Site search

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from <data android:scheme="android_secret_code"> elements is rendered in HTML reports without sanitization, enabling session hijacking and account takeover.

https://github.com/advisories/GHSA-8hf7-h89p-3pqj

⚠️ WARNING: LEGAL DISCLAIMER

This tool is intended for educational purposes only. The author is not responsible for any illegal use of this tool. Users aresolely responsible for their actions.

#kalilinux #kalilinuxtools #informationsecurity #ethicalhacker #pentesting #Ubuntu...

Autonomous Multi-Agent Based Red Team Testing Service / AI hacker
Vibe Hacking is a new paradigm in Offensive Security defined by PurpleAILAB.

Unlike traditional red teaming methods that rely on manual execution, AI agents autonomously perform red teaming tasks in Vibe Hacking.

https://github.com/PurpleAILAB/Decepticon

⚠️ WARNING: LEGAL DISCLAIMER

This tool is intended for educational purposes only. The author is not responsible for any illegal use of this tool. Users aresolely responsible for their actions.

#kalilinux #kalilinuxtools #informationsecurity #ethicalhacker #pentesting #Ubuntu #bugbounty #github #githubuniverse #hacking #hacking_or_secutiy #WebPentest #webpentest #decryption #ddosattak #networkattacktool #networkattack #WhatWeb #metasploit #nmap #burpsuite #bruteforce #informationgathering #hackingtools #vulnerability #sysalbania #cybersecurity...

The Big Brother V3.0 is a weaponized OSINT platform featuring username enumeration (473+ platforms), quad-vector visual intelligence, Sky Radar tracking, crypto wallet analysis, SSL intelligence, digital footprint reconstruction, EXIF extraction, advanced dorking, and network reconnaissance.

https://github.com/chadi0x/TheBigBrother

Legal Disclaimer
FOR EDUCATIONAL AND AUTHORIZED TESTING ONLY
This tool is designed for:
Educational purposes in controlled lab environments
Authorized penetration testing with written permission
Security research on systems you own
Unauthorized access to computer systems is ILLEGAL and may result in criminal prosecution.
By using this tool, you agree to:
Only test systems you own or have explicit written authorization to test
Comply...

Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.

🚀Features

Probes HTTP 401 and 403 response codes to discover potential bypass techniques.
Utilizes various methods and headers to test and bypass access controls.
Customizable through command-line arguments.

All content shared is strictly for educational and awareness purposes. I do not promote, engage in, or encourage any illegal activities. Use the information responsibly and in...

🔎 What is 𝐘𝐚𝐧𝐝𝐞𝐱 𝐝𝐨𝐫𝐤𝐢𝐧𝐠? (Advanced OSINT Technique)

Most bug hunters know about Google Dorks…

But very few explore the power of Yandex Dorking using Yandex 🔥

Yandex is a Russian search engine that sometimes indexes files and directories that Google ignores — making it extremely powerful for reconnaissance and OSINT.

💡 Why Yandex is Special?

✔️ Different indexing algorithm
✔️ Better exposure of open directories
✔️ Sometimes reveals sensitive files not visible on Google
✔️ Useful for bug bounty & recon

---

🎯 Common Yandex Dork Examples

⚠️ For educational & authorized testing only.

1️⃣ Find Exposed Login Pages...