Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/06/07 1:33 p.m.5 views

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. The framework is written in Ruby and provides a comprehensive set of modules for exploiting vulnerabilities, conducting social engineering attacks, and gathering information about targets. The repository contains...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/06/05 2:28 p.m.5 views

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool. It is primarily used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, and SQL injection. T...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/06/04 11:41 a.m.5 views

vulhub

It is an offensive tool for web application security training. The target product/service or framework is a collection of vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is various, including SQL injection, cross-site...

8AI score
Exploits0
Gitee
Gitee
added 2020/06/01 10:45 p.m.5 views

vulhub2

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and Jenkins. The probable entry points are the...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/05/27 2:46 p.m.5 views

Exploit for Expression Language Injection in Sonatype Nexus

Nexus Repository Manager 3 Vuln 影响版本:= 3.21.2 CVE-2020-10199、CVE-2020-10204、CVE-2020-11444 CVE-2020-10199 远程代码命令执行 回显poc 不回显poc $\A''.getClass.forName'java.lang.Runtime'.getMethods6.invokenull.exec'touch /tmp/cve-2020-10199' 普通用户权限 /service/rest/beta/repositories/go/group 需要管理员权限 1...

9CVSS9.4AI score0.99064EPSS
Exploits12
Gitee
Gitee
added 2020/05/26 11:40 p.m.5 views

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, a vulnerability in Microsoft Remote Desktop. The tool, named rdpscan, is designed to scan networks for vulnerable machines. It is based on the rdesktop patch from https://github.com/zerosum0x0/CVE-2019-0708. The tool can be compiled on Windows, macOS, and...

10CVSS7.7AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/05/20 7:43 p.m.5 views

penetration

This repository contains a collection of penetration testing files, primarily targeting various Content Management Systems CMS and web applications. The files are organized by the CMS or application they target, with each folder containing multiple files related to specific vulnerabilities or...

8.4AI score
Exploits0
Gitee
Gitee
added 2020/05/19 4:6 p.m.5 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含: 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书:https://www.jianshu.com/p/6649118ba7b6...

9.8CVSS8.9AI score0.99448EPSS
Exploits69
Gitee
Gitee
added 2020/05/19 9:53 a.m.5 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:https://vulners.com/cve/CVE-2017-3506 早期,黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击,有大量企业的服务器被攻陷,且被攻击企业数量呈现明显上升趋势,需要引起高度重视。其中,CVE-2017-3506是一个利用Oracle WebLogic中WLS 组件的远程代码执行漏洞,属于没有公开细节的野外利用漏洞,大量企业尚未及时安装补丁。官方在 2017 年 4 月份就发布了该漏洞的补丁。 CVE-2017-3506补丁说明: public...

7.5CVSS7.2AI score0.99993EPSS
Exploits46
Gitee
Gitee
added 2020/05/11 9:0 p.m.5 views

Exploit for Observable Discrepancy in Linux Linux_Kernel

This is an offensive tool for fuzzing. It is a PoC exploit for CVE-2021-34556, but the primary focus is on fuzzing and testing the robustness of software. The tool is called AFLplusplus, which is an enhanced version of the original AFL American Fuzzy Lop tool. The target of the tool is not...

5.5CVSS7.1AI score0.00419EPSS
Exploits2
Gitee
Gitee
added 2020/05/06 11:13 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/05/06 3:20 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

10CVSS7.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/04/18 8:3 a.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2020/04/15 4:24 p.m.5 views

awesome-jenkins-rce-2019

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/04/01 5:13 p.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class/vector targeted by this repository is Server-Side Template Injection SSTI, specifically in Flask applications. Th...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/04/01 2:5 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

10CVSS7.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/03/28 12:47 a.m.5 views

Scanners-Box

This repository, Scanners-Box, is a powerful hacker toolkit that collects more than 10 categories of open-source scanners from GitHub. It includes subdomain, database, middleware, and other modular design scanners, but excludes well-known scanning tools such as Awvs, Nmap, and W3af. The toolkit i...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/28 12:42 a.m.5 views

PSKernel-Primitives

This repository contains a collection of PowerShell primitives for fuzzing and exploitation. The primitives are designed to be used in a Windows environment and are intended for use in red teaming and penetration testing. The repository includes the following primitives: 1. Alloc-NullPage.ps1:...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/27 2:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/03/20 7:24 p.m.5 views

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2019-0708, a vulnerability in the Windows Remote Desktop Client. The target product/service is Windows Remote Desktop Client, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the poc.py script, which is invoked by...

10CVSS7.6AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/03/20 6:49 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is Windows SMBv3. The vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the scanner.py script, which sends a specially crafted SMB packet to the target server to check for vulnerability. Notab...

