1899 matches found
Exploit for Race Condition in Openbsd Openssh
Personal CTF Toolkit 此工具包最初是基于精灵表哥和一个佚名表哥的工具包整理的,后来加上本人打ctf和渗透时所添加的一些工具,应当还算全面傲娇脸。 QAQ 表哥们自然都有自己的kit,不过,互通有无总是好的嘛,看看下面目录里哪些有需要大家自取就好了( ̄︶ ̄)↗ 包比较大,Github又慢,为了便于下载还是放在了网盘里: - 链接: https://pan.baidu.com/s/1u6NcfP-BkpXPYAnMUwjGHA 提取码: qv79 目录只放了三层,再多就太影响阅读。详细列表也上传了一份,愿意的话可以看看。 Note 部分工具运行时的目录中不可有空格或中文字...
Exploit for CVE-2007-6750
ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...
Exploit for Out-of-bounds Write in F5 Nginx
Disclosures Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts URL: https://github.com/badd1e/Disclosures List CVE-2009-2629: nginx http module Buffer Underflow Remote Code Execution Vulnerability Patch analysis, testcase, notes CVE-2013-0007: Microsoft XML Core...
Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware
PoC misc PoC - Internet of InSecurity Things Well worth to read about these crappy insecurity things: https://ipvm.com/reports/security-exploits Hikvision CVE-2021-36260 --- 2021-10-19 All credit to WatchfulIP https://watchfulip.github.io/ https://github.com/mcw0/PoC/blob/master/CVE-2021-36260.py...
Exploit for Cross-site Scripting in Jquery
Watchdog Tool Description ------------------------- Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360°...
Exploit for Use After Free in Redis
This is a PoC exploit for CVE-2025-49844, a high-risk vulnerability in Redis database. The exploit is a GUI-based tool called "CVE-2025-49844RediShell漏洞检查软件v2.0" that helps enterprises efficiently detect and fix vulnerabilities. The tool is an iteration of the original...
Binwalk
This is an implementation of the Binwalk firmware analysis tool in Rust, written for speed and accuracy. Binwalk can identify and optionally extract files and data embedded inside other files, with a focus on firmware analysis. It supports a wide variety of file and data types and can even help...
PrivescCheck
PrivescCheck This script aims to identify Local Privilege Escalation LPE vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks. Getting started After downloading the script an...
Exploit for Improper Input Validation in Bsdi Bsd_Os
This repository appears to be a collection of old CVE Common Vulnerabilities and Exposures entries from 1999. The repository contains a series of markdown files, each describing a specific vulnerability, along with links to GitHub repositories that may contain proof-of-concept POC code or other...
Exploit for OS Command Injection in Openbsd Openssh
No description provided...
Windows-Privilege-Escalation
Windows-Privilege-Escalation Here is my step-by-step windows privlege escalation methodology. This guide assumes you are starting with a very limited shell like a webshell, netcat reverse shell or a remote telnet connection. First things first and quick wins Do some basic enumeration to figure ou...
smbmap
This is a Python script for a tool called SMBMap, which is designed to enumerate Samba share drives across an entire domain. The tool allows users to list share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute...
PS5-IPV6-Kernel-Exploit
This is an experimental webkit-based kernel exploit for the PS5 on firmware versions = 4.51. The exploit establishes an arbitrary read / semi-arbitrary write primitive, but it cannot achieve code execution due to the hypervisor-enforced kernel write protection and Clang-based fine-grained Control...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
PoC exploit for CVE-2021-3493, an Ubuntu OverlayFS Local Privesc vulnerability. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to...
