Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

Overview

What is Spray365?

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an "execution plan". While having a pre-generated execution plan that describe the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows.

Spray365 exposes a few options that are useful when spraying credentials. Random user agents can be used to detect and bypass insecure conditional access policies that are configured to limit the types of allowed devices. Similarly, the --shuffle_auth_order argument is a great way to spray credentials in a less-predictable manner. This option was added in an attempt to bypass intelligent account lockouts (e.g., Azure Smart Lockout). While it’s not perfect, randomizing the order in which credentials are attempted have other benefits too, like making the detection of these spraying operations even more difficult. Spray365 also supports proxying traffic over HTTP/HTTPS, which integrates well with other tools like Burp Suite for manipulating the source of the spraying operation.

Generating an Execution Plan (Step 1)

Generating Execution Plan

Spraying Credentials with an Execution Plan (Step 2)

Spraying Execution Plan

Getting Started

Installation

Clone the repository, install the required Python packages, and run Spray365!

$ git clone https://github.com/MarkoH17/Spray365
$ cd Spray365
~/Spray365$ pip3 install -r requirements.txt
~/Spray365$ python3 spray365.py

Usage

Generate an Execution Plan

An execution plan is needed to spray credentials, so we need to create one! Spray365 can generate its own execution plan by running it in "generate" (-g) mode.

$ python3 spray365.py -g <path_for_saved_execution_plan> -d <domain_name> -u <file_containing_usernames> -pf <file_containing_passwords>

e.g.

$ python3 spray365.py -g ex-plan.s365 -d example.com -u usernames -pf passwords

Spraying an Execution Plan

Once an execution plan is available, Spray365 can be used to process it. Running Spray365 in "spray" (-s) mode will process the specified execution plan and spray the appropriate credentials.

$ python3 spray365.py -s <path_to_execution_plan>

e.g.

$ python3 spray365.py -s ex-plan.s365

Other Options for Advanced Usage

Generate Mode Options

--delay : Delay in seconds to wait between authentication attempts (default: 30)

-cID / --aad_client : Client ID to use during authentication workflow (None for random selection, specify multiple in a comma-separated string) (default: None)

-eID / --aad_endpoint : Endpoint ID to use during authentication workflow (None for random selection, specify multiple in a comma-separated string) (default: None)

-S / --shuffle_auth_order: Shuffle order of authentication attempts so that each iteration (User1:Pass1, User2:Pass1, User3:Pass1) will be sprayed in a random order, and with a random arrangement of passwords, e.g. (User4:Pass16, User13:Pass25, User19:Pass40). Be aware this option introduces the possibility that the time between consecutive authentication attempts for a given user may occur as quickly as DELAY seconds apart. Consider using the -mD / --min_cred_loop_delay option to enforce a minimum delay between authentication attempts for any given user. (default: False)

-SO / --shuffle_optimization_attempts : Number of random execution plans to generate for identifying the fastest execution plan (default: 10)

-mD / --min_cred_loop_delay : Minimum time to wait between authentication attempts for a given user. This option takes into account the time one spray iteration will take, so a pre-authentication delay may not occur every time (disable with 0) (default: 0)

-cUA / --custom_user_agent : Set custom user agent for authentication requests (default: None)

-rUA, --random_user_agent: Randomize user agent for authentication requests (default: False)

Spray Mode Options

--lockout : Number of account lockouts to observe before aborting spraying session (disable with 0) (default: 5)

--proxy : HTTP Proxy URL (format: http[s]://proxy.address:port) (default: None)

-R / --resume_index : Resume spraying passwords from this position in the execution plan (default: 0)

Acknowledgements

Author Tool / Other Link
@__TexasRanger msspray: Conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints https://github.com/SecurityRiskAdvisors/msspray

Disclaimer

Usage of this software for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws, in addition to any applicable acceptable use policies. Using this software releases the author(s) of any responsiblity for misuse or damage caused.

Comments
  • Python error str and None

    Python error str and None

    Ubuntu 20.04 Python 3.8.10

    Running into this issue when attempting to run spray365.

