Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2022/04/24 4:27 p.m.5 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool is designed to demonstrate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...

6.4AI score
Exploits0
Gitee
Gitee
added 2022/04/18 5:23 p.m.5 views

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...

7.1AI score
Exploits0
Gitee
Gitee
added 2022/04/08 11:20 a.m.5 views

Exploit for SQL Injection in Zabbix

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and Oracle Java. The repository is maintained by phith0n and is hosted on GitHub...

9.8CVSS7.2AI score0.83284EPSS
Exploits60
Gitee
Gitee
added 2022/01/30 10:53 a.m.5 views

redis-rce

PoC exploit for Redis RCE Remote Code Execution in Redis 4.x/5.x. The exploit is inspired by Redis post-exploitation techniques and is based on a modified version of the Redis Rogue Server. The exploit uses the RedisModules-ExecuteCommand library to load a custom Redis module, which allows for...

8.4AI score
Exploits0
Gitee
Gitee
added 2022/01/02 5:10 p.m.5 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly stated, but the tool includes various web application vulnerabilities such as Burt Force brute force, XSS cross-site scripting, CSRF cross-site request forgery, SQL-Inject SQL injection, RCE remote...

6.3AI score
Exploits0
Gitee
Gitee
added 2021/12/15 11:14 a.m.5 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to demonstrate various web security vulnerabilities, including Burt Force, XSS, CSRF, SQL-Inject, RCE, Files Inclusion, Unsafe file downloads, Unsafe file upload...

6AI score
Exploits0
Gitee
Gitee
added 2021/11/25 8:4 p.m.5 views

vulhub

This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/11/22 9:20 a.m.5 views

HikPwn

This is an offensive tool for Hikvision devices. The tool, named HikPwn, is a simple scanner written in Python 3.8 that performs basic vulnerability scanning capabilities. It was created by Ananke and is available on GitHub. The tool has several functions and characteristics, including passive an...

6.8AI score
Exploits0
Gitee
Gitee
added 2021/11/21 12:0 a.m.5 views

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/11/18 11:34 p.m.5 views

Exploit for Improper Input Validation in Drupal

PoC exploit for CVE-2018-7600, a remote code execution vulnerability in Drupal. The target product/service is Drupal, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the 'user/register' page, and the exploit is typically invoked by running the...

9.8CVSS8.9AI score0.99993EPSS
Exploits46
Gitee
Gitee
added 2021/11/18 9:46 p.m.5 views

OffensiveRust

This is a collection of Rust code snippets, each implementing a different type of exploit or malicious functionality. The code is organized into several subdirectories, each containing a specific exploit or tool. Here's a summary of the code and its functionality: 1. AllocateWithSyscalls: This co...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/11/12 12:50 p.m.5 views

Kunyu

This is a Python-based tool called Kunyu, which is designed for more efficient corporate asset collection and network surveying and mapping. The tool is intended for security-related practitioners to use in their work. The tool's primary function is to identify and collect information about asset...

7AI score
Exploits0
Gitee
Gitee
added 2021/11/08 11:20 a.m.5 views

nuclei-templates

This repository is an offensive tool for nuclei templates, which are used to find security vulnerabilities in applications. The primary CVE ID present in the context is not explicitly mentioned, but the repository contains a workflow for CVE annotation. The target product/service or framework is...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/10/29 2:36 p.m.5 views

ICSwiki

This is an offensive tool for ICS Industrial Control Systems testing. It is a collection of scripts and tools for identifying and exploiting vulnerabilities in ICS protocols, specifically IEC-60870-5-104 and IEC-61850-8-1. The tool is designed to send identify requests and extract vendor name,...

7AI score
Exploits0
Gitee
Gitee
added 2021/10/23 11:46 p.m.5 views

aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly stated in the provided context, but the tool is mentioned in a research paper that was accepted for publication at the IEEE International Conference on Software Testing, Verification and Validation ICST 2020. The...

6.8AI score
Exploits0
Gitee
Gitee
added 2021/10/22 9:52 p.m.5 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...

9.8CVSS7.3AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2021/10/17 12:1 a.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...

9.3CVSS7AI score0.99945EPSS
Exploits33
Gitee
Gitee
added 2021/10/16 11:59 p.m.5 views

HackTools

This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...

8.2AI score
Exploits0
Gitee
Gitee
added 2021/10/16 11:59 p.m.5 views

PocCollect

This is a Python-based proof-of-concept POC collection repository. The repository contains a variety of POCs for different vulnerabilities, including Struts2, Heartbleed, and Java Deserialization. The POCs are designed to be used for educational purposes only and should not be used for malicious...

7AI score
Exploits0
Gitee
Gitee
added 2021/10/11 11:56 a.m.5 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 复现 https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited v2.4.49 apache 独有漏洞,早期版本中并没有 apnormalizepath 这个函数,该函数是在v2.4.49版本中引入的,正是这个函数导致了 目录穿越,在 v2.4.50 被修复了 环境 https://github.com/1nhann/CVE-2021-41773 本环境中,加载了 cgi 模块: ini LoadModule...

7.5CVSS9.1AI score0.99992EPSS
Exploits148
Gitee
Gitee
added 2021/10/09 2:52 p.m.5 views

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...

8.8CVSS8.4AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/27 11:2 p.m.5 views

ctf

It is an offensive tool for reverse engineering. The repository contains a binary decompiler for a "Magic Word" challenge, which appears to be a reverse engineering exercise. The code is written in C++ and utilizes the basicstring class from the C++ Standard Library. The decompiled main function ...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/09/27 3:6 p.m.5 views

Red-Teaming-Toolkit

This is a collection of open source and commercial tools that aid in red team operations. The repository includes tools for reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating privileges, data exfiltration, and miscellaneous...

7AI score
Exploits0
Gitee
Gitee
added 2021/09/27 3:4 p.m.5 views

PrintNightmare

This is a PoC Proof of Concept exploit for the Print Nightmare vulnerability, which affects Windows Print Spooler service. The repository contains a Visual Studio solution file EXP/POC.sln that includes a C++ project POC with a main function. The project uses the RPC Remote Procedure Call client...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/09/27 2:59 p.m.5 views

Exploit for OS Command Injection in Dlink Dir-859_Firmware

IoT-vulhub 受 Vulhub 项目的启发,希望做一个 IoT 版的固件漏洞复现环境。 安装 在 Ubuntu 20.04 下安装 docker 和 docker-compose: sh 安装 pip $ curl -s https://bootstrap.pypa.io/get-pip.py | python3 安装最新版 docker $ curl -s https://get.docker.com/ | sh 启动 docker 服务 $ systemctl start docker 安装 docker-compose $ python3 -m pip install...

10CVSS9.6AI score0.89624EPSS
Exploits8
Gitee
Gitee
added 2021/09/27 2:59 p.m.5 views

Exploit for CVE-2021-1675

C and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527...

9.3CVSS8.9AI score0.99759EPSS
Exploits75
Gitee
Gitee
added 2021/09/27 2:39 p.m.5 views

Exploit for CVE-2013-6026

PoC exploit for CVE-2013-6026 Joel's Backdoor in D-Link routers. The target product/service is D-Link routers, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the administration panel of the router, which can be accessed without authentication due to t...

10CVSS7.8AI score0.0768EPSS
Exploits4
Gitee
Gitee
added 2021/09/17 12:51 p.m.5 views

Exploit for CVE-2021-3129

It is an exploit module for CVE-2021-3129. The target product/service is Laravel, a PHP web framework. The vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the Laravel application itself, likely through a web interface. Not specified...

9.8CVSS10AI score0.99943EPSS
Exploits36
Gitee
Gitee
added 2021/09/16 1:42 p.m.5 views

vulhub

This repository is an offensive tool for building vulnerable environments based on Docker-Compose. It contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The repository is maintained by phith0n and is licensed under the MIT...

7.9AI score
Exploits0
Gitee
Gitee
added 2021/09/12 12:47 p.m.5 views

Exploit for Path Traversal in Microsoft

This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...

8.8CVSS8.4AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/03 11:47 p.m.5 views

Exploit for Out-of-bounds Write in Linux Linux_Kernel

PoC exploit for CVE-2021-22555, a heap out-of-bounds write affecting Linux since v2.6.19-rc1, discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user namespace. The exploit is tested on Ubuntu 5.8.0-48-generic and CO...

8.3CVSS7.7AI score0.78684EPSS
Exploits21
Gitee
Gitee
added 2021/08/17 12:2 a.m.5 views

probench_aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly mentioned in the provided context; however, the tool is designed to fuzz network protocols, which may lead to the discovery of vulnerabilities. The target product/service or framework is network protocols, and the...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/08/16 4:49 p.m.5 views

CDK

This is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help escape container and takeover K8s cluster easily. The toolkit i...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/08/15 11:41 p.m.5 views

POChouse

Based on the provided context, here is a summary of the analysis: Classification: Apache Flink 1.9.x has a vulnerability that allows for arbitrary command execution and reverse shell through malicious JAR package upload. Affected Version: = 1.9.1 POC: The proof-of-concept POC code is written in...

9.1AI score
Exploits0
Gitee
Gitee
added 2021/07/31 11:54 a.m.5 views

SpringBootVulExploit

This repository is an offensive tool for exploiting Spring Boot vulnerabilities. It contains a collection of exploits and techniques for various Spring Boot versions, including: 1. Spring Boot 1.0 - 1.4: Exposes actuators by default without any parameters, making it vulnerable to RCE Remote Code...

7.6AI score
Exploits0
Gitee
Gitee
added 2021/07/30 3:39 p.m.5 views

Exploit-Writeups

The repository whuadmin/Exploit-Writeups is a collection of writeups for various CTF Capture The Flag challenges. The writeups cover a range of topics, including reverse engineering, pwnables, and cryptography. The first challenge is "crackme01" from EncryptCTF-2019, which is a reverse engineerin...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/07/27 11:11 a.m.5 views

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "whoami" 功能二:批量命令回显 python3...

10CVSS9.7AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/07/26 8:46 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the collection includes various vulnerable environments, such as flask/ssti, which is a vulnerable Flask web application with a Server-Side Template Injection SSTI...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/07/25 3:7 p.m.5 views

impacket1472

This is a Python library called Impacket, which provides a collection of classes for working with network protocols. The library is focused on providing low-level programmatic access to the packets and for some protocols e.g. SMB1-3 and MSRPC the protocol implementation itself. The library includ...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/07/23 4:44 p.m.5 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pi-Hole

PoC exploit for CVE-2020-11108; an RCE and privilege escalation in Pi-hole. The exploit targets Pi-hole = 4.4 and must be run with root privileges. The primary entry point is the cve-2020-11108-rce.py script, which will give a shell as the www-data user, and the root-cve-2020-11108-rce.py script,...

9CVSS8.6AI score0.78262EPSS
Exploits17
Gitee
Gitee
added 2021/07/15 10:48 a.m.5 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and frameworks. The primary vulnerability class/vector targeted by this repository is not explicitly stated, but based on the code and metadata, it appears to be a...

8.7AI score
Exploits0
Gitee
Gitee
added 2021/07/13 10:52 a.m.5 views

marshalsec

This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting BlazeDS AMF Action Message Format versions 0, 3, and X. The tool, named "marshalsec," is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remot...

8.7AI score
Exploits0
Gitee
Gitee
added 2021/06/30 9:48 a.m.5 views

POChouse

Based on the provided information, the vulnerability is a remote code execution RCE vulnerability in Apache Flink 1.9.x. The vulnerability allows an attacker to upload a malicious JAR package, which can be executed by the JobManager process, leading to RCE. The affected versions of Apache Flink a...

8AI score
Exploits0
Gitee
Gitee
added 2021/06/27 9:35 p.m.5 views

charlotte

This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Win32 API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and difficult to detect. The code is written in C++ a...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/06/21 10:41 a.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept POC exploit for CVE-2020-0796, a vulnerability in the SMBv3 protocol. The exploit is implemented in Python and uses the Impacket library to interact with the SMB protocol. The exploit targets the SMBv3 protocol's signing requirement, which can be bypassed to allow for...

10CVSS8.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/06/17 9:51 a.m.5 views

vulhub

This repository is an open-source collection of vulnerable web applications and environments for testing and learning purposes. It is maintained by phith0n and hosted on GitHub. The repository contains a variety of applications, including web servers, databases, and other services, that are...

6.8AI score
Exploits0
Gitee
Gitee
added 2021/06/10 9:19 p.m.5 views

pentestdb

This is an offensive tool for penetration testing. It is a Python-based tool called "pentestdb" that provides a collection of tools and resources for penetration testing, including exploit development, vulnerability scanning, and password cracking. The tool is designed to be easy to use and...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/06/05 7:25 p.m.5 views

charlotte

It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/06/03 10:21 a.m.5 views

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more. The environments are designed to be easily reproducible and can be used for testing and training...

7AI score
Exploits0
Gitee
Gitee
added 2021/05/30 10:2 a.m.5 views

awesome-windows-exploitation

This is a curated list of Windows exploitation resources and tools. The repository is a collection of articles, tutorials, and tools for Windows exploitation, including stack overflows, heap overflows, and kernel-based Windows overflows. The list includes resources such as articles from Phrack, a...

6.8AI score
Exploits0
Total number of security vulnerabilities1886