Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/03/27 2:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/03/20 7:24 p.m.5 views

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2019-0708, a vulnerability in the Windows Remote Desktop Client. The target product/service is Windows Remote Desktop Client, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the poc.py script, which is invoked by...

10CVSS7.6AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/03/20 6:49 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is Windows SMBv3. The vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the scanner.py script, which sends a specially crafted SMB packet to the target server to check for vulnerability. Notab...

10CVSS9.7AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/03/18 5:23 p.m.5 views

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/03/16 12:53 p.m.5 views

icsmaster

This is an offensive tool repository for industrial control system ICS security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several categories, including a directory of...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/03/14 1:4 p.m.5 views

vulhub

It is an offensive tool for vulnerability research and education. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily create and experiment with vulnerable systems for research and educational purposes. The tool is designed to be...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/10 12:0 a.m.5 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains a collection of vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no prior knowledge of Docker. The repository...

9.8CVSS7.2AI score0.99686EPSS
Exploits46
Gitee
Gitee
added 2020/03/08 1:25 p.m.5 views

PowerShell-Suite

This is a PowerShell script called Bypass-UAC, which is designed to bypass User Account Control UAC on Windows systems. The script uses a technique called "auto-elevating IFileOperation COM object method calls" to achieve this. The script supports several methods for bypassing UAC, including:...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/08 10:44 a.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2020/03/04 4:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not specified, but the environments are...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/03/01 2:16 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which are used t...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/02/28 7:41 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments, including web applications and services. The probable entry points...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/02/25 7:20 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/02/11 11:51 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The environments are designed to be easy to use and require no pre-existing knowledge of...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/02/10 10:5 p.m.5 views

exploit-database-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The aim is to provide a...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/02/10 3:37 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points are not explicitly stated, but the environments are likely to be...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/02/08 5:19 p.m.5 views

PowerSploit

This is an offensive tool for Windows PowerShell. It is a collection of PowerShell modules for various purposes, including code execution, DLL injection, and antivirus bypass. The tool is part of the PowerSploit framework, which is a collection of PowerShell modules for penetration testing and re...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/02/07 10:24 p.m.5 views

icsmaster

This repository is an offensive tool for ICS/SCADA security research, containing various resources and scripts for exploiting vulnerabilities in industrial control systems. The repository is organized into several sections, including a collection of papers on ICS/SCADA security, exploit scripts,...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/02/07 7:35 p.m.5 views

penetration

This is a collection of 0-day exploits and vulnerabilities in various web applications, including CreateLive CMS, DVBBS, and others. The exploits are primarily SQL injection attacks, which allow an attacker to inject malicious SQL code into the database to extract or modify sensitive data. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/02/04 3:39 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research. The target product/service or framework is a collection of pre-built vulnerable docker environments, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is various, including SSTI Server-Side Template Injection, RCE Remot...

8AI score
Exploits0
Gitee
Gitee
added 2020/01/05 7:25 p.m.5 views

exploitdb-bin-sploits

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the...

7AI score
Exploits0
Gitee
Gitee
added 2020/01/02 5:1 p.m.5 views

Exploit for CVE-2018-11776

Struts2-057/CVE-2018-11776两个版本RCE漏洞分析(含EXP) Ivan@360云影实验室 2018年08月24日 0x01 前言 ========= 2018年8月22日,Apache Strust2发布最新安全公告,Apache Struts2存在远程代码执行的高危漏洞(S2-057/CVE-2018-11776),该漏洞由Semmle Security Research team的安全研究员Man YueMo发现。该漏洞是由于在Struts2开发框架中使用namespace功能定义XML配置时,namespace值未被设置且在上层动作配置(Action...

9.3CVSS9.1AI score0.99993EPSS
Exploits41
Gitee
Gitee
added 2019/12/13 3:7 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The vulnerability class/vector is SSTI. The probable entry point is the...

8.3AI score
Exploits0
Gitee
Gitee
added 2019/11/20 11:16 p.m.5 views

shadowbroker

This repository, ximakou9/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, as well as a file listing of the contents of the repository...

