Salesforce Recon and Exploitation Toolkit

Last update: Dec 23, 2022

Related tags

Security related resources sret

Overview

Salesforce Recon and Exploitation Toolkit

Usage

python3 main.py

References

Announcement Blog - https://www.reconstation.io/blog/salesforce-recon-and-exploitation-toolkit-sret
Salesforce Nuclei Template by Aaron Costello - https://github.com/projectdiscovery/nuclei-templates/blob/master/misconfiguration/salesforce-aura.yaml
Salesforce Testing blog by Praveen Kanniah - https://infosecwriteups.com/in-simple-words-pen-testing-salesforce-saas-application-part-2-fuzz-exploit-eefae11ba5ae

Owner

GitHub Repository

cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点分析可见： https://attackerkb.com/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构

105 Nov 22, 2022

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Fly Dev Tunnel Developers commonly use apps like ngrok, localtunnel, or cloudflared to expose a local web service at a publicly-accessible URL. This i

170 Dec 11, 2022

A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (中文版网站) Documentation(中文版) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

1.9k Dec 30, 2022

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

62 Jan 08, 2023

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

1 Jan 10, 2022

Fuzzercorn - Bring libfuzzer to Unicorn

Fuzzercorn libfuzzer bindings for Unicorn. API // The main entry point of the fu

23 Nov 17, 2022

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别，在ceye.io api速率限制下，最大线程扫描每一个参数，记录过滤已检测地址，重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

5 Dec 10, 2021

Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享，严禁用于非法用途，否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn

355 Aug 03, 2022

Lazarus analysis tools and research report

Lazarus Research This repository publishes analysis reports and analysis tools for Operation Dream Job and Operation JTrack for Lazarus. Tools Python

50 Sep 13, 2022

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

6 Oct 10, 2022

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

3.5k Jan 09, 2023

QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

1 Feb 14, 2022

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the conte

96 Dec 20, 2022

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

118 Nov 07, 2022

Salesforce Recon and Exploitation Toolkit

Related tags

Overview

Salesforce Recon and Exploitation Toolkit

Usage

References

Owner

cve-2021-21985 exploit

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

Fuzzercorn - Bring libfuzzer to Unicorn

log4j2 passive burp rce scanning tool get post cookie full parameter recognition

Small python script to look for common vulnerabilities on SMTP server.

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

Lazarus analysis tools and research report

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

APKLeaks - Scanning APK file for URIs, endpoints & secrets.

QHack-2022 - Solutions to the Coding Challenges of QHack 2022

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Herramienta para descargar eventos de Sucuri WAF hacia disco.

Get related domains / subdomains by looking at Google Analytics IDs

Security tool to test different bypass of forbidden