Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/01/10 10:19 p.m.4 views

mad-metasploit

This repository is an offensive tool for Metasploit framework. It is a collection of custom modules, plugins, and resource scripts for Metasploit. The primary purpose of this repository is to provide a comprehensive set of tools for exploiting vulnerabilities in various systems and applications...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/10 9:44 p.m.4 views

Exploit for Incorrect Authorization in Theforeman Smart_Proxy_Salt

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The repository contains various modules for exploiting vulnerabilities in different software and systems, including Windows, Linux, an...

7.1CVSS7.2AI score0.00194EPSS
Exploits1
Gitee
Gitee
added 2021/01/09 1:3 a.m.4 views

browser_pwn

This repository is an offensive tool for browser exploitation. It contains a proof-of-concept PoC exploit for a vulnerability in the V8 JavaScript engine, which is used by Google Chrome and other browsers. The exploit targets a vulnerability in the V8 engine that allows for type confusion attacks...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/06 12:27 p.m.4 views

Exploit for OS Command Injection in Intelliantech Aptus_Web

It is a PoC exploit for CVE-2020-7980, a remote code execution vulnerability in Intellian Satellite controller Intellian Aptus Web. The exploit targets the vulnerability class/vector of RCE Remote Code Execution and is implemented as a Python script named satellian.py. The probable entry point is...

10CVSS8.2AI score0.82956EPSS
Exploits7
Gitee
Gitee
added 2020/12/30 9:36 a.m.4 views

ctf_repo

This is a Python script for a CTF Capture The Flag challenge called "FunPwn" from the 2016 ASIS CTF game. The script is designed to automate the game by interacting with the game's console. Here's a breakdown of the script: 1. The script starts by importing the pwn module, which is a Python libra...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/22 11:41 p.m.4 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository lpker123/PayloadsAllTheThings contains various payloads for different purposes, but no specific exploit or vulnerability is mentioned. The provided code snippet is a funding.yml file, which lists supported funding platforms for...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/12/18 5:12 p.m.4 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of vulnerable Docker environments, which can be used for testing and training purposes. The environments are pre-built and can be easily deployed using Docker and Docker Compose. The repository includes a variet...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/12/15 12:33 p.m.4 views

vulhubs

It is an offensive tool for web application security training. The primary vulnerability targeted by this tool is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable docker environments for web application security training. The tool...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/12/13 11:17 p.m.4 views

vulhub

It is an offensive tool for Docker environments. The primary vulnerability is not specified, but the repository contains a collection of vulnerable Docker environments, including CouchDB, FFmpeg, Git, InfluxDB, and others. The environments are designed to be vulnerable to various attacks, allowin...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/13 1:43 a.m.4 views

vulhub1

It is an offensive tool for web application security training. The repository contains a collection of vulnerable docker environments for web application security training. The tool is designed to be easy to use, requiring only two simple commands to set up a vulnerable environment. The tool is...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/10 2:28 a.m.4 views

PolyAsciiShellGen

It is an offensive tool for x86 platforms. The primary CVE ID present in the provided context is not explicitly stated, but the tool is related to bypassing MSB data filters for buffer overflow exploits on Intel x86 platforms, as described in the paper "Bypassing MSB Data Filters for Buffer...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/08 8:37 p.m.4 views

Exploit for CVE-2020-0797

This repository is a PoC exploit for CVE-2020-0796, a wormable SMBv3 vulnerability. The vulnerability allows an attacker to execute code on a target SMB Server or SMB Client by sending a specially crafted packet. The exploit is implemented in Python and uses the socket library to send a packet to...

10CVSS9.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/12/04 4:44 p.m.4 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability addressed by the repository is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The repository contains two main files:...

9.8CVSS7.1AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2020/12/02 11:16 a.m.4 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, also known as the Dirty Cow vulnerability. The exploit targets Linux systems and uses the Dirty Cow vulnerability to gain root access. The vulnerability allows an attacker to write to a read-only page in memory, which can be used to execute arbitrary code...

7.2CVSS7.8AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2020/12/01 4:32 p.m.4 views

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...