7.4AI score
Exploits0
Gitee
Gitee
added 2019/11/12 11:1 p.m.5 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not explicitly stated, but the environments are...

8.1AI score
Exploits0
Gitee
Gitee
added 2019/11/12 4:53 p.m.5 views

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

10CVSS7AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2019/10/16 11:39 p.m.5 views

razzer

It is an offensive tool for Linux kernel exploitation. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to exploit kernel vulnerabilities, particularly those related to race conditions. The tool, named Razzer, is a kernel fuzzer that uses a modified...

6.5AI score
Exploits0
Gitee
Gitee
added 2019/10/16 9:23 a.m.5 views

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

7.7AI score
Exploits0
Gitee
Gitee
added 2019/10/05 6:47 p.m.5 views

vulhub

It is an offensive tool for Vulnerability Research and Training. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose. The primary vulnerability is not explicitly stated, but the repository includes various vulnerable environments, such as Flask SSTI, Apache...

6.8AI score
Exploits0
Gitee
Gitee
added 2019/08/19 6:2 p.m.5 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2019/08/16 11:16 a.m.5 views

Intranet_Penetration_Tips

It is an offensive tool for network penetration. The repository contains some internal penetration tips compiled in early 2018, but has since been updated slowly. The author has made the repository public in hopes of collaborating with others to update and maintain it...

7AI score
Exploits0
Gitee
Gitee
added 2019/07/31 9:45 a.m.5 views

penetration

This repository contains a collection of exploit code and proof-of-concept PoC attacks targeting various web applications, including CMS platforms. The exploits are categorized by the affected product or service, and the vulnerability class or vector is identified. The exploits are: 1. 0day &...

8.8AI score
Exploits0
Gitee
Gitee
added 2019/07/03 2:11 p.m.5 views

ncu-ad-course-2017-pwn

This repository is an offensive tool for a Capture The Flag CTF challenge. It contains a series of pwn tasks created by the author for the NCU A&D course. The tasks are designed to test the participants' skills in exploiting vulnerabilities and bypassing security measures. The repository includes...

7.9AI score
Exploits0
Gitee
Gitee
added 2019/07/03 2:4 p.m.5 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 在学习Web安全的过程中整合的一些资料。 该repo会不断更新,最近更新日期为:2017/11/2。 同步更新于: chybeta: Web-Security-Learning 带目录 11月2日更新: + 新收录文章: + SQL注入 + sqlmap自带的tamper你了解多少? + XSS + 前端防御从入门到弃坑--CSP变迁 + ssrf + SSRF:CVE-2017-9993 FFmpeg + AVI + HLS + CSRF + CSRF 花式绕过Referer技巧 + 各大SRC中的CSRF技巧 + java-Web +...

7.5CVSS7.7AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2019/07/02 8:39 p.m.5 views

pwn_step_in

This is a collection of C code and Python scripts that demonstrate various heap exploitation techniques. The code is organized into several directories, each containing a specific example. The "heap" directory contains a C program called "forceofhouse" that demonstrates a heap overflow...

7.6AI score
Exploits0
Gitee
Gitee
added 2019/05/19 10:44 a.m.5 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The project is designed to help users learn about vulnerabilities and improve their defensive skills. The repository contains a collection of vulnerable environments, each with its own Docker-Compo...

9.8CVSS7AI score0.38191EPSS
Exploits4
Gitee
Gitee
added 2019/05/10 12:36 p.m.5 views

Pocsuite

This is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team. It is a Python-based framework that supports both Python and JSON formats for proof-of-concept PoC development. The framework provides a powerful proof-of-concept engine and various niche...

7AI score
Exploits0
Gitee
Gitee
added 2019/02/05 7:21 p.m.5 views

exploit

This is an offensive tool for Exploits & Shellcodes. It is a repository of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The repository is a collection of exploits, shellcodes, and papers gathered through direct...

7AI score
Exploits0
Gitee
Gitee
added 2019/01/17 3:39 p.m.5 views

exploitdbddd

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is an...