    $ python3 spray365.py
    
    Traceback (most recent call last):
      File "spray365.py", line 2, in <module>
        from modules.core.output import console
      File "/home/nancea/Spray365/modules/core/output/console.py", line 74, in <module>
        line_terminator: str | None,
    TypeError: unsupported operand type(s) for |: 'type' and 'NoneType'
    

    EDIT to fix formatting

    opened by anance25 6
  • Spraying Stopped due to Error

    Spraying Stopped due to Error

    Hi there,

    Sometimes it happens, but not always. I get an error that stops the spraying.

    An error occured while spraying credentials: 'Unable to get authority configuration for https://login.microsoftonline.com/organizations. Authority would typ
     https://login.microsoftonline.com/your_tenant_name'
    
    opened by vysecurity 3
  • An error occured while spraying credentials: ''NoneType' object has no attribute 'error_code'

    An error occured while spraying credentials: ''NoneType' object has no attribute 'error_code'

    Getting this error right after "Authentication Success" for a valid M365 user in the tenant:
    ERROR]: An error occured while spraying credentials: ' 'NoneType' object has no attribute 'error_code'

    I'll try to debug this in the code for why this is happening. When I proxy the request through Burp Suite it shows a successful OAuth code flow with a bearer token response. So authentication is working, but it might be an issue with parsing the response. Don't know why the code is looking for an "error_code" when it is a success.

    This looks like a great tool @MarkoH17 - thanks for the contribution.

    opened by iknowjason 3
  • Ability to Spray Multiple Tenants

    Ability to Spray Multiple Tenants

    Describe The Problem To Be Solved Currently, the user has to start separate Spray365 instances if targeting multiple organizations/tenants.

    Additionally, smart-lockout controls could potentially lean on the fact that multiple failed attempts are occurring in succession for a single organization.

    Suggested Solution To fix this issue, Spray365 should allow for:

    • The creation of execution plans targeting multiple domains with a much larger list of users
    • The creation of execution plans using a user list containing emails. Currently, the domain for the targeted tenant must be specified using a separate CLI flag
    • Show the specific domain being targeted in stdout

    Again, similar to the other issue I created, getting a handle on where I would implement this functionality is proving difficult. Let me know your thoughts on this and if I can provide any assistance. Thanks!

    enhancement 
    opened by puzzlepeaches 2
  • Alternate behavior for --lockout flag

    Alternate behavior for --lockout flag

    Describe The Problem To Be Solved Smart-lockout is the biggest issue faced when password spraying Microsoft services. While a general assumption on my part, I assume that this security control is based less on source IP and more on the frequency of failed login attempts for a tenant.

    Currently, Spray365 exits entirely after a lockout threshold is met which does not work well for long running password sprays as the job must be manually started again to continue.

    Suggested Solution To fix this issue, Spray365 should provide the option to pause for an elongated period of time before continuing with the password spray. For example, if the specified lockout threshold is met, pause execution for two hours before continuing again.

    Even more ideally, allow this pause time frame to dynamically increase every time the original lockout threshold is met. For example, the following spray workflow could occur:

    • A lockout threshold of 10 is set on initial execution along with a pause spray time period of two hours
    • A password spray is started and after approximately 100 attempts, the lockout threshold is met
    • The utility pauses the password spray for two hours as specified
    • After the time frame has elapsed the spray is started
    • Again after another 200 attempts, the lockout threshold is met and the tool pauses for four hours now instead of two
    • After the threshold is met X number of times and the paused execution time frame is expanded Y times, the password spray exits

    Ideally, this dynamically expanding pause execution timeframe and the condition used to determine if the tool should exit, could also be added as command line options on run.

    While the code in Spray365 is very well written, getting a handle on where I would implement this functionality is proving difficult. Let me know your thoughts on this and if I can provide any assistance. Thanks!

    enhancement 
    opened by puzzlepeaches 2
  • Fix NoneType has not attribute error

    Fix NoneType has not attribute error

    Here is my proposed fix. In some cases authentication success does not have a result.auth_erorr. Therefore it was failing here. Just had a simple check for pass if it is None:

        if result.auth_error is None:
            pass
        else:
            if result.auth_error.error_code == 50053:
                global_lockouts_observed += 1
    
    opened by iknowjason 0
  • WsTrust server returned error in RSTR

    WsTrust server returned error in RSTR

    Hello,

    I have used:

    python3.10 spray365.py generate normal -ep ex-plan.s365 -d dom.de -u users.txt -pf pwds.txt
    

    It is a fresh install.

