Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/06 4:10 p.m.79 views

Exploit for Out-of-bounds Write in Gnu Glibc

PoC exploit for CVE-2015-0235, a vulnerability in the gethostbyname2r and gethostbynamer functions of the glibc library. The exploit is a shared library wrapper that provides an additional check for the vulnerable functions, preventing them from being called. The target is the glibc library,...

10CVSS8.3AI score0.94859EPSS
Exploits29
Gitee
Gitee
added 2025/09/06 1:1 p.m.79 views

Exploit for Observable Discrepancy in Intel Atom_C

This is a tool for checking the state of software mitigations against Spectre and Meltdown vulnerabilities. It uses the NtQuerySystemInformation API call to report the data as seen by the Windows Kernel. The tool is currently optimized for Microsoft Windows 7-10 and uses the best-working exploit...

5.6CVSS6.5AI score0.93838EPSS
Exploits13
Gitee
Gitee
added 2025/09/06 12:8 p.m.79 views

log4shell-detector

This is a Gradle wrapper script for a Java project. Here's a breakdown of the key points: Purpose: The script is used to start a Gradle build process. License: The script is licensed under the Apache License, Version 2.0. Functionality: The script sets up the environment for the Gradle build...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:22 a.m.79 views

Shr3dKit

This is a Red Team Tool Kit repository, specifically designed for penetration testing and red teaming activities. The tool kit is influenced by infosecn1nja's kit and includes a wide range of tools for reconnaissance, weaponization, and delivery. The repository contains a total size of 2.5+Gb and...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 10:21 p.m.78 views

BlackCode

No description provided...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 1:1 a.m.78 views

cassandra-mesos

This is a repository for the Cassandra-Mesos framework, which is a distributed database system that allows for the deployment of Apache Cassandra on Apache Mesos. The framework is designed to provide a scalable and fault-tolerant way to run Cassandra on Mesos, and it includes features such as...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/08/21 3:15 p.m.78 views

cve

这里的洞大部分是当时测TaintScaner的时候水的,没有什么含金量,建议移步TaintScaner,学习如何利用污点分析快速的寻找这类从Source到Sink的php漏洞 https://github.com/Fushuling/TaintScaner...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:16 a.m.78 views

sudo_inject

Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:24 a.m.78 views

50M_CTF_Writeup

It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:41 a.m.78 views

PoC

PoC PoC of CVE/Exploit...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:33 p.m.77 views

PocCollect

This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...

7.7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:40 p.m.77 views

PayloadsAllTheThings

It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used for testing and exploiting vulnerabilities in web applications. The...

7AI score
Exploits0
Gitee
Gitee
added 2025/08/03 4:31 a.m.77 views

Windows

Windows Awesome tools to play with Windows ! List of tools used for exploiting Windows: - Exploitation : Windows Software Exploitation - hacking-team-windows-kernel-lpe : Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar. - mimikatz : A little tool to play with...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:26 a.m.77 views

linux-smart-enumeration

First, a couple of useful oneliners ; console wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh console curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/09/14 2:44 p.m.76 views

msdat

This is an offensive tool for Microsoft SQL Server MSSQL database exploitation. The tool is called "MSDAT" and is designed to perform various attacks on MSSQL databases, including reading and writing files, executing system commands, and more. The tool uses a variety of techniques, including OLE...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/06 4:25 a.m.76 views

vulnerabilitydb

This is a public vulnerability database repository for Snyk, a tool that helps find and fix known vulnerabilities in Node.js dependencies. The repository contains a list of folders for vulnerable npm packages, each with a subfolder for a specific date YYYYMMDD containing data files. The data is...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/08 1:22 p.m.76 views

pwn(好友)

No description provided...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:51 a.m.76 views

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...

9.8CVSS7.7AI score0.99999EPSS
Exploits48
Gitee
Gitee
added 2025/09/06 8:33 a.m.75 views

CUSEC-2020

Based on the provided code and context, here is a summary of the analysis: Classification: This is an Insecure Direct Object Reference IDOR bug. Background: The bug occurs when the application does not verify that the current user is authorized to access a resource with a specific ID. In this cas...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:39 a.m.75 views

osx-security-awesome

It is an offensive tool for collecting and categorizing OSX and iOS security resources. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be collecting resources related to OSX and iOS security. The...

6.5AI score
Exploits0
Gitee
Gitee
added 2025/09/28 9:59 p.m.74 views

ReconPi

This is a reconnaissance tool called ReconPi, designed for use on a Raspberry Pi or a VPS. The tool is written in Bash and uses various scripts to perform extensive reconnaissance on a target domain. The tool's primary function is to gather information about a target domain, including subdomains,...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:34 p.m.74 views

SQLInjectionWiki

This is a SQL injection wiki repository. It is a collection of resources and information on SQL injection techniques, including detection, exploitation, and mitigation. The repository is maintained by NetSPI and is available in both English and Chinese versions. The wiki covers various topics...