SharpKatz
This is a port of the mimikatz tool, specifically the sekurlsa::logonpasswords, sekurlsa::ekeys, and lsadump::dcsync commands, to C and .NET. The tool is called SharpKatz. The tool is designed to extract sensitive information from a Windows system, including: Logon passwords Kerberos encryption...
internalblue
This is an offensive tool for Bluetooth experimentation and patching firmware. It is a Bluetooth experimentation framework for Broadcom and Cypress chips, which enables various features that would otherwise only be possible with a full-stack software-defined radio implementation, such as injectin...
defusedxml
This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the standard library's xml.etree.ElementTree module, which is vulnerable to XML bombs. The defusedxml library defuses XML bombs by preventing...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Mac_Os_X
Mac&IOS HackStudy Mac&IOS安全学习资料汇总 Mac&IOS安全学习网站收集: http://samdmarshall.com https://www.exploit-db.com https://reverse.put.as http://highaltitudehacks.com/security/ http://www.dllhook.com/ http://www.securitylearn.net/archives/ http://securitycompass.github.io/iPhoneLabs/index.html...
redis-rce
Redis RCE A exploit for Redis 4.x/5.x RCE, inspired by Redis post-exploitation. This repo is a modified version of . Usage: Compile exp.so from . usage: redis-rce.py -h -r RHOST -p RPORT -L LHOST -P LPORT -f FILE -a AUTH -v Redis 4.x/5.x RCE with RedisModules optional arguments: -h, --help show...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
pocsuite3 Legal Disclaimer Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only 法律免责声明 未经事先双方同意,使用 pocsuite3 攻击目标是非法的。 pocsuite3 仅用于安全测试目的 Overview pocsuite3 is an open-sourced remote vulnerability testing and...
Exploit for CVE-2017-0143
💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...
AutoBlue-MS17-010
This is a semi-automated, fully working, no-bs, non-metasploit version of the public exploit code for MS17-010. The exploit is designed to target Windows systems vulnerable to the EternalBlue vulnerability, which is a remote code execution RCE vulnerability in the SMBv1 protocol. The exploit code...
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
PenetrationTestingPOCWithPython - IOT Device - Web APP - 提权辅助相关 - PC - tools - books - 说明 PenetrationTestingPOCWithPython 搜集有关渗透测试中用python编写的POC、脚本 请善用搜索Ctrl+F查找 IOT Device - 天翼创维awifi路由器存在多处未授权访问漏洞 - 华为WS331a产品管理页面存在CSRF漏洞 - CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 - D-Link路由器RCE漏洞 -...
Exploit for Use After Free in Redis
PoC exploit for CVE-2025-49844, a high-risk vulnerability in Redis database, known as "RediShell", caused by a use-after-free flaw in the Lua interpreter. The vulnerability allows an unauthenticated attacker or an attacker with Redis access to trigger memory corruption by crafting a Lua script,...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
CVE-2020-5902 BIG-IP RCE Update Use /hsqldb%0a/ Bypass Rules For Java Deserialization or /hsqld%b /hsqldb; /tmui/login.jsp/..;/hsqldb Redirect 404 / bypass /hsqldb; Redirect 404 / bypass /hsqldb%0a include 'FileETag MTime Size Redirect 404 / Redirect 404 / ' fix:...
Exploit for Incorrect Default Permissions in Ui Unifi_Controller
CallStranger This script created by Yunus Çadırcı https://twitter.com/yunuscadirci to check against CallStranger CVE-2020-12695 vulnerability. An attacker can use this vulnerability for: Bypassing DLP for exfiltrating data Using millions of Internet-facing UPnP device as source of amplified...
Exploit for Injection in Oracle Agile_Plm
针对 loj4j2 CVE-2021-44228 漏洞的研究 实验平台 - VirtualBox 7.0.12 r159484 Qt5.15.2 - Attacker kali - 网络地址转换(NAT) - host-only 网络 192.168.56.101 - Victim kali 2023.3 - 网络地址转换(NAT) - host-only 网络 192.168.56.112 实验任务 - - x 搭建实验平台 - - x 漏洞存在性验证 以 loj4j2 CVE-2021-44228 为例 - - x 漏洞可利用验证 以 loj4j2 CVE-2021-44228 为例...
Eternalblue-Doublepulsar-Metasploit
This is a Metasploit module to exploit the EternalBlue-Doublepulsar vulnerability. The module is designed to target Windows systems and uses the Doublepulsar backdoor to install a DLL into a user mode process. The module can be used to perform various operations, including outputting the install...
