1886 matches found
Exploit for Out-of-bounds Write in Gnu Glibc
PoC exploit for CVE-2015-0235, a vulnerability in the gethostbyname2r and gethostbynamer functions of the glibc library. The exploit is a shared library wrapper that provides an additional check for the vulnerable functions, preventing them from being called. The target is the glibc library,...
Exploit for Observable Discrepancy in Intel Atom_C
This is a tool for checking the state of software mitigations against Spectre and Meltdown vulnerabilities. It uses the NtQuerySystemInformation API call to report the data as seen by the Windows Kernel. The tool is currently optimized for Microsoft Windows 7-10 and uses the best-working exploit...
log4shell-detector
This is a Gradle wrapper script for a Java project. Here's a breakdown of the key points: Purpose: The script is used to start a Gradle build process. License: The script is licensed under the Apache License, Version 2.0. Functionality: The script sets up the environment for the Gradle build...
Shr3dKit
This is a Red Team Tool Kit repository, specifically designed for penetration testing and red teaming activities. The tool kit is influenced by infosecn1nja's kit and includes a wide range of tools for reconnaissance, weaponization, and delivery. The repository contains a total size of 2.5+Gb and...
BlackCode
No description provided...
cassandra-mesos
This is a repository for the Cassandra-Mesos framework, which is a distributed database system that allows for the deployment of Apache Cassandra on Apache Mesos. The framework is designed to provide a scalable and fault-tolerant way to run Cassandra on Mesos, and it includes features such as...
cve
这里的洞大部分是当时测TaintScaner的时候水的,没有什么含金量,建议移步TaintScaner,学习如何利用污点分析快速的寻找这类从Source到Sink的php漏洞 https://github.com/Fushuling/TaintScaner...
sudo_inject
Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...
50M_CTF_Writeup
It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...
PoC
PoC PoC of CVE/Exploit...
PocCollect
This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...
PayloadsAllTheThings
It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used for testing and exploiting vulnerabilities in web applications. The...
Windows
Windows Awesome tools to play with Windows ! List of tools used for exploiting Windows: - Exploitation : Windows Software Exploitation - hacking-team-windows-kernel-lpe : Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar. - mimikatz : A little tool to play with...
linux-smart-enumeration
First, a couple of useful oneliners ; console wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh console curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700...
msdat
This is an offensive tool for Microsoft SQL Server MSSQL database exploitation. The tool is called "MSDAT" and is designed to perform various attacks on MSSQL databases, including reading and writing files, executing system commands, and more. The tool uses a variety of techniques, including OLE...
vulnerabilitydb
This is a public vulnerability database repository for Snyk, a tool that helps find and fix known vulnerabilities in Node.js dependencies. The repository contains a list of folders for vulnerable npm packages, each with a subfolder for a specific date YYYYMMDD containing data files. The data is...
pwn(好友)
No description provided...
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...
CUSEC-2020
Based on the provided code and context, here is a summary of the analysis: Classification: This is an Insecure Direct Object Reference IDOR bug. Background: The bug occurs when the application does not verify that the current user is authorized to access a resource with a specific ID. In this cas...
osx-security-awesome
It is an offensive tool for collecting and categorizing OSX and iOS security resources. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be collecting resources related to OSX and iOS security. The...
ReconPi
This is a reconnaissance tool called ReconPi, designed for use on a Raspberry Pi or a VPS. The tool is written in Bash and uses various scripts to perform extensive reconnaissance on a target domain. The tool's primary function is to gather information about a target domain, including subdomains,...
SQLInjectionWiki
This is a SQL injection wiki repository. It is a collection of resources and information on SQL injection techniques, including detection, exploitation, and mitigation. The repository is maintained by NetSPI and is available in both English and Chinese versions. The wiki covers various topics...
redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team...
defcon27_csharp_workshop
This repository contains a collection of C code snippets and labs for writing custom backdoor payloads, as part of a workshop presented at Defcon 27. The code covers various topics, including Windows API calls, memory allocation, thread creation, and encryption. The code snippets are organized in...
漏洞扫描工具
This is a vulnerability scanning tool, which combines multiple network security techniques to automate vulnerability detection. The tool includes four core scanning technologies: SQL injection detection, XSS detection, path traversal detection, and sensitive information disclosure detection. It...
Exploit-Writeups
This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...
TI_Dos_Framework
This is a comprehensive web-app audit framework called TIDoS Framework. It is a Python-based tool that provides a wide range of modules for reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation. The framework is designed to be user-friendly and provides a simple interfac...
vulSystem
This repository appears to be a collection of tools and scripts for web scraping and data collection, likely used for research or analysis purposes. The tools are written in Python and utilize various libraries such as BeautifulSoup and requests. The repository contains several scripts, including...
portia
This repository is an offensive tool for Windows. It is a collection of scripts and modules for automating various tasks, including privilege escalation, lateral movement, and convenience modules. The primary tool is called "Portia," which is a genus of jumping spider known for its intelligent...
