Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/02/05 8:58 p.m.4 views

pocsuite_poc_collect

It is an offensive tool for vulnerability exploitation...

7AI score
Exploits0
Gitee
Gitee
added 2021/02/02 3:9 p.m.4 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞 0x00 简介 jackson-databind 是隶属 FasterXML 项目组下的JSON处理库。 0x01 漏洞概述 2月19日,NVD发布安全通告披露了jackson-databind由JNDI注入导致的远程代码执行漏洞(CVE-2020-8840),CVSS评分为9.8...

9.8CVSS8.9AI score0.26587EPSS
Exploits5
Gitee
Gitee
added 2021/02/02 2:38 p.m.4 views

vulhub1

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/02/02 12:20 p.m.4 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This repository contains exploits for the CVE-2021-3156 vulnerability, which affects the Linux kernel. The vulnerability allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles the "setuid" system call. The repository contains two exploit files: "exploit.c" a...

7.8CVSS7.3AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/01/31 7:55 p.m.4 views

shadowbroker

This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/29 11:51 a.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability targeted by this repository is not explicitly stated, but it contai...

8.1AI score
Exploits0
Gitee
Gitee
added 2021/01/24 7:1 p.m.4 views

PrivescCheck

This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...

7AI score
Exploits0
Gitee
Gitee
added 2021/01/24 6:58 p.m.4 views

Exploit for CVE-2020-1034

This is a PoC Proof of Concept exploit for CVE-2020-1034, a vulnerability discovered by Microsoft and fixed on August 9, 2020. The exploit targets an unpatched Windows 10 2004, build 19041.488. The exploit code is written in C++ and uses the Windows API to manipulate the system's Event Tracing fo...

7.8CVSS8.7AI score0.04322EPSS
Exploits2
Gitee
Gitee
added 2021/01/24 10:49 a.m.4 views

CDK

It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/24 10:47 a.m.4 views

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...

9CVSS7.9AI score0.18396EPSS
Exploits5
Gitee
Gitee
added 2021/01/24 10:44 a.m.4 views

Exploit for Path Traversal in Citrix Xenmobile_Server

使用方法&免责声明 该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。 使用方法:Python CVE-2020-8209-Multiple.py url.txt 存在漏洞的地址输出在vul.txt中 影响版本: - RP2之前的Citrix XenMobile Server 10.12 - RP4之前的Citrix XenMobile Server 10.11 - RP6之前的Citrix XenMobile Server 10.10 - RP5之前的Citrix XenMobile Server 10.9...

7.5CVSS9.4AI score0.48656EPSS
Exploits3
Gitee
Gitee
added 2021/01/24 10:42 a.m.4 views

Exploit for OS Command Injection in Xstream

CVE-2020-26217 is a remote code execution RCE vulnerability in the XStream library, which is a popular XML serialization library for Java. The vulnerability is present in versions of XStream prior to 1.4.13. The vulnerability is caused by a deserialization issue in the XStream library, which allo...

9.3CVSS8.2AI score0.85001EPSS
Exploits7
Gitee
Gitee
added 2021/01/21 12:31 a.m.4 views

CTF-All-In-One

This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/20 11:25 a.m.4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

It is an exploit module for CVE-2017-11882. This exploit targets a vulnerability in the Apache Struts framework, specifically a Remote Code Execution RCE vulnerability in the Jakarta Multipart parser. The probable entry point is the exploit.py script. Not specified how it is typically invoked. Th...

9.3CVSS7.5AI score0.99945EPSS
Exploits33
Gitee
Gitee
added 2021/01/20 9:20 a.m.4 views

HackTools

This is a browser extension for penetration testing, called HackTools. It is a comprehensive tool for web application penetration testing, providing various features such as dynamic shell generation, XSS payload, SQL injection payload, local file inclusion payloads, base64 encoding/decoding, hash...

