GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BishopFox → pwn-pulse

BishopFox / pwn-pulse

Licence: GPL-3.0 license
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Programming Languages

shell
77523 projects

Labels

exploitpenetration-testinginfosecpentestingcvered-teampentest-scriptssecurity-tools

Projects that are alternatives of or similar to pwn-pulse

Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+3203.17%)
Mutual labels:  penetration-testing, infosec, red-team
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-80.16%)
Mutual labels:  penetration-testing, infosec, cve
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+503.17%)
Mutual labels:  exploit, cve, red-team
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+2438.1%)
Mutual labels:  penetration-testing, infosec, cve
Nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+4616.67%)
Mutual labels:  penetration-testing, infosec, red-team
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (+331.75%)
Mutual labels:  exploit, infosec, cve
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+2961.9%)
Mutual labels:  exploit, penetration-testing, cve
S3Scan
Script to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-83.33%)
Mutual labels:  penetration-testing, infosec
tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+11.11%)
Mutual labels:  exploit, penetration-testing
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (+0.79%)
Mutual labels:  exploit, cve
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-52.38%)
Mutual labels:  infosec, red-team
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+12.7%)
Mutual labels:  penetration-testing, infosec
DcRat
A simple remote tool in C#.
Stars: ✭ 709 (+462.7%)
Mutual labels:  infosec, red-team
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-58.73%)
Mutual labels:  exploit, cve
Icg Autoexploiterbot
Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+92.06%)
Mutual labels:  exploit, penetration-testing
conti-pentester-guide-leak
Leaked pentesting manuals given to Conti ransomware crooks
Stars: ✭ 772 (+512.7%)
Mutual labels:  infosec, pentest-scripts
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1729.37%)
Mutual labels:  exploit, penetration-testing
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+9000%)
Mutual labels:  exploit, penetration-testing
readhook
Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
Stars: ✭ 31 (-75.4%)
Mutual labels:  exploit, red-team
CVE-2021-22205
GitLab CE/EE Preauth RCE using ExifTool
Stars: ✭ 165 (+30.95%)
Mutual labels:  exploit, pentest-scripts
View All Similar Projects ➔

pwn-pulse.sh

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Script authored by braindead @BishopFox. Based on research by Orange Tsai and Meh Chang. Thanks also to Alyssa Herrera and 0xDezzy for additional insights. Huge thanks to bl4ckh0l3z for fixing, cleaning and refactoring the code significantly!

This script extracts private keys, usernames, admin details (including session cookies) and observed logins (including passwords) from Pulse Connect Secure VPN files downloaded via CVE-2019-11510.

  • It takes the target domain or IP as an argument and will download important files from the server using the arbitrary file read vulnerability.
  • It then greps through the files for sensitive information and dumps it all into a file named [TARGET]_report.txt
  • It could also test each session cookie to see if the session is currently active (and thus available for hijacking).

Additional details about the development of the script are available in this blog article.

Usage:

./pwn-pulse.sh -h

  [pwn-pulse.sh by braindead @BishopFox]

  This script extracts private keys, usernames, admin details (including
  session cookies) and observed logins (including passwords) from Pulse
  Connect Secure VPN files downloaded via CVE-2019-11510.

  Usage: pwn-pulse.sh [options]

  Options:
        -h   show this output
        -t   set the target (IPs - single entry by stdin, in csv format, single column in a file)
        -d   download config, cache and sessions files
        -c   test cookies in order to identify active sessions
        -k   test cookies without downloading files (already downloaded and extracted)
        -s   extract ssh keys
        -a   all tests
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].