PoC
dawnscanner
| PoC | dawnscanner | |
|---|---|---|
| 10 | 2 | |
| 788 | 729 | |
| - | - | |
| 5.3 | 4.6 | |
| 3 months ago | 2 months ago | |
| Ruby | Ruby | |
| GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PoC
- Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM) using a vulnerability in 2017 in 2022 (it wasn't patched prior March 2021)
- Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
-
Windows filehosting
And the fix that they couldn't be bothered to implement? Literally one line of code.
- Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
- “Podem tomar o controlo da sua TV e espiá-lo com a câmara e o microfone”. Ataque à Vodafone analisado por um dos maiores ‘hackers’ do mundo
- RCE vulnerability in TIBCO Data Virtualization
- Pwning Cisco ISE: from XSS to a root shell (w/ exploit video)
- Command Injection and SQL Injection Vulnerabilities in Micro Focus Operations Bridge Reporter (CVE-2021-22502)
- Unauth cmd injection as root on login / logout (plus other hilarious vulns) in Micro Focus Operations Bridge Reporter
-
How We Hacked a TP-Link Router and Took Home $55.000 in Pwn2Own
If you already have a day job in security, the $500 the manufacturer will give you won't give you a big boost. I prefer to drop the advisory and exploit after they fixed it even if I don't get money, as that gives me more street credz amongst the hacker crowd. See my github for examples: https://github.com/pedrib/PoC
dawnscanner
-
Security Risks On Rails: Misconfiguration and Unsafe Integrations
Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.
-
Rails application boilerplate for fast MVP development
test and add dawnscanner
What are some alternatives?
CVE-2021-36260 - command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
WhatWeb - Next generation web scanner
Portus - Authorization service and frontend for Docker registry (v2)
evil-winrm - The ultimate WinRM shell for hacking/pentesting
Pronto - Quick automated code review of your changes
mad-metasploit - Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
bundler-audit - Patch-level verification for Bundler
railsgoat - A vulnerable version of Rails that follows the OWASP Top 10
Devise - Flexible authentication solution for Rails with Warden.
FriendlyId - FriendlyId is the “Swiss Army bulldozer” of slugging and permalink plugins for ActiveRecord. It allows you to create pretty URL’s and work with human-friendly strings as if they were numeric ids for ActiveRecord models.
Fasterer - :zap: Don't make your Rubies go fast. Make them go fasterer ™. :zap: