Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/04/21 1:57 a.m.6 views

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781...

9.8CVSS7.5AI score0.99999EPSS
Exploits48
Gitee
Gitee
added 2020/04/14 5:56 p.m.6 views

Exploit for OS Command Injection in Cacti

The official exploit for Cacti v1.2.8 Remote Code Execution CVE-2020-8813...

9.3CVSS7.4AI score0.73779EPSS
Exploits24
Gitee
Gitee
added 2020/04/13 5:28 p.m.6 views

PSKernel-Primitives

This repository contains a collection of PowerShell primitives for exploitation, specifically targeting Windows systems. The code is written in PowerShell and utilizes various Windows APIs to achieve its goals. The repository includes several functions, each with a specific purpose: 1...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/31 4:17 p.m.6 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 CVE-2019-2725CNVD-C-2019-48814、WebLogic wls9-async 命令回显 10.3.6 12.1.3 ResultBaseExec.java 用于测试defineClass,将把恶意类从base64还原出来,执行代码,主要是比较方便(可用可不用)。 JDK7u21.java 会生成weblogic-2019-272512.1.3命令执行.txt中的xml,请使用jdk6编译。 CVE-2019-2725.py 检测命令是否会执行。...

9.8CVSS7.7AI score0.99964EPSS
Exploits35
Gitee
Gitee
added 2020/03/28 4:58 p.m.6 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 is a remote command execution vulnerability in Oracle WebLogic Server. The exploit code is written in Python and uses the CVE-2018-2628 Weblogic GetShell.py script to exploit the vulnerability. The script sends a specially crafted request to the vulnerable server, which allows an...

9.8CVSS8.1AI score0.99448EPSS
Exploits69
Gitee
Gitee
added 2020/03/23 3:44 p.m.6 views

cve_2019_0708_bluekeep_rce

bluekeep exploit...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/23 1:5 p.m.6 views

dedecmscan

This is a Python script designed to scan for vulnerabilities in DedeCMS, a content management system. The script is called "dedescan" and is written in Python 3. It uses various modules to perform different types of scans, including SQL injection, cross-site scripting XSS, and path traversal. The...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/03/20 5:2 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/17 6:53 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and more. The repository is maintained by phith0n and is...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/17 6:19 p.m.6 views

Exploit for CVE-2019-15231

This repository contains a collection of exploits for various vulnerabilities, including unauthenticated remote command execution RCE and directory traversal. The exploits are written in Python and utilize various libraries such as requests and pymongo. The repository includes exploits for the...

9.8CVSS7.5AI score0.99057EPSS
Exploits56
Gitee
Gitee
added 2020/03/17 1:50 p.m.6 views

pikachu

This is an offensive tool for Web application security testing. It is a web application that contains various web security vulnerabilities, including Burt Force brute-force, XSS cross-site scripting, CSRF cross-site request forgery, SQL-Inject SQL injection, RCE remote code execution, Files...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/16 12:53 p.m.6 views

icsmaster

This is an offensive tool repository for industrial control system ICS security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several categories, including a directory of...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/03/11 8:27 p.m.6 views

lua-resty-waf

This repository is an exploit module/toolkit targeting OpenResty, a high-performance web server built on the Nginx core. The primary vulnerability class/vector is not explicitly stated, but based on the code and metadata, it appears to be a remote code execution RCE vulnerability. The probable...

8AI score
Exploits0
Gitee
Gitee
added 2020/03/07 8:41 a.m.6 views

msf_module

msf-module wooyun还在的时候根据别人的审计写的一些msf插件,有几个还是挺好用的 module列表 auxiliary + zoomeye-search.rb exploits + Dswjcms-upload-wooyun-2015-0160899.rb + Lotapp-exec-wooyun-2015-0133750.rb + OEM-exec-wooyun-2010-0192732.rb + ZTE-exec-wooyun-2016-190343.rb + discuz-ssrf-wooyun-2011-0151179.rb +...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/07 8:40 a.m.6 views

Exploit for Use After Free in Microsoft

This repository is a PoC Proof of Concept scanner for the CVE-2019-0708 vulnerability, also known as "BlueKeep", which is a remote code execution RCE vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of the rdesktop client, a Remote Desktop Protocol client, and is...

10CVSS8.4AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/03/06 4:31 p.m.6 views

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/03/03 2:44 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the collection includes various environments with different vulnerabilities, such as SQL injection, cross-site scripting XSS, and server-side template...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/02/18 11:55 p.m.6 views

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

9.3CVSS8.3AI score0.90026EPSS
Exploits47
Gitee
Gitee
added 2020/02/18 11:55 p.m.6 views

Exploit for CVE-2016-0728

This repository is an offensive tool for Linux kernel exploitation. It contains exploits for various real-world kernel vulnerabilities, including CVE-2016-0728. The primary vulnerability being targeted is a REFCOUNT overflow/Use-After-Free in keyrings. The repository includes two exploit modules:...

7.8CVSS7.2AI score0.03646EPSS
Exploits14
Gitee
Gitee
added 2020/02/14 11:51 p.m.6 views

PowerTools

This repository is an offensive tool for PowerShell exploitation. It contains a collection of scripts that utilize a common pattern to host a script on a PowerShell webserver, invoke the IEX download cradle to download/execute the target code and post the results back to the server, and then...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/02/10 10:6 p.m.6 views

exploit-database

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system, software, and vulnerability...

7AI score
Exploits0
Gitee
Gitee
added 2020/01/24 12:38 p.m.6 views

XXEinjector

This is an exploit module/toolkit targeting XXE XML eXternal Entity vulnerabilities. The primary CVE ID is not explicitly stated, but the tool is designed to automate exploitation of XXE vulnerabilities using direct and out-of-band methods. The target product/service is likely web applications,...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/01/22 8:8 p.m.6 views

Exploit for Improper Certificate Validation in Microsoft

PoC exploit for CVE-2020-0601, a vulnerability in the signature verification of certificates using elliptic curve cryptography ECC in Windows 10. The exploit targets the MicrosoftECCProductRootCertificateAuthority.cer, a trusted root certificate authority CA using ECC. The vulnerability allows an...

8.1CVSS8.3AI score0.89436EPSS
Exploits14
Gitee
Gitee
added 2020/01/10 1:32 a.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points include docker-compose build and run commands. Notable...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/01/02 5:1 p.m.6 views

Exploit for CVE-2018-11776

Struts2-057/CVE-2018-11776两个版本RCE漏洞分析(含EXP) Ivan@360云影实验室 2018年08月24日 0x01 前言 ========= 2018年8月22日,Apache Strust2发布最新安全公告,Apache Struts2存在远程代码执行的高危漏洞(S2-057/CVE-2018-11776),该漏洞由Semmle Security Research team的安全研究员Man YueMo发现。该漏洞是由于在Struts2开发框架中使用namespace功能定义XML配置时,namespace值未被设置且在上层动作配置(Action...

9.3CVSS9.1AI score0.99993EPSS
Exploits41
Gitee
Gitee
added 2019/12/25 8:52 a.m.6 views

Shiro-721

This is a vulnerability analysis of a Shiro RCE Remote Code Execution exploit via Padding Oracle Attack. Here's a summary of the key points: Vulnerability Overview The Shiro framework is a popular open-source security framework that provides identity, authentication, authorization, encryption, an...

7.1AI score
Exploits0
Gitee
Gitee
added 2019/12/21 10:55 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...

9.3CVSS7AI score0.99945EPSS
Exploits33
Gitee
Gitee
added 2019/12/20 11:44 a.m.6 views

Exploit for Out-of-bounds Write in Adobe Acrobat

How2pwn Author: Wenhuo - github仅作为仓库使用,个人新博客已迁移至:https://fandazh.cn 。老域名已关闭网站,CTF系列可能不会再更新了,现在主要更新how2CVE。...

10CVSS7.1AI score0.99966EPSS
Exploits42
Gitee
Gitee
added 2019/12/12 10:51 p.m.6 views

vulhub123

It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...

7.6AI score
Exploits0
Gitee
Gitee
added 2019/12/09 11:14 p.m.6 views

icsmaster

This repository, 'icsmaster', is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for finding vulnerable systems, as well as a...

7.1AI score
Exploits0
Gitee
Gitee
added 2019/12/03 12:2 a.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are not specified, but the environments are likely to be...

7.3AI score
Exploits0
Gitee
Gitee
added 2019/12/02 1:26 p.m.6 views

Exploit for Use After Free in Microsoft

This is a PoC Proof of Concept exploit for CVE-2019-0708, a vulnerability in Microsoft Windows Remote Desktop Services. The repository contains a scanner that can detect if a host is vulnerable to this vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS...

10CVSS8.2AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2019/12/02 9:28 a.m.6 views

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号,被爆出高危漏洞,该漏洞影响范围较广,windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击,该服务器漏洞利用方式是通过远程桌面端口3389,RDP协议进行攻击的...

10CVSS7.1AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2019/11/21 12:43 p.m.6 views

POC-T

This is a Python-based penetration testing framework called POC-T. It is a concurrent framework that allows users to perform various types of attacks, including vulnerability verification, file upload, weak password cracking, and more. The framework has a modular design, with each module...

7AI score
Exploits0
Gitee
Gitee
added 2019/11/19 9:33 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...

9.3CVSS7AI score0.99945EPSS
Exploits33
Gitee
Gitee
added 2019/10/27 5:27 p.m.6 views

Exploit for CVE-2013-0422

K8tools 20191024 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 K8Cscan5.4 大型内网渗透扫描器内置28个功能,支持Cobalt Strike + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 +...

10CVSS6.5AI score0.99913EPSS
Exploits116
Gitee
Gitee
added 2019/10/16 5:5 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The target product/service or framework is docker and docker-compose. The vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry...

7.2AI score
Exploits0
Gitee
Gitee
added 2019/10/11 12:3 a.m.6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The...

9.8CVSS8.2AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2019/09/19 3:47 p.m.6 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for ActiveMQ. It is a proof-of-concept PoC exploit for CVE-2016-3088. The tool is designed to upload a shell to the ActiveMQ server and execute it, allowing for remote code execution. The tool is written in Python and uses the urlparse and urlunparse modules t...

9.8CVSS8.9AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2019/08/09 3:36 p.m.6 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a local privilege escalation. The exploit is implemented in C++ and has been ported to Go and a legacy version without C++11 features. The exploit modifies the /etc/passwd file, forcing the password...

7.2CVSS7AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2019/07/19 6:50 p.m.6 views

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research and exploitation. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is maintained by GeneBlue and appears to be a...

6.9AI score
Exploits0
Gitee
Gitee
added 2019/07/17 8:59 a.m.6 views

vulhub

It is an offensive tool for Vulnerability Research. The repository, vulhub, is a collection of pre-built vulnerable environments based on Docker-Compose. It is designed to be used for vulnerability research and testing, allowing users to easily create and manage vulnerable environments without...

7.8AI score
Exploits0
Gitee
Gitee
added 2019/07/03 2:45 p.m.6 views

icsmaster

This is a collection of resources for ICS/SCADA security, including papers, exploit scripts, firmware, Nmap scripts, protocol libraries, and tools. The repository is organized into several categories, including: Papers: A collection of research papers on ICS/SCADA security, including topics such ...

7.1AI score
Exploits0
Gitee
Gitee
added 2019/05/13 10:53 a.m.6 views

ATSCAN

This is a tool called ATSCAN, a mass exploitation scanner. It is a Perl script that can be used to scan for various types of vulnerabilities, including XSS, LFI/RFI, and SQL injection. The tool can also be used to filter WordPress and Joomla sites, find admin pages, and perform other tasks. The...

8AI score
Exploits0
Gitee
Gitee
added 2019/05/06 10:2 p.m.6 views

Scanners-Box

This is a collection of open-source scanning tools and wordlists for web application security testing. The repository, Scanners-Box, is a collection of tools from various contributors, including lijiejie, ringzero, and others. The tools are categorized into subdomains, database vulnerability...

6.8AI score
Exploits0
Gitee
Gitee
added 2019/04/08 9:33 a.m.6 views

Exploit for CVE-2013-0422

K8tools 20190403 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools 密码: k8gege k8team K8team PS: 不定期更新,文件比较大,可按需下载。 提权工具均可在远控cmd或WebShell下运行,大部份经过修改重新编译兼容性稳定性比网上要好 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt K8飞刀漏洞利用列表...

10CVSS9.1AI score0.99448EPSS
Exploits97
Gitee
Gitee
added 2018/11/13 10:27 a.m.6 views

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable docker environments, including a web application vulnerable to various attacks. The tool is designed to help developers and security researchers test and demonstrate the effectiveness of web...

7AI score
Exploits0
Gitee
Gitee
added 2018/08/16 6:0 p.m.6 views

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass, CodeExecution, and others. The AntivirusBypass module contain...

7.6AI score
Exploits0
Gitee
Gitee
added 2018/07/10 5:52 p.m.6 views

exploit-database-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The aim is to serve as the most...

7.8AI score
Exploits0
Gitee
Gitee
added 2017/12/04 10:30 p.m.6 views

Exploit for Race Condition in Linux Linux_Kernel

This is a PoC exploit for CVE-2017-1000405, also known as the Huge Dirty Cow vulnerability. The target product/service is the Linux kernel, and the vulnerability class/vector is a use-after-free bug in the handling of transparent huge pages. The probable entry point is the main.c file, which...

7CVSS6.5AI score0.02841EPSS
Exploits9
Total number of security vulnerabilities1886