10CVSS9.7AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/03/18 5:23 p.m.5 views

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/03/14 1:4 p.m.5 views

vulhub

It is an offensive tool for vulnerability research and education. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily create and experiment with vulnerable systems for research and educational purposes. The tool is designed to be...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/10 12:0 a.m.5 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains a collection of vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no prior knowledge of Docker. The repository...

9.8CVSS7.2AI score0.99686EPSS
Exploits46
Gitee
Gitee
added 2020/03/08 1:25 p.m.5 views

PowerShell-Suite

This is a PowerShell script called Bypass-UAC, which is designed to bypass User Account Control UAC on Windows systems. The script uses a technique called "auto-elevating IFileOperation COM object method calls" to achieve this. The script supports several methods for bypassing UAC, including:...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/08 10:44 a.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2020/03/07 8:42 a.m.5 views

SCANNER-INURLBR

It is an offensive tool for web application vulnerability scanning and exploitation. The primary CVE ID present in the provided context is not explicitly stated, but the tool is designed for Google Hacking and advanced searches to find potential vulnerabilities in web applications. The target...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/03/04 4:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not specified, but the environments are...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/03/01 2:16 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which are used t...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/02/28 7:41 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments, including web applications and services. The probable entry points...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/02/25 7:20 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/02/11 11:51 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The environments are designed to be easy to use and require no pre-existing knowledge of...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/02/10 10:5 p.m.5 views

exploit-database-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The aim is to provide a...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/02/10 3:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points are not explicitly stated, but the environments are likely to be...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/02/08 5:19 p.m.5 views

PowerSploit

This is an offensive tool for Windows PowerShell. It is a collection of PowerShell modules for various purposes, including code execution, DLL injection, and antivirus bypass. The tool is part of the PowerSploit framework, which is a collection of PowerShell modules for penetration testing and re...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/02/07 10:24 p.m.5 views

icsmaster

This repository is an offensive tool for ICS/SCADA security research, containing various resources and scripts for exploiting vulnerabilities in industrial control systems. The repository is organized into several sections, including a collection of papers on ICS/SCADA security, exploit scripts,...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/02/07 7:35 p.m.5 views

penetration

This is a collection of 0-day exploits and vulnerabilities in various web applications, including CreateLive CMS, DVBBS, and others. The exploits are primarily SQL injection attacks, which allow an attacker to inject malicious SQL code into the database to extract or modify sensitive data. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/02/04 3:39 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research. The target product/service or framework is a collection of pre-built vulnerable docker environments, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is various, including SSTI Server-Side Template Injection, RCE Remot...

8AI score
Exploits0
Gitee
Gitee
added 2020/01/05 7:25 p.m.5 views

exploitdb-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the...

7AI score
Exploits0
Gitee
Gitee
added 2019/12/23 3:11 p.m.5 views

PayloadsAllTheThings

This is an offensive tool repository for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass techniques for various web application vulnerabilities. The repository includes tools and scripts for exploiting vulnerabilities such as CRLF injection, CSRF...

7.5AI score
Exploits0
Gitee
Gitee
added 2019/12/13 3:7 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The vulnerability class/vector is SSTI. The probable entry point is the...

8.3AI score
Exploits0
Gitee
Gitee
added 2019/11/20 11:16 p.m.5 views

shadowbroker

This repository, ximakou9/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, as well as a file listing of the contents of the repository...

7.4AI score
Exploits0
Gitee
Gitee
added 2019/11/12 11:1 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not explicitly stated, but the environments are...

8.1AI score
Exploits0
Gitee
Gitee
added 2019/11/12 4:53 p.m.5 views

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

10CVSS7AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2019/10/16 11:39 p.m.5 views

razzer

It is an offensive tool for Linux kernel exploitation. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to exploit kernel vulnerabilities, particularly those related to race conditions. The tool, named Razzer, is a kernel fuzzer that uses a modified...

6.5AI score
Exploits0
Gitee
Gitee
added 2019/10/16 9:23 a.m.5 views

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

7.7AI score
Exploits0
Gitee
Gitee
added 2019/10/05 6:47 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research and Training. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose. The primary vulnerability is not explicitly stated, but the repository includes various vulnerable environments, such as Flask SSTI, Apache...

6.8AI score
Exploits0
Gitee
Gitee
added 2019/08/19 6:2 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2019/08/16 11:16 a.m.5 views

Intranet_Penetration_Tips

It is an offensive tool for network penetration. The repository contains some internal penetration tips compiled in early 2018, but has since been updated slowly. The author has made the repository public in hopes of collaborating with others to update and maintain it...

7AI score
Exploits0
Gitee
Gitee
added 2019/07/31 9:45 a.m.5 views

penetration

This repository contains a collection of exploit code and proof-of-concept PoC attacks targeting various web applications, including CMS platforms. The exploits are categorized by the affected product or service, and the vulnerability class or vector is identified. The exploits are: 1. 0day &...

8.8AI score
Exploits0
Total number of security vulnerabilities1886