exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 7,980 RSS Feed

Security Tool Files

Fwknop Port Knocking Utility 2.6.11
Posted Feb 7, 2024
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Fixed two bugs in PF handling code. Added ALLOW_ANY_USER_AGENT for ENABLE_SPA_OVER_HTTP mode so that fwknopd will accept any User-Agent string coming from the client. Various fixes to the AppArmor profile to support recent versions of Debian and Ubuntu. Add gpg.conf and gpg-agent.conf to set pinentry-mode loopback to restore GPG full cycle tests. A couple additional updates to the test suite.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | bcb4e0e2eb5fcece5083d506da8471f68e33fb6b17d9379c71427a95f9ca1ec8
American Fuzzy Lop plus plus 4.10c
Posted Feb 5, 2024
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site github.com

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: 3 changes to afl-fuzz, 3 changes to afl-cc, 6 changes to instrumentation, 1 change to qemu_mode, and a few other updates.
tags | tool, fuzzer
systems | unix
SHA-256 | c9a43894b87502a5f69efdb97dee637c9dd4d2c5dfef1c9d79b9d406adafdb76
OpenSSL Toolkit 3.2.1
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The latest stable version is the 3.2 series supported until 23rd November 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39
OpenSSL Toolkit 3.1.5
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1 series is supported until 14th March 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262
OpenSSL Toolkit 3.0.13
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.0 series is a Long Term Support (LTS) version and is supported until 7th September 2026.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
Falco 0.37.0
Posted Jan 30, 2024
Authored by Sysdig | Site sysdig.org

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

Changes: 12 major changes, 14 minor changes, 5 bug fixes, and 12 non-user facing changes.
tags | tool, intrusion detection
systems | unix
SHA-256 | b6f5c76af02ef16ffb7965f810a9af4815ad4f904b478eb7451dde7133f76dbf
PrommetriX Prometheus Metrics Leaker
Posted Jan 29, 2024
Authored by psy | Site github.com

PrommetriX is a tool that demonstrates a data leakage vulnerability in the Prometheus metrics-based event monitoring software.

tags | exploit, tool
SHA-256 | 27d0180963b74fcbd5831b059fa52142445e0ab684e71e634dffdf199cf1742e
GNU Privacy Guard 2.4.4
Posted Jan 25, 2024
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Dozens of bug fixes and additions in this release.
tags | tool, encryption
SHA-256 | 67ebe016ca90fa7688ce67a387ebd82c6261e95897db7b23df24ff335be85bc6
Zeek 6.0.3
Posted Jan 24, 2024
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes 1 security bug and 6 non-security bugs.
tags | tool, intrusion detection
systems | unix
SHA-256 | 227edf0e1e6b54dc9893cfd1ecd8621291cc85d1d06808874394aad555f8a8a4
Logwatch 7.10
Posted Jan 23, 2024
Site sourceforge.net

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Changes: Full changelog missing but this is a new release since the last release in July of 2023.
tags | tool, intrusion detection
systems | unix
SHA-256 | 329df0991b879764ed7e50a869de5b6bfa70d241eb254397a5659d1ff5f2588f
Packet Fence 13.1.0
Posted Jan 22, 2024
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This release holds 4 new features, 10 enhancements, and 6 bug fixes.
tags | tool, remote
systems | unix
SHA-256 | a94047116abd15e4d8424e3d8efb27871ba3c8e9f0d4426d64137bef92318a8d
mqXSS 0.2
Posted Jan 18, 2024
Authored by grandpae | Site github.com

mqXSS is a client to communicate with XSS hooked browsers over MQTT. Similar to xsshunter or beef, mqxss allows interaction with remote browsers that have been injected with a XSS payload. However, instead of having the victim connect back to your server they connect through a Secure Websocket MQTT broker instead. This tool facilitates the JS payload generation and interaction with hooked browsers that communicate over WSS MQTT brokers.

tags | tool, remote, vulnerability, xss
systems | unix
SHA-256 | 8896d3a6c195fd964e3ba8e5a991dcb72d8c6488f787f595e2d0fca71fec9ad8
SSH-Snake: Automated SSH-Based Network Traversal
Posted Jan 9, 2024
Authored by Joshua Rogers | Site github.com

SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system. SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.suffers from bypass and traversal vulnerabilities.

tags | tool, scanner, vulnerability, file inclusion
systems | unix
SHA-256 | 955ae990d1d900f97e789c6f6cb04dd954898e032e8e00fc6d4354e9508c09ae
tc Tor Chat Client
Posted Jan 9, 2024
Authored by fausto

tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.