8AI score
Exploits0
Gitee
Gitee
added 2020/11/28 12:15 p.m.4 views

Hacking-Cheatsheet

It is an offensive tool for network scanning and enumeration. The primary CVE ID is not present in the provided context. The target product/service or framework is Nmap, a network scanning and exploration tool. The vulnerability class/vector is not explicitly stated, but the tool is used for...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/11/27 10:58 a.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploits and research materials. The repository includes various projects, each targeting a specific vulnerability in Spring Boot applications. The vulnerabilities include: 1. JNDI Object deserialization RCE Remote Code Execution ...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/26 8:56 a.m.4 views

shadowbroker

This repository contains a collection of exploits and tools, including the "Lost In Translation" leak from the Shadow Brokers. The repository includes exploits for various vulnerabilities, such as RedHat 7.0-7.1 Sendmail 8.11.x, Solaris 6, 7, 8, 9 & 10, and Samba 3.0.x Linux. The exploits are...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/24 11:3 p.m.4 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/23 10:35 a.m.4 views

pwntools

This is an offensive tool for binary exploitation. It is a Python library called pwntools, which provides a set of tools for binary exploitation and reverse engineering. The library is designed to be used by security researchers and penetration testers to identify and exploit vulnerabilities in...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/11/18 3:32 p.m.4 views

isf

This is a Python-based framework for Industrial Control System ICS exploitation, similar to Metasploit. It's called ICSSploit and is a fork of the routersploit project. The framework is designed to be used for penetration testing and vulnerability assessment of industrial control systems. The...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/18 2:28 a.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. The target product/service or framework is docker-compose, the vulnerability class/vector is not...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/11/16 9:59 a.m.4 views

shadowbroker

This repository, csharphpython/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a variety of exploits targeting different systems and vulnerabilities, including: 1. EARLYSHOVEL: a...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/11/14 9:29 p.m.4 views

BurpSuite-collections

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/14 4:33 p.m.4 views

My-PWN-Life

This repository is an exploit for a buffer overflow vulnerability in a binary called "bof". The exploit is written in Python and uses the pwntools library to interact with the binary. The binary is a simple program that takes user input and stores it in a buffer. The buffer is not properly...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/11/11 7:8 p.m.4 views

PoC

PoC exploit for CVE-2018-XXXX-XXXX, Exploit module/targeting Axis Communications MPQT/PACS Heap Overflow and Information Leakage. The exploit targets a heap overflow vulnerability in the Axis Communications MPQT/PACS series, which allows for information leakage and heap overflow. The vulnerabilit...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/11/11 5:10 p.m.4 views

vulhub

It is an offensive tool for Vulnerability Research. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to test and research vulnerabilities without requiring prior knowledge of Docker. The tool is designed to be user-friendly, with a simple two-comman...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/09 4:57 p.m.4 views

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several sections, including a directory of...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/11/05 4:41 p.m.4 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, which are used for authorized testing and security research purposes. The repository includes various exploits and techniques for exploiting Spring Boot applications, including: 1. Spring Boot Vulnerability...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/11/05 3:28 p.m.4 views

Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor  ✔  8388  18:32:43...

7.2CVSS7AI score0.37597EPSS
Exploits9
Gitee
Gitee
added 2020/11/05 11:13 a.m.4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes, which are part of the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact...

10CVSS10AI score0.16655EPSS
Exploits9
Gitee
Gitee
added 2020/11/03 7:53 p.m.4 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...

9.8CVSS7AI score0.93143EPSS
Exploits9
Gitee
Gitee
added 2020/11/02 12:32 a.m.4 views

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for ICS exploitation, similar to Metasploit. The framework is based on the open-source project "routersploit" and is designed for exploitation of industrial control systems ICS. The tool provides a range of features,...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/01 11:56 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The target product/service or framework varies depending on the specific environment...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/10/29 5:19 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a collection of docker-compose files that can be used to create vulnerable environments for testing and training purposes. The environments are designed to be easy to use and require no pre-existing knowledge of...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/10/29 4:35 p.m.4 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable Docker environment collection called Vulhub. It is an open-source project that provides a collection of vulnerable Docker environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a varie...