8.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:12 p.m.74 views

redteam-research

Collection of PoC and offensive techniques used by the BlackArrow Red Team...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:27 p.m.74 views

defcon27_csharp_workshop

This repository contains a collection of C code snippets and labs for writing custom backdoor payloads, as part of a workshop presented at Defcon 27. The code covers various topics, including Windows API calls, memory allocation, thread creation, and encryption. The code snippets are organized in...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/08/07 3:31 p.m.74 views

漏洞扫描工具

This is a vulnerability scanning tool, which combines multiple network security techniques to automate vulnerability detection. The tool includes four core scanning technologies: SQL injection detection, XSS detection, path traversal detection, and sensitive information disclosure detection. It...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:40 a.m.74 views

Exploit-Writeups

This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:9 p.m.73 views

TI_Dos_Framework

This is a comprehensive web-app audit framework called TIDoS Framework. It is a Python-based tool that provides a wide range of modules for reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation. The framework is designed to be user-friendly and provides a simple interfac...

7AI score
Exploits0
Gitee
Gitee
added 2024/06/29 11:34 a.m.73 views

vulSystem

This repository appears to be a collection of tools and scripts for web scraping and data collection, likely used for research or analysis purposes. The tools are written in Python and utilize various libraries such as BeautifulSoup and requests. The repository contains several scripts, including...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/13 7:36 a.m.72 views

portia

This repository is an offensive tool for Windows. It is a collection of scripts and modules for automating various tasks, including privilege escalation, lateral movement, and convenience modules. The primary tool is called "Portia," which is a genus of jumping spider known for its intelligent...

7.8AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:42 a.m.72 views

Exploit for CVE-2018-2636

This is a low-interaction honeypot designed to detect the CVE-2018-2636 directory traversal vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications MICROS. The honeypot simulates a MICROS server and allows attackers to use the vulnerability to "steal files" a...

8.1CVSS6.7AI score0.13725EPSS
Exploits5
Gitee
Gitee
added 2024/07/30 1:28 p.m.72 views

Exploit for Server-Side Request Forgery in Adobe Experience_Manager

This repository is an offensive tool for vulnerability exploitation, specifically targeting Adobe AEM Experience Manager vulnerabilities. The primary CVE ID is CVE-2018-12809. The tool is designed to exploit a SSRF Server-Side Request Forgery vulnerability in AEM, allowing an attacker to extract...

7.5CVSS6.7AI score0.04949EPSS
Exploits1
Gitee
Gitee
added 2024/07/25 11:29 a.m.71 views

poc

This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities in Dahua products. The exploits are categorized by product and vulnerability type. The PoCs are for the following products: 1. Dahua DSS: - A command execution vulnerability CVE-XXXX-XXXX that allow...

8.4AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:41 a.m.70 views

Exploit for CVE-2019-1322

COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo https://vimeo.com/373051209 Usage Compile or Download from Release https://github.com/apt69/COMahawk/releases 1. Run COMahawk.exe 2. ??? 3. Hopefully profit or 1. COMahawk.exe "custom command to run" ie...

7.8CVSS8.1AI score0.2995EPSS
Exploits25
Gitee
Gitee
added 2025/03/10 11:27 a.m.70 views

wapiti

It is an offensive tool for web application security testing. The primary vulnerability class targeted is SQL injection and XSS. The tool is designed to check web applications for vulnerabilities, and it is likely used by security researchers and penetration testers. The tool is written in Python...

8AI score
Exploits0
Gitee
Gitee
added 2024/08/02 11:21 a.m.69 views

POC

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0 beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://camel.apache.org/schema/spring" xmlns:context="http://www.springframework.org/schema/context"...

7AI score
Exploits0
Gitee
Gitee
added 2025/05/08 4:0 p.m.68 views

ssrf漏洞

No description...

7AI score
Exploits0
Gitee
Gitee
added 2024/05/24 3:43 p.m.68 views

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

7.6AI score
Exploits0
Gitee
Gitee
added 2024/07/01 4:1 p.m.67 views

Exploit for Deserialization of Untrusted Data in Apache Dubbo

Apache Dubbo 反序列化漏洞CVE-2023-29234 is a vulnerability in the Apache Dubbo framework, which allows an attacker to execute arbitrary code on the server-side. The vulnerability is caused by a deserialization issue in the Dubbo framework, which can be exploited by sending a specially crafted serialize...

