Ghost Academy

What is XSS ?  Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into websites.  XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a user.  Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application gets input from a user within the output it generates without validating or encoding it.  An attacker use this XSS vulnerability to send a malicious script to an unsuspecting user. The user’s browser has no way to know that the script should not be trusted, and will execute the script.  Because it thinks the script came from a trusted source, so the malicious script can access any cookies, session tokens, or other sensitive data retained by the browser and used with that website. These scripts can even rewrite the content of the HTML page. Ex -  document . body . innerHTML = ""; Types of XSS : Reflected XSS (A

 Address Resolution Protocol (ARP) Poisoning An attacker can send a false ARP reply message to the default network gateway(192.168.1.1), telling it that this MAC address should be associated with target's IP address. When the default gateway has received this message and broadcasts its changes to all other devices on the network, all of the target's traffic to every devices on the network travels through the attacker's computer, allowing the attacker to inspect or modify traffic before forwarding it to its destination.  Users targeted by ARP Poisoning rarely realize that their traffic is inspected by an attacker. Also ARP Poisoning can be used to cause a denial-of-service (DOS) condition over a LAN by simply intercepting and not sending the target's packets. There are ARP Poisoning/Spoofing Tools Available    NetCut - Windows/Mac Arp-Spoofer Github Tool

I have made a website scanner tool long ago.  I used python to develop this tool. To make this tool I had researched the web for days, for finding information about how to find wordpress version, plugins, usernames etc. Anybody can find WordPress username using this url query /?author=1 , it will redirect to a website. You can see the username in the url. Ex - /index.php/author/dimuthsakya/ Features of this tool : Detects WordPress Find WordPress Version Enumerates Plugins Find Admin Panel Enumerate Usernames         This tool may fail to detect If  there's web application firewall (waf) is installed on a site

 Hi there, I spend lot of  time making a pinball game using python. I have used two modules for this: pygame and pymunk. How the game works : You have 3 rounds (balls) You get points when the ball hits bumpers You can hit the ball with two flippers using arrow key Code : https://github.com/GH0STH4CKER/Pinball/blob/main/pinball_game.py Preview : Your browser does not support the video tag.