Exploit for CVE-2018-2636
This is a low-interaction honeypot designed to detect the CVE-2018-2636 directory traversal vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications MICROS. The honeypot simulates a MICROS server and allows attackers to use the vulnerability to "steal files" a...
Exploit for Server-Side Request Forgery in Adobe Experience_Manager
This repository is an offensive tool for vulnerability exploitation, specifically targeting Adobe AEM Experience Manager vulnerabilities. The primary CVE ID is CVE-2018-12809. The tool is designed to exploit a SSRF Server-Side Request Forgery vulnerability in AEM, allowing an attacker to extract...
poc
This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities in Dahua products. The exploits are categorized by product and vulnerability type. The PoCs are for the following products: 1. Dahua DSS: - A command execution vulnerability CVE-XXXX-XXXX that allow...
Exploit for CVE-2019-1322
COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo https://vimeo.com/373051209 Usage Compile or Download from Release https://github.com/apt69/COMahawk/releases 1. Run COMahawk.exe 2. ??? 3. Hopefully profit or 1. COMahawk.exe "custom command to run" ie...
wapiti
It is an offensive tool for web application security testing. The primary vulnerability class targeted is SQL injection and XSS. The tool is designed to check web applications for vulnerabilities, and it is likely used by security researchers and penetration testers. The tool is written in Python...
POC
Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0 beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://camel.apache.org/schema/spring" xmlns:context="http://www.springframework.org/schema/context"...
ssrf漏洞
No description...
Poc
This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...
Exploit for Deserialization of Untrusted Data in Apache Dubbo
Apache Dubbo 反序列化漏洞CVE-2023-29234 is a vulnerability in the Apache Dubbo framework, which allows an attacker to execute arbitrary code on the server-side. The vulnerability is caused by a deserialization issue in the Dubbo framework, which can be exploited by sending a specially crafted serialize...
YushuTechUnitreeGo1
Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...
Exploit for Code Injection in Seacms
No description provided...
Exploit for Use After Free in Apache Http_Server
CVE-2019-0211 介绍 CVE-2019-0211 软件架构 软件架构说明 安装教程 1. xxxx 2. xxxx 3. xxxx 使用说明 1. xxxx 2. xxxx 3. xxxx 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request 特技 1. 使用 Readme\XXX.md 来支持不同的语言,例如 Readme\en.md, Readme\zh.md 2. Gitee 官方博客 blog.gitee.com 3. 你可以 https://gitee.com/explore 这个地址来了解 Git...
Exploit for Code Injection in Microsoft
somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...
Exploit for Race Condition in Openbsd Openssh
CVE-2018-15473 --- 成因 --- OpenSSH服务器在对包含了请求的数据包完全解析之前,不会延迟处理一个验证无效的用户。该漏洞和auth2-gss.c,auth2-hostbased.c,auth2-pubkey.c有关。 利用 --- 尽管该漏洞不能用来生成有效的用户名列表,但依旧可以拿来枚举猜测用户名。 受影响的版本 --- OpenSSH = 7.7 不受影响的版本 --- openssh-7.8p1-1.fc28 openssh-7.6p1-6.fc27 poc安装 --- 您可能需要安装发行版的等效openssl-dev软件包 bash...
漏洞检测
It is an offensive tool for vulnerability detection. The repository contains a project with a name that translates to "漏洞检测" which means "vulnerability detection" in English. The project is likely used for identifying vulnerabilities in systems or applications. The code snippets provided are...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472, a Windows ZeroLogon vulnerability. The exploit targets the Netlogon service on a Domain Controller DC and allows an attacker to set an empty password for the DC's machine account. This is achieved by exploiting the vulnerability in the Netlogon service, which allows...
Exploit for Deserialization of Untrusted Data in Apache Dubbo
Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...
Exploit for CVE-2021-4191
This repository contains a collection of exploits and proof-of-concept POC code for various vulnerabilities, including a high-severity vulnerability in Android versions 12 and 13 CVE-2024-0044, an unauthenticated remote command execution RCE vulnerability in BYOB Build Your Own Botnet v2.0.0, and...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...
Exploit for Cross-site Scripting in Apache Http_Server
This is a PoC exploit for CVE-2019-10092, a Limited Cross-Site Scripting in modproxy Error Page-Apache httpd vulnerability. The target product/service is Apache HTTP Server, and the vulnerability class/vector is XSS. The probable entry points are the start.sh script, which invokes the Apache serv...
Exploit for Race Condition in Openbsd Openssh
PoC exploit for CVE-2018-15473, an OpenSSH username enumeration vulnerability. The target product/service is OpenSSH, and the vulnerability class/vector is username enumeration. The probable entry point is the sshUsernameEnumExploit.py script, which is invoked by the ENTRYPOINT in the Dockerfile...