7.2AI score
Exploits0
Gitee
Gitee
added 2018/10/04 10:50 p.m.5 views

exploitdb-bin-sploits

This repository is an official collection of exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is a valuable resource for those who need actionable data right away. The repository is updated daily with the most recently adde...

7.6AI score
Exploits0
Gitee
Gitee
added 2018/08/06 10:51 a.m.5 views

maltrail

Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It can detect various types of malicious activity, including domain name, URL, IP address, and HTTP User-Agent header value. Maltrail also uses...

7AI score
Exploits0
Gitee
Gitee
added 2018/07/21 12:40 p.m.5 views

2016PilotOneClick

This is a collection of utilities and scripts to gain root access on a 2016 model Honda Pilot head unit and simplify the installation of third-party non-Honda apps. The scripts implement a dirtyCOW exploit to gain root access and use a bash script to automate the installation process. The scripts...

7.2AI score
Exploits0
Gitee
Gitee
added 2016/12/27 10:22 p.m.5 views

exploit-database

This is an official repository of the Exploit Database, a project sponsored by Offensive Security. The repository contains a comprehensive collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit...

6.7AI score
Exploits0
Gitee
Gitee
added 2016/07/18 6:34 p.m.5 views

penetration

相信很多小伙伴都知道XSS测试,至于如何更加有效地插入载荷是一件重复性的高强度劳动工作, 在此本文介绍了一款自动进行插入XSS,并且可以自定义攻击载荷。 这些载荷从几十条到几百条甚至几千条。该脚本也同时包含了一些绕过各种WAF的语句。 0×01 BruteXSS BruteXSS是一个非常强大和快速的跨站点脚本暴力注入。它用于暴力注入一个参数。 该BruteXSS从指定的词库加载多种有效载荷进行注入并且使用指定的载荷和扫描检查这些参数很容易受到XSS漏洞。 得益于非常强大的扫描功能。在执行任务时,BruteXSS是非常准确而且极少误报。...

6AI score
Exploits0
Gitee
Gitee
added 2024/03/05 12:45 p.m.4 views

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of tools and resources for penetration testing and vulnerability assessment. The repository is maintained by Rapid7 and is used by security professionals to identify and exploit vulnerabilities in computer systems and network...

7.1AI score
Exploits0
Gitee
Gitee
added 2023/12/22 10:2 p.m.4 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

10CVSS8.3AI score0.99939EPSS
Exploits182
Gitee
Gitee
added 2023/08/04 2:53 p.m.4 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

水泽-信息收集自动化工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:Ske 团队:0x727,未来一段时间将陆续开源工具,地址:https://github.com/0x727 定位:协助红队人员快速的信息收集,测绘目标资产,寻找薄弱点 语言:python3开发 功能:一条龙服务,只需要输入根域名即可全方位收集相关资产,并检测漏洞。也可以输入多个域名、C段IP等,具体案例见下文。...

9.8CVSS8.9AI score0.99999EPSS
Exploits45
Gitee
Gitee
added 2023/03/20 3:31 p.m.4 views

vulhub

This repository is an offensive tool for a variety of areas, including web application security, container security, and more. It contains a collection of vulnerable environments and tools for testing and learning about various security vulnerabilities. The repository includes a range of tools an...

7.7AI score
Exploits0
Gitee
Gitee
added 2023/03/17 1:53 a.m.4 views

cyber-range-scenarios

This repository is an offensive tool for cloud-based cyber ranges, specifically for training scenarios. It contains a collection of scripts and configurations for simulating various cyber attacks and vulnerabilities, including Shell Shock and libfutex privilege escalation. The repository uses...

8AI score
Exploits0
Gitee
Gitee
added 2022/11/17 8:51 p.m.4 views

Exploit for CVE-2019-2423

This is a malicious LDAP server for JNDI injection attacks, classified as an exploit module/toolkit targeting Java JNDI API. The primary CVE ID is not explicitly mentioned, but the tool is designed to exploit insecure-by-default Java JNDI API, which is related to CVE-2019-2423. The tool targets...

6.1CVSS7.7AI score0.01123EPSS
Exploits1
Total number of security vulnerabilities1886