7.3AI score
Exploits0
Gitee
Gitee
added 2021/01/15 4:1 p.m.4 views

PayloadsAllTheThings

It is an offensive tool for general-purpose. This repository contains a collection of payloads for various purposes, including exploitation and testing. The payloads are not specifically tied to a particular CVE or GHSA ID. The target product/service or framework is not explicitly stated, but the...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/01/10 9:44 p.m.4 views

Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...

7.1CVSS7.2AI score0.00194EPSS
Exploits1
Gitee
Gitee
added 2021/01/09 1:3 a.m.4 views

browser_pwn

This repository is an offensive tool for browser exploitation. It contains a proof-of-concept PoC exploit for a vulnerability in the V8 JavaScript engine, which is used by Google Chrome and other browsers. The exploit targets a vulnerability in the V8 engine that allows for type confusion attacks...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/06 12:27 p.m.4 views

Exploit for OS Command Injection in Intelliantech Aptus_Web

It is a PoC exploit for CVE-2020-7980, a remote code execution vulnerability in Intellian Satellite controller Intellian Aptus Web. The exploit targets the vulnerability class/vector of RCE Remote Code Execution and is implemented as a Python script named satellian.py. The probable entry point is...

10CVSS8.2AI score0.82956EPSS
Exploits7
Gitee
Gitee
added 2020/12/30 9:36 a.m.4 views

ctf_repo

This is a Python script for a CTF Capture The Flag challenge called "FunPwn" from the 2016 ASIS CTF game. The script is designed to automate the game by interacting with the game's console. Here's a breakdown of the script: 1. The script starts by importing the pwn module, which is a Python libra...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/22 11:41 p.m.4 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository lpker123/PayloadsAllTheThings contains various payloads for different purposes, but no specific exploit or vulnerability is mentioned. The provided code snippet is a funding.yml file, which lists supported funding platforms for...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/12/18 5:12 p.m.4 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of vulnerable Docker environments, which can be used for testing and training purposes. The environments are pre-built and can be easily deployed using Docker and Docker Compose. The repository includes a variet...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/12/15 12:33 p.m.4 views

vulhubs

It is an offensive tool for web application security training. The primary vulnerability targeted by this tool is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable docker environments for web application security training. The tool...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/12/13 11:17 p.m.4 views

vulhub

It is an offensive tool for Docker environments. The primary vulnerability is not specified, but the repository contains a collection of vulnerable Docker environments, including CouchDB, FFmpeg, Git, InfluxDB, and others. The environments are designed to be vulnerable to various attacks, allowin...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/13 1:43 a.m.4 views

vulhub1

It is an offensive tool for web application security training. The repository contains a collection of vulnerable docker environments for web application security training. The tool is designed to be easy to use, requiring only two simple commands to set up a vulnerable environment. The tool is...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/10 2:28 a.m.4 views

PolyAsciiShellGen

It is an offensive tool for x86 platforms. The primary CVE ID present in the provided context is not explicitly stated, but the tool is related to bypassing MSB data filters for buffer overflow exploits on Intel x86 platforms, as described in the paper "Bypassing MSB Data Filters for Buffer...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/08 8:37 p.m.4 views

Exploit for CVE-2020-0797

This repository is a PoC exploit for CVE-2020-0796, a wormable SMBv3 vulnerability. The vulnerability allows an attacker to execute code on a target SMB Server or SMB Client by sending a specially crafted packet. The exploit is implemented in Python and uses the socket library to send a packet to...

10CVSS9.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/12/04 4:44 p.m.4 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability addressed by the repository is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The repository contains two main files:...

9.8CVSS7.1AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2020/12/02 11:16 a.m.4 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, also known as the Dirty Cow vulnerability. The exploit targets Linux systems and uses the Dirty Cow vulnerability to gain root access. The vulnerability allows an attacker to write to a read-only page in memory, which can be used to execute arbitrary code...

7.2CVSS7.8AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2020/12/01 4:32 p.m.4 views

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...

