Autor: Mr. Cl0wn

ShellShockHunter Tool v1.0

ShellShockHunter v1.0  Autor: MrCl0wn Blog: http://blog.mrcl0wn.com GitHub: https://github.com/MrCl0wnLab Twitter: https://twitter.com/MrCl0wnLab Email: [email protected] Shellshock (software bug) Shellshock, also known as Bashdoor, is a family of security bugs in the UnixBash shell, the first of which was disclosed on 24 September 2014. Shellshockcould enable an attacker to cause Bash to execute arbitrary

Continuar a ler

Simple Recon Subdomain

I used web tools for enumerate host and ip. TARGET IS A MAGIC STRING curl -s “https://rapiddns.io/subdomain/TARGET?full=1#result” | awk -v RS='<[^>]+>’ ‘/$1/’ | sort -u >>TARGET-rapiddns.txt curl -s “https://riddler.io/search/exportcsv?q=pld:TARGET” | grep -Po “(([w.-]*).([w]*).([A-z]))w+” | sort -u >>TARGET-riddler.txt curl -s “https://jldc.me/anubis/subdomains/TARGET” | grep -Po “((http|https)://)?(([w.-]*).([w]*).([A-z]))w+” | sort -u >>TARGET-jldc.txt curl -s

Continuar a ler

Scan IP Checker CVE-2020-5902

Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. Os dispositivos BIG-IP, fabricados pela F5 Networks, integram funções como gerenciar tráfego de rede, gerenciamento de

Continuar a ler

Class SenderMailgun in PHP

Class PHP criada para envio simples de email via API Mailgun. O usuário deve cadastrar seu domínio dentro da plataforma mailgun e assim gerando os valores de DNS records que será cadastrada em sua zona DNS. VERIFYING YOUR DOMAIN https://documentation.mailgun.com/en/latest/user_manual.html#verifying-your-domain ACCESS YOUR DOMAINS https://app.mailgun.com/app/sending/domains ACCESS YOUR PRIVATE API KEY https://app.mailgun.com/app/account/security/api_keys

Continuar a ler

Information Gathering: Coleta de email em Posts do Linkedin

As redes sociais são um buraco sem fim quando se trata de usuários expondo dados pessoais. isso qualquer analista de segurança sabe, e tal característica  pode ser usado como uma fonte rica para ataques direcionados. Criou-se um comportamento padrão em post’s LinkedIn onde o “influenciador” posta um X conteúdo e

Continuar a ler