9.8CVSS7.1AI score0.99686EPSS
Exploits46
Gitee
Gitee
added 2020/10/29 1:41 p.m.4 views

Exploit for CVE-2020-14882

This is a Python script designed to exploit the CVE-2020-14882 vulnerability in Oracle WebLogic Server. The script is intended to be used for research purposes only and should not be used for malicious activities. Here's a breakdown of the script: Importing Libraries The script starts by importin...

10CVSS9.4AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2020/10/26 11:28 a.m.4 views

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

8AI score
Exploits0
Gitee
Gitee
added 2020/10/21 10:21 p.m.4 views

marshalsec

This repository is an offensive tool for Java deserialization exploitation. It is a Java-based tool for exploiting Java object deserialization vulnerabilities, which can lead to remote code execution RCE and other security issues. The tool includes various payload generators for different Java...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/10/21 12:36 p.m.4 views

Awesome-Red-Teaming

This is a list of resources for Red Teaming, a list that will be updated regularly with the latest adversarial tactics and techniques based on the Mitre ATT&CK framework. The list covers various topics such as Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credenti...

7AI score
Exploits0
Gitee
Gitee
added 2020/10/20 9:3 p.m.4 views

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted is a Server-Side Template Injection SSTI in Flask, as evidenced by the presence of the flask/ssti directory. The tool is likely designed to exploit this vulnerability, allowing an attacker to inject...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/10/09 8:45 p.m.4 views

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

This is a Python script that exploits the CVE-2019-19781 vulnerability in Citrix Application Delivery Controller and Citrix Gateway. The script is designed to upload a malicious XML file to the vulnerable device, which will execute the code contained within, resulting in remote code execution. Th...

9.8CVSS10AI score0.99999EPSS
Exploits48
Gitee
Gitee
added 2020/10/06 8:53 p.m.4 views

Exploit for CVE-2018-9995

This is a Python script, getDVRCredentials.py, that exploits a vulnerability in DVR systems to obtain exposed credentials. The script is designed to target various DVR systems, including Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login. The script...

9.8CVSS7AI score0.83151EPSS
Exploits13
Gitee
Gitee
added 2020/10/05 12:41 p.m.4 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

PoC exploit for CVE-2017-10271, an unauthenticated Weblogic RCE. The target product/service is Weblogic, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the CoordinatorPortType SOAP endpoint. Notable dependencies/tooling include the requests library an...

7.5CVSS7.7AI score0.99993EPSS
Exploits45
Gitee
Gitee
added 2020/09/21 10:52 a.m.4 views

sploitfun-linux-x86-exp-tut-zh

This is a Linux x86 exploit development tutorial series. The series covers various topics such as buffer overflow, integer overflow, off-by-one vulnerability, return-to-libc, and ASLR bypass. The tutorials are written in Chinese and translated into English. The series includes chapters on: 1...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/09/19 7:44 p.m.4 views

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, which can be used for web application security training. The tool is designed to be easy to use, requiring only two simple commands to...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/09/14 1:38 p.m.4 views

Gopherus

This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/09/11 3:7 p.m.4 views

Exploit for CVE-2015-3636

PoC exploit for CVE-2015-3636 targeting 32-bit Android OS. The exploit targets the Linux kernel, specifically the getroot function, which allows for privilege escalation. The probable entry point is the poc.c file, which is compiled into an executable using the Android.mk file. The exploit uses t...

4.9CVSS7.1AI score0.02472EPSS
Exploits6
Gitee
Gitee
added 2020/09/10 10:27 a.m.4 views

MS17-010

This repository is a collection of exploits and tools for the MS17-010 vulnerability, also known as the EternalBlue exploit. The vulnerability is a remote code execution RCE bug in the SMBv1 protocol, which was used by the WannaCry ransomware in 2017. The repository contains various exploits and...

9AI score
Exploits0
Gitee
Gitee
added 2020/09/06 11:17 a.m.4 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads for various purposes, but no specific exploit or vulnerability is identified. The provided code snippet is a funding model configuration for GitHub Sponsors and Ko-fi, indicating that the...

7.3AI score
Exploits0
Total number of security vulnerabilities1886