichols in San Francisco • 17 Jan 2020

Congratulations, you've won a secret backdoor Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.
Researchers at FireEye report finding a hacking group (dubbed NOTROBIN) that has been bundling mitigation code for NetScaler servers with its exploits. In effect, the hackers exploit the flaw to get access to the server, kill any existing malware, set up their own backdoor, then block off the vulnerable code from future exploit attempts by mitigation.

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit
The Register • Shaun Nichols in San Francisco • 16 Jan 2020

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder

Vid Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.
While IT admins can use the proof-of-concept exploit code to check their own systems are secure, miscreants can use them to, in the case of Citrix, hijack remote systems, or in the case of Windows, masquerade malware as legit apps or potentially ...

Bad news: Windows security cert SNAFU exploits are all over the web now. Also bad: Citrix gateway hole mitigations don't work for older kit
The Register • Shaun Nichols in San Francisco • 16 Jan 2020

Good news: There is none. Well, apart from you can at least fully patch the Microsoft blunder Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...

Vid Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. If you haven't taken mitigation steps by now, you're about to have a bad time.
While IT admins can use the proof-of-concept exploit code to check their own systems are secure, miscreants can use them to, in the case of Citrix, hijack remote systems, or in the case of Windows, masquerade malware as legit apps or potentially ...

Unpatched Citrix Flaw Now Has PoC Exploits
Threatpost • Lindsey O'Donnell • 13 Jan 2020

Proof-of-concept (PoC) exploit code has been released for an unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
The vulnerability (CVE-2019-19781), which Threatpost reported on in December, already packs a double-punch in terms of severity: Researchers say it is extremely easy to exploit, and affects all supported versions of Citrix Gateway products and Citrix ADC, a purpose-built networking appliance meant to impr...

If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available
The Register • Shaun Nichols in San Francisco • 13 Jan 2020

Plus: TikTok clocked, Honey in a sticky situation, Arm's PAN mechanisms sidestepped

Roundup Welcome to another Register security roundup. Here are a few stories that caught our eye.
Late last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway) offerings. Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.
Those admins who haven't put mitigations in place by now will want to make su...

If you haven't shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available
The Register • Shaun Nichols in San Francisco • 13 Jan 2020

Plus: TikTok clocked, Honey in a sticky situation, Arm's PAN mechanisms sidestepped

Roundup Welcome to another Register security roundup. Here are a few stories that caught our eye.
Late last month Citrix disclosed a critical security hole (CVE-2019-19781) in its Application Delivery Controller and Unified Gateway offerings (VPN products formerly known as Netscaler ADC and Netscaler Gateways). Up to 80,000 systems were thought to be at risk, with some 25,000 instances found online over the weekend.
Those admins who haven't put mitigations in place by now will want t...

Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
Threatpost • Tara Seals • 26 Dec 2019

Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.
The Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at leas...

Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers
The Register • Tim Anderson • 23 Dec 2019

Unauthorised users able to perform 'arbitrary code execution'

A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access.
Citrix (NetScaler) ADC is a load balancer and monitoring tech, while Unified Gateway provides remote access to internal applications. This can include desktop applications as well as intranet or web applications. "Any app...

Patch now: Published Citrix applications leave networks of 'potentially 80,000' firms at risk from attackers
The Register • Tim Anderson • 23 Dec 2019

Unauthorised users able to perform 'arbitrary code execution'

A critical vulnerability found in Citrix Application Delivery Controller and Citrix Gateway (formerly known as Netscaler ADC and Netscaler Gateway) means businesses with apps published using these technologies may be exposing their internal network to unauthorised access.
Citrix (NetScaler) ADC is a load balancer and monitoring tech, while Unified Gateway provides remote access to internal applications. This can include desktop applications as well as intranet or web applications. "Any app...

Citrix patches critical ADC flaw the NSA says is already under attack from China
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Yet more pain for the software formerly known as NetScaler

The China-linked crime gang APT5 is already attacking a flaw in Citrix's Application Delivery Controller (ADC) and Gateway products that the vendor patched today.
Citrix says the flaw, CVE-2022-27518, "could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance" if it is configured as a SAML service provider or identity provider (SAML SP, SAML IdP).
Unusually, Citrix has a policy of not revealing the Common Vulnerability Scoring System (CVSS) s...

The Register

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.
Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted.
In a joint statement, the FBI and Homeland Security's Cybersecu...

The Register

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran.
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cybe...

The Register

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products.
The bundle includes fixes for one code injection bug, three information disclosure flaws, three elevation of privilege bugs, two cross-site scripting vulnerabilities, one denial-of-service hole, and one authorization-bypass flaw.
Affected gear includes the Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP. So far there have been no reports of an...

The Register

Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware.
A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe.
Microsoft ranks highly in the list because its software is widely used, and pro...

The Register

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources.
The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
That ransomware infection, activated last week, is said by local prosecutors to have led to the death of one ...

The Register

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that allegedly led to one patient's death, according to local sources.
The Aachener Zeitung newspaper carried a report from the German Press Association (DPA) that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.
That ransomware infection, activated last week, is said by local prosecutors to have led to the dea...