dirty_sock

dirtysock: Linux Privilege Escalation via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and education. F...

awesome-exploit-development

This is a curated list of resources for learning about exploit development, not an exploit itself. It is a collection of books, tutorials, courses, tools, and vulnerable applications for learning about exploit development. The resources include books such as "Hacking - The art of exploitation" an...

kubei

Kubei is a flexible Kubernetes runtime scanner that scans worker nodes and Kubernetes nodes' images, providing accurate vulnerability assessments. It is a vulnerability scanner and CIS Docker scanner. The repository contains various files, including .dockerignore, .families.yaml,...

Cobalt-Strike-Aggressor-Scripts

This repository is an offensive tool for Cobalt Strike Aggressor Scripts. It is a collection of PowerShell scripts that aggregate various UAC bypass methods, including the MS16-032, MS16-135, and WScript bypass attacks. The scripts are designed to be used with the Cobalt Strike framework to perfo...

wazuh

This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...

java-sec-code

This is an offensive tool for Java web applications. It is a collection of Java web common vulnerabilities and security code, based on Spring Boot and Spring Security. The repository contains various types of vulnerabilities, including actuators to RCE, command inject, CORS, CRLF injection, CSRF,...

Exploit for Path Traversal in Microsoft

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution, works with arbitrary DLL files. Update 31/05/2022 - CVE-2022-30190 - Follina Now the generator is able to generate the document required to exploit also the "Follina"...

sql-injection-payload-list

It is an offensive tool for SQL injection. The repository contains a list of SQL injection payloads. The primary CVE ID is not explicitly mentioned, but it is likely related to various SQL injection vulnerabilities. The target product/service is likely any database management system that uses SQL...

Exploit for CVE-2015-4335

This is a PoC exploit for CVE-2015-4335, a Redis Lua sandbox escape and arbitrary code execution vulnerability. The tool, named redischeck, checks a Redis instance for security vulnerabilities. It performs three checks: 1 if the AUTH command is set, 2 if the CONFIG command has been renamed, and 3...

Exploit for CVE-2000-0114

This is a collection of vulnerability templates for the Nuclei vulnerability scanner. The templates are organized by CVE ID and include information such as the vulnerability name, description, severity, and remediation steps. The templates also include HTTP requests and matchers to identify the...

charlotte

This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Windows API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and evade detection. The code is written in C++ and...

Exploit for Use After Free in Google Android

This is a proof-of-concept PoC exploit for CVE-2019-2215, a use-after-free vulnerability in the Android kernel. The exploit is designed to demonstrate the vulnerability and its potential impact on the system. The PoC exploit is written in C++ and uses the Clang compiler. It includes a function...

anti-xss

This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...

evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan. It is designed to perform various scanning tasks such as sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, S...

AutoSploit

PoC exploit for CVE-XXXX-XXXX. It is an automated mass exploiter that uses the Shodan.io API to collect targets and then attempts to exploit them using Metasploit modules. The tool can be configured to run all available Metasploit modules against the targets in a 'Hail Mary' type of attack. The...

k-rail

This is a Kubernetes security tool for policy enforcement, specifically designed for workload policy enforcement. It is a deprecated project that will receive no new features or bugfixes except in the case of critical security vulnerabilities. The tool is intended to help secure a multi-tenant...

WAFTest

This repository is an offensive tool for testing web application firewalls WAFs. It contains a collection of test cases and scripts to evaluate the effectiveness of WAFs against various types of attacks. The tool includes test cases for common web application vulnerabilities such as: Command...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules and tools for exploiting vulnerabilities and conducting penetration testing. The primary...

sinatra

This is the official repository for the Sinatra web framework. It is a DSL Domain Specific Language for web development, allowing developers to create web applications in a concise and elegant way. The repository contains the core code for Sinatra, as well as various plugins and extensions. The...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in the SMBv3 server of Windows operating systems. The exploit is written in Python and uses the SMB protocol to exploit the vulnerability. The exploit targets...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of tools and resources for penetration testing and vulnerability assessment. The repository contains a wide range of modules, including exploits, payloads, and auxiliary tools, which can be used to test and exploit...

tpwn

tpwn cve-2015-???? poc os x 10.10.5 kernel local privilege escalation vulnerability got burned in 10.11 full writeup etason shout out @ unthreadedjb 4 hax Install NULLGuard to protect yourself against tpwn and other NULL Pointer Deference bugs...