    python3.10 spray365.py spray -ep ex-plan.s365                                                    
    
    ███████╗██████╗ ██████╗  █████╗ ██╗   ██╗██████╗  ██████╗ ███████╗
    ██╔════╝██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝╚════██╗██╔════╝ ██╔════╝                                                                                                                                                                           
    ███████╗██████╔╝██████╔╝███████║ ╚████╔╝  █████╔╝███████╗ ███████╗                                                                                                                                                                           
    ╚════██║██╔═══╝ ██╔══██╗██╔══██║  ╚██╔╝   ╚═══██╗██╔═══██╗╚════██║                                                                                                                                                                           
    ███████║██║     ██║  ██║██║  ██║   ██║   ██████╔╝ ██████╔╝███████║                                                                                                                                                                           
    ╚══════╝╚═╝     ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝   ╚═════╝  ╚═════╝ ╚══════╝                                                                                                                                                                           
                             By MarkoH17 (https://github.com/MarkoH17)                                                                                                                                                                           
                                                   Version: 0.2.2-beta                                                                                                                                                                           
                                                                                                                                                                                                                                                 
    [2022-08-05 06:37:15 - INFO]: Processing execution plan 'ex-plan.s365'
    [2022-08-05 06:37:15 - INFO]: Identified 18650 credentials in the provided execution plan
    [2022-08-05 06:37:15 - INFO]: Password spraying will take at least 559500 seconds, and should finish around 2022-08-11 18:02:15
    [2022-08-05 06:37:15 - INFO]: Lockout threshold is set to 10 accounts
    [2022-08-05 06:37:15 - INFO]: Starting to spray credentials
    An exception was raised: RuntimeError650] (win_ie11_win8->webshellsuite->outlook): testaccount / thepassword (waiting...)
    Stack trace from most recent exception:
    Traceback (most recent call last):
      File "/home/myaccount/tools/Spray365/modules/spray/spray_exception_wrapper.py", line 13, in invoke
        return super(SprayExceptionWrapper, self).invoke(ctx)
      File "/home/myaccount/.local/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/home/myaccount/.local/lib/python3.10/site-packages/click/core.py", line 760, in invoke
        return __callback(*args, **kwargs)
      File "/home/myaccount/tools/Spray365/modules/spray/spray.py", line 159, in command
        auth_result = helpers.authenticate_credential(cred, proxy, insecure)
      File "/home/myaccount/tools/Spray365/modules/spray/helpers.py", line 52, in authenticate_credential
        raw_result = auth_app.acquire_token_by_username_password(
      File "/home/myaccount/.local/lib/python3.10/site-packages/msal/application.py", line 1420, in acquire_token_by_username_password
        response = _clean_up(self._acquire_token_by_username_password_federated(
      File "/home/myaccount/.local/lib/python3.10/site-packages/msal/application.py", line 1447, in _acquire_token_by_username_password_federated
        wstrust_result = wst_send_request(
      File "/home/myaccount/.local/lib/python3.10/site-packages/msal/wstrust_request.py", line 60, in send_request
        return parse_response(resp.text)
      File "/home/myaccount/.local/lib/python3.10/site-packages/msal/wstrust_response.py", line 49, in parse_response
        raise RuntimeError("WsTrust server returned error in RSTR: %s" % (error or body))
    RuntimeError: WsTrust server returned error in RSTR: {'reason': 'ID3242: The security token could not be authenticated or authorized.', 'code': 'a:FailedAuthentication'}
    [2022-08-05 06:37:16 - INFO]: Authentication results saved to file 'spray365_results_2022-08-05_06-37-16.json'
    

    It seems the msal library has been modified. I think authentication now requires a UPN, an not a username only.

    Best regard,

    opened by quentinhardy 1
  • An exception was raised: ValueError

    An exception was raised: ValueError

    Have used this tool successfully before. Recently tried to run a spray after creating an execution plan like normal. However when running sudo python3 spray365.py spray -ep spray_ep -l 2 the tool seems to load fine but errors out after making one request An exception was raised: Value Error

    Have tried running in two kali env's (Bare metal & VM) but same error.

    image

    opened by mbb5546 2
Releases(0.2.2-beta)
  • 0.2.2-beta(Jul 14, 2022)

    ⚠️ Notice

    When upgrading from a previous version of Spray365, ensure that you install the latest dependencies! Install the latest version of Spray365 and its dependencies with:

    $ git clone https://github.com/MarkoH17/Spray365
    $ cd Spray365
    ~/Spray365$ pip3 install -r requirements.txt -U
    ~/Spray365$ python3 spray365.py
    

    🎉 What's New

    • Review module now shows which AAD endpoints are accessible (e.g., not protected by MFA / conditional access policies)

    🏗️ What's Changed

    • Exceptions are now displayed in more detail to aid in debugging
    • Code cleanup (import re-ordering)

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.2.1-beta...0.2.2-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.2.1-beta(Jun 1, 2022)

    ⚠️ Notice

    When upgrading from a previous version of Spray365, ensure that you install the latest dependencies! Install the latest version of Spray365 and its dependencies with:

    $ git clone https://github.com/MarkoH17/Spray365
    $ cd Spray365
    ~/Spray365$ pip3 install -r requirements.txt -U
    ~/Spray365$ python3 spray365.py
    

    🎉 What's New

    • Version checking warns users when running Spray365 with older versions of Python
    • Added PEP 563 (Postponed Evaluation of Annotations) to enable the use of modern type hints (3.10+) on older versions of Python (3.7+)

    🏗️ What's Changed

    • Passwords supplied in the userfile may now contain a colon
    • Execution plans are properly saved when generated in audit mode

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.2.0-beta...0.2.1-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.2.0-beta(May 22, 2022)

    ⚠️ Notice

    When upgrading from a previous version of Spray365, ensure that you install the latest dependencies! Install the latest version of Spray365 and its dependencies with:

    $ git clone https://github.com/MarkoH17/Spray365
    $ cd Spray365
    ~/Spray365$ pip3 install -r requirements.txt -U
    ~/Spray365$ python3 spray365.py
    

    🎉 What's New

    • Spray365 has been refactored into different modules, making it easier to develop new features!
    • Generating execution plans have been split into two different sub-types: normal, and audit. Generating normal execution plans (spray365.py generate normal) works the same as previous versions. However, generating audit execution plans (spray365.py generate audit) will cause Spray365 to create all combinations of User-Agent, AAD_Client, and AAD_Endpoint for each set of credentials. Audit-type execution plans can (and should) be sprayed with known-valid credentials to identify flaws in MFA / conditional access policy configurations.
    • Audit-type execution plans inspired the addition of another type of password input: --passwords_in_userfile. When this option is specified, each line in the user file (-u / --user_file) will be split on a colon, where the value preceding the colon is treated as the username, and the value after the colon is treated as the password (e.g. jsmith:Password01).
    • Results from spraying can be reviewed using the new review mode (spray365.py review <results.json>). This new mode displays valid/invalid users and valid/partial-valid/invalid credentials.

    🏗️ What's Changed

    • Arguments are now parsed using Click, simplifying validation and enforcement of mutually exclusive options.
    • Credential, AuthResult, and AuthError objects were refactored. This means that only new execution plans (and Spray365 results) can be processed using v0.2.0-beta.
    • Dependencies were bumped to their latest versions.

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.1.5-beta...0.2.0-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.1.5-beta(Jan 24, 2022)

    What's New 🎉

    • Spray365 is now split into two modes (generate and spray) for more logical argument handling. This is a breaking change that requires Spray365 to be executed using new syntax.

      Example comparing new and old for generating an execution plan
      Old Syntax: spray365.py -g demo.s365 -d <domain> -u <username_file> -pf <password_file> --delay 10
      New Syntax: spray365.py generate --execution_plan demo.s365 -d <domain> -u <username_file> -pf <password_file> --delay 10

      Example comparing new and old for password spraying:
      Old Syntax: spray365.py -s demo.s365 --lockout 3
      New Syntax: spray365.py spray --execution_plan demo.s365 --lockout 3

    • Successive authentication attempts for a given user with known good credentials will be skipped. This new default behavior can be reverted with the -i / --ignore_success argument in spray mode.

