exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 15 of 15

Files from Ajin Abraham

Exploiting Node.js Deserialization Bug For Remote Code Execution

Posted Feb 9, 2017

Authored by Ajin Abraham

Whitepaper called Exploiting Node.js Deserialization Bug for Remote Code Execution.

tags | paper, remote, code execution

advisories | CVE-2017-5941

SHA-256 | e4c44e481083277da9666876b87977b4453bd1a4aa528dd77e259494519b7b2a

Download | Favorite | View

Mobile Security Framework MobSF 0.9.3 Beta

Posted Nov 23, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

SHA-256 | 700cdd3f3460d4db512a15ccc778012b27d14b9d9019961e561b1b27ac8ed277

Download | Favorite | View

Mobile Security Framework MobSF 0.9.2 Beta

Posted May 3, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

SHA-256 | 9a9189b4d7fe03495edaca2f8d76a9fbb34f18d666bd43cc24ac1ab1a8d428dd

Download | Favorite | View

Mobile Security Framework MobSF 0.9.1

Posted Mar 16, 2016

Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Improved and responsive UI. Dynamic SSL testing. Various other updates and improvements.

tags | tool, web, vulnerability, fuzzer, xxe

systems | cisco, ios

SHA-256 | 215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6c

Download | Favorite | View

KMPlayer 3.9.1.130 Denial Of Service

Posted Nov 25, 2014

Authored by Ajin Abraham

KMPlayer version 3.9.1.130 suffers from an integer division by zero denial of service vulnerability.

tags | exploit, denial of service

SHA-256 | 46e4225ba329eb3a05698c03f7d702576a31704dd6310911a1965c1518569b5d

Download | Favorite | View

WordPress Clean And Simple Contact Form 4.4.0 XSS

Posted Nov 4, 2014

Authored by Ajin Abraham

WordPress Clean and Simple contact Form plugin version 4.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1d91c931536f21ad20aa07da813acd456f8bec8475ff5a7c8e9689ecb7f54ede

Download | Favorite | View

MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification

Posted Jul 21, 2014

Authored by Ajin Abraham

Proof of concept code for the MTS MBlaze 3G Wi-Fi Modem that suffers from credential theft, login bypass, password reset, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, proof of concept, csrf

SHA-256 | c237b06e1b37e1e0e5a7bab3e3cb3740e9813d5c396e49c2dd6218c589c8f199

Download | Favorite | View

Ultimate XSS Protection Cheat Sheet

Posted Jul 1, 2014

Authored by Ajin Abraham

The Ultimate XSS Protection Cheat Sheet for Developers is a compilation of information available on XSS Protection from various organizations, researchers, websites, and the author's own experience.

tags | paper, xss

SHA-256 | 9da5be71c2cceab610824325136d4b2dabd4ac994b7960647f2c0966354aed07

Download | Favorite | View

OWASP Xenotix XSS Exploit Framework 4

Posted Aug 16, 2013

Authored by Ajin Abraham | Site owasp.org

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

tags | tool, web, xss, proof of concept

SHA-256 | ec7eae73fb105951ed22898d881dae39b54e162988b8fdc8b9fc11276d59d8f0

Download | Favorite | View

Xenotix Python Keylogger For Windows

Posted May 7, 2013

Authored by Ajin Abraham

Xenotix is a keylogger for windows that is written in Python. It has the ability to send logs remotely.

tags | system logging, python

systems | windows, unix

SHA-256 | 16bbf9e5e1780a33332509ebf9181a4f9de56d922e037343ce45e5b75909227f

Download | Favorite | View

Abusing, Exploiting, And Pwning With Firefox Add-Ons

Posted Feb 22, 2013

Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper

SHA-256 | 13625ce6c755c96192b50c4a415d4bee4bd21c7137c469ce62b2ea3b7d46cc76

Download | Favorite | View

Detecting And Exploiting XSS With Xenotix XSS Exploit Framework

Posted Sep 12, 2012

Authored by Ajin Abraham

This is a whitepaper called Detecting and Exploiting XSS with Xenotix XSS Exploit Framework.

tags | paper, xss

SHA-256 | 59617105598315038569fcdcfa35beec89bf540f72b53763cb4364b163e8cd38

Download | Favorite | View

Shellcoding In Linux

Posted Sep 3, 2012

Authored by Ajin Abraham | Site keralacyberforce.in

This is a whitepaper that was written for beginners learning how to write shellcode.

tags | paper, shellcode

SHA-256 | 4408a4e26d5d0e08d0400d47fc4b5fbdc7ea9f4db3d206e9f0a533805edf17ed

Download | Favorite | View

Xenotix KeylogX Keylogger For Firefox

Posted Feb 24, 2012

Authored by Ajin Abraham | Site xenotix.co.cc

Xenotix KeylogX is a keylogger add-on for Mozilla Firefox. It captures and logs keystrokes sent to the browser and you simply type alt-X to retrieve the data from the logfile.

tags | tool, web

SHA-256 | 67b0971f10df230d180133c5c89d059079a85c82d7ef454d272f3decf994a478

Download | Favorite | View

Wi-Fi Security With Wi-Fi Protection Plus

Posted Feb 12, 2012

Authored by Ajin Abraham, Vimal Jyothi

Whitepaper called Wi-Fi Security with Wi-Fi Protection Plus. Wi-Fi P+ is a new security architecture proposed by the authors.

tags | paper

SHA-256 | a1796ef5991f37e305255cca3db5c7cb382fdf8cc9c174e0f73caebf4c6d9270

Download | Favorite | View