PS4-4.05-Kernel-Exploit

This repository contains a fully implemented kernel exploit for the PlayStation 4 on firmware version 4.05. The exploit, known as "namedobj," allows for arbitrary code execution as kernel, enabling jailbreaking and kernel-level modifications to the system. It includes a loader that listens for...

zscan

This is a collection of tools for scanning and blasting exploiting services on a network. The tool is called Zscan and is written in Go. It has several modules for different types of scans and exploits, including: Port scanning Service blasting exploiting FTP blasting HTTP blasting LDAP blasting...

awesome-jenkins-rce-2019

There is no pre-auth RCE in Jenkins since May 2017, but this is the one!...

cs253.stanford.edu

It is an offensive tool for web application security education. The repository contains a collection of assignments and exercises for the CS 253 Web Security course at Stanford University. The assignments are designed to educate students on various web security topics, including client-side...

CTF-All-In-One

This is a repository for a book titled "CTF-All-In-One" by firmianay. The book is a comprehensive guide to CTF Capture The Flag competitions, covering various topics such as Linux, Web security, reverse engineering, and cryptography. The repository contains the source code and materials for the...

security-guide-for-developers

This is a security guide for web developers, covering various security topics such as authentication, authorization, data validation, and encryption. The guide is divided into several sections, including a security checklist, authentication and authorization, data validation and sanitation, and...

pwnshop

pwnshop Notes, cheatsheets, shellcode and exploits. Progress: - Utility - Object/Executable file to shellcode converter script: code - Utility - Assembly and link script : code - Utility - Shellcode testing skeleton generator : code - Exit syscall asm: code - Write syscall "Hello world!": code -...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example...

wifi-arsenal

This repository is an offensive tool for WiFi exploitation. It is a collection of tools and scripts for various WiFi-related attacks, including denial of service, encryption attacks, WEP/WPA/WPA2 attacks, WPS attacks, and others. The repository is maintained by 0x90/wifi-arsenal. The repository...

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847, a vulnerability in RouterOS. The repository contains a simple implementation of a Winbox server, which is a protocol used to manage RouterOS devices. The server accepts a single Winbox message, parses it, and responds with a message indicating insufficien...

Exploit for OS Command Injection in Docker

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...

spraywmi

Exploit module/toolkit targeting Windows systems via WMI Windows Management Instrumentation spraying. The tool, named SprayWMI, is designed to mass spray Unicorn PowerShell injection to CIDR notations. It is a Python-based tool that uses the pexpect library to interact with the Windows Management...

shiro-exploit

This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 docx file You need to...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

PHPMailer And that's it, you have your shell. There is another exploit, which ilustrates another use case. ./deface.sh localhost:8080 + CVE-2016-10033 exploit by opsxcq + Exploiting localhost:8080 + Target exploited, acessing shell at http://localhost:8080/backdoor.php + Checking if the backdoor...

awesome-burp-extensions

This is a curated list of Burp Extensions, a collection of user-submitted plugins for the Burp Suite web application security testing tool. The repository is maintained under a CC0 1.0 Universal license, allowing for the permanent relinquishment of copyright and related rights to the works...

LFISuite

This repository is an offensive tool for Local File Inclusion LFI exploitation and scanning. It is primarily used to exploit LFI vulnerabilities in web applications, allowing an attacker to access sensitive files and potentially gain unauthorized access to a system. The tool, called LFI Suite,...

awesome-oneliner-bugbounty

This repository is an offensive tool for bug bounty hunting. It contains a collection of one-liner scripts for identifying vulnerabilities, particularly for bug bounty tips. The primary CVE ID present in the context is not explicitly mentioned, but the repository includes scripts for Local File...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

Janusec-Application-Gateway

It is an offensive tool for web application security testing. The repository contains a tool for testing web application security, specifically for identifying vulnerabilities in web applications. The tool is designed to test for various types of vulnerabilities, including SQL injection, cross-si...

ruby-dragonfly

This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The repository contains various PoCs Proof of Concept and exploits for the vulnerability, which affects the Windows SMB protocol. The vulnerability is a buffer overflow in the SMB protocol, allowing an attacker to execute...

MCIR

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...

SCANNER-INURLBR

This is an offensive tool for web application vulnerability scanning. The tool, INURLBR, is designed to perform advanced searches in search engines to exploit GET/POST capturing emails and URLs, with an internal custom validation junction for each target/URL found. It is written in PHP and can ru...

advisory-db

This is a security advisory database for Rust crates published through crates.io. The database is maintained by the RustSec project and contains information on security vulnerabilities in various Rust crates. The database is stored in TOML format and can be consumed by various tools for auditing...