tags | tool
systems | linux, unix, bsd
SHA-256 | bae7c904763360a82e8b3a4a6720b31c22f9c49b63eca777df474d4383d39f97
Wireshark Analyzer 4.2.2
Posted Jan 5, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 5 vulnerabilities and 23 bugs have been fixed.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2024-0207, CVE-2024-0208, CVE-2024-0209, CVE-2024-0210, CVE-2024-0211
SHA-256 | 9e3672be8c6caf9279a5a13582d6711ab699ae2a79323e92a99409c1ead98521
SQLMAP - Automatic SQL Injection Tool 1.8
Posted Jan 4, 2024
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Major release bump with a large list of changes.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
SHA-256 | 11ff3ec22c20f9df79ec9d008e2f17311a5e18930cc1feb4e4ad744271565916
Proxmark3 4.17768 Custom Firmware
Posted Jan 3, 2024
Authored by Christian Herrmann | Site github.com

This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Steamboat Willie.

Changes: Updates include Enhanced LF Sniffing, which are major improvements in long-time low-frequency sniffing capabilities, allowing for more detailed and accurate data capture. Also included is Magic Card Detection, an advanced detection capabilities for various Magic Card configurations, making identification more precise and user-friendly. The Automatic Reconnect Feature has been added, a much-anticipated addition that ensures seamless reconnection and prompt updates, enhancing the overall user experience.
tags | tool
systems | unix
SHA-256 | 638a679622ab2bd896b42e5c058eff3b90fd964addc289e62c282b18e7978237
Faraday 5.0.1
Posted Jan 3, 2024
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: The changelog is missing but hey, new release!
tags | tool, rootkit
systems | unix
SHA-256 | 1f83b807f82f58533272d0a31c9a36067bb8dedb20a708d37d2a4c437072bbd9
RansomLord Anti-Ransomware Exploit Tool 2
Posted Jan 2, 2024
Authored by hyp3rlinx, malvuln | Site malvuln.com

RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from.

Changes: This version now intercepts and terminates malware tested from 43 different threat groups, adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit, Vohuk, Medusa and Phobus. Two noteworthy additions mitigate wipers Wagner and DoubleZero that are supposedly used against entities in the Ukraine conflict. Updated the x32/x64 DLLs to exploit ten more vulnerable ransomwares. Added -s Security information flag section.
tags | tool, encryption
SHA-256 | 3d0954a58224a8f54be67a55a09030ed0b5de5923f0fb95816b6be7924a22000
Stegano 0.11.3
Posted Jan 2, 2024
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Stegano now supports Python 3.12. Support of Python 3.8 has been removed.
tags | tool, encryption, steganography, python
systems | unix
SHA-256 | 903d5e5eb7b4a1daf8f56200c4bc60872e61b798e67034603be53c3076117c75
OpenSSH 9.6p1
Posted Dec 21, 2023
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This release contains fixes for a newly-discovered weakness in the SSH transport protocol, a logic error relating to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for programs that invoke ssh(1) with user or hostnames containing invalid characters. Included are three security changes, five new features, nine bug fixes, and various other updates.
tags | tool, encryption
systems | linux, unix, openbsd
advisories | CVE-2023-38408
SHA-256 | 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c
I2P 2.4.0
Posted Dec 19, 2023
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: This release continues the effort to improve the security and stability of the I2P network. It contains significant improvements to the Network Database, an essential structure within the I2P network used for discovering your peers. It includes 6 changes and about 2 dozen bug fixes.
tags | tool
systems | unix
SHA-256 | 30ef8afcad0fffafd94d30ac307f86b5a6b318e2c1f44a023005841a1fcd077c
American Fuzzy Lop plus plus 4.09c
Posted Dec 15, 2023
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site github.com

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: 9 changes to afl-fuzz, 4 changes to afl-whatsup, 2 changes to instrumentation, 1 fix for frida_mode, support for AFL_FUZZER_LOOPCOUNT for afl.rs and LLVMFuzzerTestOneInput, and a few other updates.
tags | tool, fuzzer
systems | unix
SHA-256 | 2d3b2e4f066b1f3eda17faff147dfa3e4b16fba044257361aca51a2322c5122d
Faraday 5.0.0
Posted Dec 14, 2023
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: A breaking change where Faraday now uses Celery as the main way to import reports. In addition, they have removed twisted and replaced raw websockets with socket.io. Added option to faraday-server to run workers.
tags | tool, rootkit
systems | unix
SHA-256 | c86b107d52957be8d1db2d23617afb792307282d5164cf7d89fce10fcfc99454
TOR Virtual Network Tunneling Tool 0.4.8.10
Posted Dec 11, 2023
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

Changes: This is a security release fixing a high severity bug (TROVE-2023-007) affecting Exit relays supporting Conflux. Three additional minor bug fixes.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | e628b4fab70edb4727715b23cf2931375a9f7685ac08f2c59ea498a178463a86
Page 2 of 320
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close