Shiro_exploit
This is a Python script for exploiting Apache Shiro vulnerabilities. The script is designed to detect and exploit Shiro's deserialization vulnerability. Here's a breakdown of the script: Importing Libraries The script starts by importing various Python libraries, including os, re, base64, uuid,...
gin
It is an offensive tool for web frameworks. The primary target is Gin, a HTTP web framework written in Go Golang, which features a Martini-like API with much better performance. The vulnerability class/vector is not specified, but the code and metadata suggest that it may be related to a remote...
defusedxml
This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...
awesome-termux-hacking
This is an awesome list of Termux hacking tools. It appears to be a collection of various tools and frameworks for penetration testing, vulnerability assessment, and exploitation. The list includes tools for tasks such as: Subdomain enumeration e.g., Sublist3r Vulnerability scanning e.g., w3af,...
naughty-images
This repository contains a collection of SVG images that exploit the SVG vulnerability in various browsers, allowing for cross-site scripting XSS attacks. The images are designed to trigger the vulnerability when loaded in a browser, potentially allowing an attacker to execute malicious code on t...
Exploit for OS Command Injection in Openbsd Openssh
It is an exploit for CVE-2020-15778, a command injection vulnerability in OpenSSH's SCP component. The vulnerability allows an attacker to inject malicious commands by passing a backtick-enabled payload as a file name, which is then executed by the local shell. The affected component is the SCP...
moment-timezone
This repository is an add-on for Moment.js, a JavaScript library for working with dates and times. It provides support for timezones, allowing users to easily work with dates and times in different timezones. The repository contains a variety of files, including a Gruntfile.js, which is used to...
ysoserial
This is a Java-based proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, named ysoserial, is designed to create gadgets that can be used to execute arbitrary commands on a vulnerable application. The gadgets are created by wrapping a...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup method of all loaded org.apache.logging.log4j.core.lookup.JndiLookup instances to unconditionally return the string "Patched JndiLookup::lookup". It is designed to addres...
internalblue
This is an offensive tool for Bluetooth experimentation. It is a Bluetooth experimentation framework for Broadcom and Cypress chips, which enables various features that would otherwise only be possible with a full-stack software-defined radio implementation, such as injecting and monitoring packe...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The exploits are categorized by the affected product or framework, and the vulnerability class/vector is also identified. The PoCs are: 1. ActiveMQ/ActiveMQExP.py: This is a PoC exploit f...
Bug-Project-Framework
It is an offensive tool for bug exploitation. The repository contains a framework for exploiting vulnerabilities, specifically a module sharing repository. The primary CVE ID is not explicitly mentioned, but the description translates to "Vulnerability exploitation framework module sharing...
Vuls
Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vulsen ---- Abstract For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. ...
wazuh
This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...
Exploit for Path Traversal in Mikrotik Routeros
Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html Introduction LadonGo is an open source intranet penetration scanner framework, which can be used to easily detect segment C, B, A live hosts, fingerprint identification, port scanning, password explosion, remote execution, high-ri...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari
This is an optimization error in the way RegEx matching is handled, leading to an exploit for the latest version of Safari as of Dec. 6 2018. The exploit is for CVE-2018-4233, which was patched in the current WebKit release. The vulnerability is in the WebKit engine and allows for remote code...
drupwn
This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...
Exploit for CVE-2015-0273
phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...
Exploit for CVE-2020-1472
ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit CVE-2020-1472. It attempts to perform the Netlogon authentication bypass. The script will immediately terminate when successfully performing the bypass, and not perform any...
Exploit for Heap-based Buffer Overflow in Google Android
This is a PoC exploit for CVE-2020-8899, a memory corruption vulnerability in the Samsung Qmage codec. The exploit targets a Samsung Galaxy Note 10+ phone running Android 10 via MMS. The exploit code is written in Python and requires the following software to be locally installed: Python 3, Netwi...
dirty_sock
dirtysock: Linux Privilege Escalation via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. F...
kubei
Kubei is a flexible Kubernetes runtime scanner that scans worker nodes and Kubernetes nodes' images, providing accurate vulnerability assessments. It is a vulnerability scanner and CIS Docker scanner. The repository contains various files, including .dockerignore, .families.yaml,...