9.8CVSS9.8AI score0.07401EPSS
Exploits2
Gitee
Gitee
added 2025/07/08 2:11 p.m.65 views

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...

7.3AI score
Exploits0
Gitee
Gitee
added 2024/09/20 8:22 a.m.65 views

Exploit for Code Injection in Seacms

No description provided...

9.8CVSS7AI score0.00999EPSS
Exploits2
Gitee
Gitee
added 2021/02/24 2:1 p.m.64 views

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 介绍 CVE-2019-0211 软件架构 软件架构说明 安装教程 1. xxxx 2. xxxx 3. xxxx 使用说明 1. xxxx 2. xxxx 3. xxxx 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request 特技 1. 使用 Readme\XXX.md 来支持不同的语言,例如 Readme\en.md, Readme\zh.md 2. Gitee 官方博客 blog.gitee.com 3. 你可以 https://gitee.com/explore 这个地址来了解 Git...

7.8CVSS7.1AI score0.65005EPSS
Exploits8
Gitee
Gitee
added 2020/11/17 9:7 a.m.63 views

Exploit for Code Injection in Microsoft

somepocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。 PoC 编写规范及要求说明 | 序号 | poc | 说明 | | ---- | --------------------------------------- |...

10CVSS7.4AI score0.99999EPSS
Exploits497
Gitee
Gitee
added 2021/08/17 3:35 p.m.62 views

Exploit for Race Condition in Openbsd Openssh

CVE-2018-15473 --- 成因 --- OpenSSH服务器在对包含了请求的数据包完全解析之前,不会延迟处理一个验证无效的用户。该漏洞和auth2-gss.c,auth2-hostbased.c,auth2-pubkey.c有关。 利用 --- 尽管该漏洞不能用来生成有效的用户名列表,但依旧可以拿来枚举猜测用户名。 受影响的版本 --- OpenSSH = 7.7 不受影响的版本 --- openssh-7.8p1-1.fc28 openssh-7.6p1-6.fc27 poc安装 --- 您可能需要安装发行版的等效openssl-dev软件包 bash...

5.3CVSS7.2AI score0.98631EPSS
Exploits23
Gitee
Gitee
added 2025/03/10 11:46 p.m.60 views

漏洞检测

It is an offensive tool for vulnerability detection. The repository contains a project with a name that translates to "漏洞检测" which means "vulnerability detection" in English. The project is likely used for identifying vulnerabilities in systems or applications. The code snippets provided are...

8AI score
Exploits0
Gitee
Gitee
added 2020/10/10 6:21 p.m.60 views

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a Windows ZeroLogon vulnerability. The exploit targets the Netlogon service on a Domain Controller DC and allows an attacker to set an empty password for the DC's machine account. This is achieved by exploiting the vulnerability in the Netlogon service, which allows...

10CVSS7.7AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2024/06/14 8:9 a.m.59 views

Exploit for Deserialization of Untrusted Data in Apache Dubbo

Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...

9.8CVSS7AI score0.07401EPSS
Exploits2
Gitee
Gitee
added 2024/08/20 2:39 p.m.56 views

Exploit for CVE-2021-4191

This repository contains a collection of exploits and proof-of-concept POC code for various vulnerabilities, including a high-severity vulnerability in Android versions 12 and 13 CVE-2024-0044, an unauthenticated remote command execution RCE vulnerability in BYOB Build Your Own Botnet v2.0.0, and...

7.8CVSS7.9AI score0.80004EPSS
Exploits20
Gitee
Gitee
added 2024/05/30 2:14 p.m.55 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...

9CVSS8AI score0.25334EPSS
Exploits32
Gitee
Gitee
added 2021/04/29 9:43 p.m.54 views

Exploit for Cross-site Scripting in Apache Http_Server

This is a PoC exploit for CVE-2019-10092, a Limited Cross-Site Scripting in modproxy Error Page-Apache httpd vulnerability. The target product/service is Apache HTTP Server, and the vulnerability class/vector is XSS. The probable entry points are the start.sh script, which invokes the Apache serv...

6.1CVSS7.2AI score0.81466EPSS
Exploits4
Gitee
Gitee
added 2020/05/08 2:57 p.m.54 views

Exploit for Race Condition in Openbsd Openssh

PoC exploit for CVE-2018-15473, an OpenSSH username enumeration vulnerability. The target product/service is OpenSSH, and the vulnerability class/vector is username enumeration. The probable entry point is the sshUsernameEnumExploit.py script, which is invoked by the ENTRYPOINT in the Dockerfile...

5.3CVSS6.9AI score0.98631EPSS
Exploits23
Total number of security vulnerabilities1886