{"uuid": "27e85191-0d47-4d4b-8120-02018f19a0df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2414", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2105", "content": "15 Tools - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\u200b\u200bCVE-2022-2414-Proof-Of-Concept\n\nA flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\n\u200b\u200bPylirt\n\nPython Linux Incident Response Toolkit\n\nWith this application, it is aimed to accelerate the incident response processes by collecting information in linux operating systems.\n\nhttps://github.com/anil-yelken/pylirt\n\n\u200b\u200bQuickstart Quark Script\n\nIn this tutorial, we will learn how to install and run Quark Script with a very easy example. We show how to detect CWE-798 in ovaa.apk.\n\nhttps://github.com/quark-engine/quark-script\n\n\u200b\u200bDynamicLabs\n\nCreating lab environments for testing and learning red teaming/simulated attack techniques can be hard and time consuming.\n\nDynamic Labs is an open source tool aimed at red teamers and pentesters for the quick deployment of flexible, transient and cloud-hosted lab environments.\n\nIts simple configuration files abstract the complexities of building realistic corporate environments with common vulnerabilities.\n\nhttps://github.com/ctxis/DynamicLabs\n\n\u200b\u200bfireproxng\n\nfireproxng is a refresh of the widely loved fireprox.\n\nThe original fireprox project appears to be mostly unchanged and I assume most organizations have transitioned to maintaining an internal version of the tool. \n\nhttps://github.com/Sprocket-Security/fireproxng\n\nRedditC2\n\nAbusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.\n\nhttps://github.com/kleiton0x00/RedditC2\n\n\u200b\u200bHacking Stellar\n\nHacking Stellar is an open-source e-book on Stellar, the decentralized payment network, which allows financial institutions, businesses, and individuals around the world to transact quickly and reliably.\n\nThis online book introduces you to Stellar with lots of practical examples using the command-line client, Lumen, and moves on to building complete applications using the Javascript and Go libraries.\n\nhttps://github.com/0xfe/hacking-stellar\n\n\u200b\u200bSandboxProfiler\n\nCollect information of internet-connected sandboxes, no backend needed. This is achieved using telegram and interact.sh to collect data, however custom listeners are also supported. Non internet-connected sandboxes are not in scope, however it is possible to check for DNS exfiltration.\n\nhttps://gitlab.com/brn1337/sandboxprofiler\n\n\u200b\u200bEasyG\n\nEasyG started out as a script that I use to automate some information gathering tasks for PenTesting and Bug Hunting, you can find it here. Now it's more than that.\n\nhttps://github.com/seeu-inspace/easyg\n\n\u200b\u200bAwesome Firmware Security\n\nA curated list of platform firmware resources, with a focus on security and testing. Created by PreOS Security.\n\nhttps://github.com/PreOS-Security/awesome-firmware-security\n\n\u200b\u200bPentest-Cheat-Sheets\n\nThis repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework.\n\nhttps://github.com/Kitsun3Sec/Pentest-Cheat-Sheets\n\n\u200b\u200bHacking Resources\n\nCTF chall write-ups, files, scripts etc \n\nhttps://github.com/Crypto-Cat/CTF\n\ns3cXSSer\n\nThis extension will help you to detect GET/POST based XSS vulnerability in any website easily\n\nhttps://github.com/s3c-krd/s3cXSSer\n\n\u200b\u200bgetsymbol\n\nTool to download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers compatible with Windows 8.1/10/11\n\nhttps://github.com/dbgsymbol/getsymbolv\n\n\u200b\u200bcypherhound\n\nA Python3 terminal application that contains 190+ Neo4j cyphers for BloodHound data sets.\n\nhttps://github.com/fin3ss3g0d/cypherhound\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\nhttps://t.me/dilagrafie\nhttps://t.me/c/1634518258/5\nhttps://t.me/c/1634518258/6", "creation_timestamp": "2022-12-09T17:14:43.000000Z"}