8AI score
Exploits0
Gitee
Gitee
added 2020/11/28 12:15 p.m.4 views

Hacking-Cheatsheet

It is an offensive tool for network scanning and enumeration. The primary CVE ID is not present in the provided context. The target product/service or framework is Nmap, a network scanning and exploration tool. The vulnerability class/vector is not explicitly stated, but the tool is used for...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/11/27 10:58 a.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploits and research materials. The repository includes various projects, each targeting a specific vulnerability in Spring Boot applications. The vulnerabilities include: 1. JNDI Object deserialization RCE Remote Code Execution ...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/26 8:56 a.m.4 views

shadowbroker

This repository contains a collection of exploits and tools, including the "Lost In Translation" leak from the Shadow Brokers. The repository includes exploits for various vulnerabilities, such as RedHat 7.0-7.1 Sendmail 8.11.x, Solaris 6, 7, 8, 9 & 10, and Samba 3.0.x Linux. The exploits are...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/24 11:3 p.m.4 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/23 10:35 a.m.4 views

pwntools

This is an offensive tool for binary exploitation. It is a Python library called pwntools, which provides a set of tools for binary exploitation and reverse engineering. The library is designed to be used by security researchers and penetration testers to identify and exploit vulnerabilities in...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/11/18 3:32 p.m.4 views

isf

This is a Python-based framework for Industrial Control System ICS exploitation, similar to Metasploit. It's called ICSSploit and is a fork of the routersploit project. The framework is designed to be used for penetration testing and vulnerability assessment of industrial control systems. The...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/18 2:28 a.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. The target product/service or framework is docker-compose, the vulnerability class/vector is not...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/11/16 9:59 a.m.4 views

shadowbroker

This repository, csharphpython/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a variety of exploits targeting different systems and vulnerabilities, including: 1. EARLYSHOVEL: a...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/11/14 9:29 p.m.4 views

BurpSuite-collections

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/14 4:33 p.m.4 views

My-PWN-Life

This repository is an exploit for a buffer overflow vulnerability in a binary called "bof". The exploit is written in Python and uses the pwntools library to interact with the binary. The binary is a simple program that takes user input and stores it in a buffer. The buffer is not properly...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/11/11 7:8 p.m.4 views

PoC

PoC exploit for CVE-2018-XXXX-XXXX, Exploit module/targeting Axis Communications MPQT/PACS Heap Overflow and Information Leakage. The exploit targets a heap overflow vulnerability in the Axis Communications MPQT/PACS series, which allows for information leakage and heap overflow. The vulnerabilit...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/11/11 5:10 p.m.4 views

vulhub

It is an offensive tool for Vulnerability Research. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to test and research vulnerabilities without requiring prior knowledge of Docker. The tool is designed to be user-friendly, with a simple two-comman...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/09 4:57 p.m.4 views

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several sections, including a directory of...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/11/05 4:41 p.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/11/05 3:28 p.m.4 views

Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor  ✔  8388  18:32:43...

7.2CVSS7AI score0.37597EPSS
Exploits9
Gitee
Gitee
added 2020/11/03 7:53 p.m.4 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...

9.8CVSS7AI score0.93143EPSS
Exploits9
Gitee
Gitee
added 2020/11/01 11:56 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The target product/service or framework varies depending on the specific environment...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/10/29 5:19 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a collection of docker-compose files that can be used to create vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no pre-existing knowledge of...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/10/29 4:35 p.m.4 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable Docker environment collection called Vulhub. It is an open-source project that provides a collection of vulnerable Docker environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a varie...

9.8CVSS7.1AI score0.99686EPSS
Exploits46
Gitee
Gitee
added 2020/10/29 1:41 p.m.4 views

Exploit for CVE-2020-14882

This is a Python script designed to exploit the CVE-2020-14882 vulnerability in Oracle WebLogic Server. The script is intended to be used for research purposes only and should not be used for malicious activities. Here's a breakdown of the script: Importing Libraries The script starts by importin...

10CVSS9.4AI score0.99997EPSS
Exploits41
Total number of security vulnerabilities1886