    What's Changed

    • An authentication request requiring interactive login (AAD error "AADSTS65001") is now considered a successful login
    • Help documentation improved and updated to match Spray365 capabilities

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.1.4-beta...0.1.5-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.1.4-beta(Jan 4, 2022)

    What's New 🎉

    • N/A

    What's Changed

    • Successful login no longer causes a fatal error
    • An authentication request for a nonexistent application (client id) returns AAD error "AADSTS700016", and is now considered a successful login

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.1.3-beta...0.1.4-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.1.3-beta(Dec 8, 2021)

    What's New 🎉

    • Added behavior to ensure that results from password spraying are saved on exit (even when an exception is thrown or the application is interrupted)

    What's Changed

    • Duplicate usernames are removed before generating an execution plan
    • Better error handling when parsing a malformed execution plan

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.1.2-beta...0.1.3-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.1.2-beta(Nov 23, 2021)

    What's New 🎉

    • Added -k, --insecure argument to ignore TLS errors, which is useful when proxying traffic (@fang0654)
    • Added urllib3 (>= 1.26.5) dependency to requirements file

    What's Changed

    • Usernames read from file have whitespace stripped before their usage
    • Fixed resume index usage so that -R RESUME_INDEX, --resume_index RESUME_INDEX argument will resume spraying from the specified index in the execution file (1-based index), instead of starting at the credential prior to the targeted index (an off-by-one error)
    • Requirements file is more relaxed

    Full Changelog: https://github.com/MarkoH17/Spray365/compare/0.1.1-beta...0.1.2-beta

    Source code(tar.gz)
    Source code(zip)
  • 0.1.1-beta(Nov 11, 2021)

    • Support for rotating or using a custom user agent during authentication requests
    • Better enforcement of the account lockout threshold argument
    • Detection of more relevant authentication-related failures
    • More useful help text
    • Code cleanup

    This release likely contains bugs and other unwanted behavior.

    Source code(tar.gz)
    Source code(zip)
  • 0.1.0-beta(Nov 6, 2021)

Owner
Mark Hedrick
I'm an offensive security enthusiast with years of software development experience in Microsoft .NET, Python, and C.
Mark Hedrick
Archive-Crack - A Tools for crack file archive

Install In TERMUX apt update && apt upgrade -y pkg install python git unrar

X - MrG3P5 10 Oct 06, 2022
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e FOFA EMAIL -k TOKEN Screenshots License MIT Dev 6613GitHub6613

PwnWiki 48 Oct 25, 2022
A small script to export all AWAF policies from a BIG-IP device

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

3 Feb 03, 2022
QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

Isacco Gobbi 1 Feb 14, 2022
An Advanced Local Network IP Scanner, made in python of course!

██╗██████╗    ██████╗ █████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗ ██║██╔══██╗  ██╔════╝██╔══██╗██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██

Polsulpicien 2 Dec 18, 2021
This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks. The goal is to successfully use this notebook project below with Security Onion for beacon detection

4 Jun 08, 2022
解密哥斯拉webshell管理工具流量

kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.

h4ck for fun 46 Dec 21, 2022
FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

FOSSLight Scanner Analyze at once for Open Source Compliance. FOSSLight Scanner performs open source analysis after downloading the source by passing

FOSSLight 8 Nov 03, 2022
Mips script decompiles MIPS assembly instructions & bot functionality

mips mips is a python-based script that decodes MIPS instructions. Usage cd into mips and run python decode.py command or open decode.py to run the sc

Anthony Tedja 0 Mar 30, 2022
Credit Card And SK Checker Written In Python

💳 Credit Card Checker (CC Checker) & Mass SK Checker & Generator 💳

Rimuru Tempest 53 Dec 31, 2022
Malware Configuration And Payload Extraction

CAPEv2 (Python3) has now been released CAPEv2 With the imminent end-of-life for Python 2 (January 1 2020), CAPEv1 will be phased out. Please upgrade t

Context Information Security 701 Dec 27, 2022
If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

Ph0tonz 3 Jun 07, 2022
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea

Podalirius 58 Dec 05, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
Cobalt Strike < 4.4 dos CVE-2021-36798

CVE-2021-36798 CVE-2021-36798 Cobalt Strike 4.3 dos 用法 python3 CVE-2021-36798.py BeaconURL 打瘫Cobalt Strike 只需要一个包 已测试 4.3 4.2 参考: https://labs.sent

37 Nov 09, 2022
LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r

315 Dec 18, 2022
Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

Mateo Hanžek 1 Jan 14, 2022
Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

CVE-2021-40870 Exploitation An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous ty

Ashraful Islam 16 Nov 15, 2022