Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/06 2:57 a.m.153 views

shellshocker-pocs

This is a collection of Proof of Concepts PoCs and potential targets for the ShellShocker vulnerability. The PoCs are designed to exploit the vulnerability in various products and services, including XMPP ejabberd, Mailman, MySQL, NFS, Bind9, FTP, and others. The PoCs are primarily focused on...

8.3AI score
Exploits0
Gitee
Gitee
added 2025/09/20 8:13 a.m.152 views

MCIR

The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. It is a collection of tools designed to demonstrate various types of code injection vulnerabilities, including SQL injection, XML/XPath/XSL injection, Cross-Site Scripting XSS, and shell...

8.2AI score
Exploits0
Gitee
Gitee
added 2025/09/06 8:48 p.m.152 views

advisory-db

This is a security advisory database for Rust crates published through crates.io. The database is maintained by the RustSec project and contains information on security vulnerabilities in various Rust crates. The database is stored in TOML format and can be consumed by various tools for auditing...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 11:51 a.m.152 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

This is a PoC exploit for CVE-2021-36260, a command injection vulnerability in the web server of some Hikvision product. The vulnerability allows an attacker to launch a command injection attack by sending malicious commands to the device. The exploit is implemented in Python and provides several...

9.8CVSS8.9AI score0.99869EPSS
Exploits23
Gitee
Gitee
added 2025/07/27 4:55 a.m.152 views

PowerTools

PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:11 a.m.151 views

Garden

This is a repository for the Garden development tool, which automates workflows for Kubernetes application development and testing. The repository contains various configuration files, including .chglog/CHANGELOG.tpl.md, .circleci/config.yml, .circleci/continue-config.yml, and others. These files...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:14 a.m.151 views

Exploit for CVE-2019-13272

Linux 4.10 5.1.17 PTRACETRACEME local root...

7.8CVSS6.8AI score0.52199EPSS
Exploits21
Gitee
Gitee
added 2025/07/27 4:13 a.m.151 views

Exploit for Cross-site Scripting in Atmail

AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...

10CVSS7.6AI score0.94789EPSS
Exploits18
Gitee
Gitee
added 2025/07/24 6:27 p.m.151 views

Exploit for Deserialization of Untrusted Data in Google Android

Exploration of CVE-2024-31317 CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 system and uid 2000 shell, and can be triggered entirely from an unpriviledged app, allowing for persistence of any...

7.8CVSS7.2AI score0.00779EPSS
Exploits12
Gitee
Gitee
added 2025/11/04 1:52 p.m.150 views

autottp

This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...

6.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:9 a.m.150 views

Exploit for Use After Free in Linux Linux_Kernel

This repository contains various kernel exploits for Linux systems. The exploits target different vulnerabilities in the Linux kernel, including: 1. CVE-2016-8655: A Linux AFPACKET race condition exploit that includes KASLR and SMEP bypasses. 2. CVE-2016-9793: A Linux SOSND|RCVBUFFORCE CAPNETADMI...

7.8CVSS7.1AI score0.20797EPSS
Exploits68
Gitee
Gitee
added 2025/12/08 11:51 p.m.149 views

漏洞扫描系统

This is a Python web application built using the Flask framework, designed to scan Windows systems for vulnerabilities. The application has several features, including user authentication, task management, and vulnerability scanning. Here is a summary of the key points: User Authentication The...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:36 a.m.149 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105. It scans recursively both on disk and inside nested Java Archive files JARs. How it works log4j-finder identifies log4j2 libraries on your filesyst...

10CVSS8.5AI score0.99999EPSS
Exploits352
Gitee
Gitee
added 2025/07/06 2:49 a.m.149 views

kconfig-safety-check

This is a tool for checking the security hardening options of the Linux kernel. It is a Python script that can be used to analyze the configuration of a Linux kernel and identify potential security vulnerabilities. The tool is designed to support various architectures, including X8664, X8632,...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/04/09 7:46 p.m.149 views

Exploit for CVE-2024-38819

This is a proof-of-concept PoC exploit for CVE-2024-38819, a high-risk path traversal vulnerability in the Spring Framework. The vulnerability allows an attacker to access sensitive files on the server by constructing a malicious HTTP request with a specially crafted path. The PoC code is a simpl...

7.5CVSS6.5AI score0.54862EPSS
Exploits6
Gitee
Gitee
added 2025/07/27 3:52 a.m.148 views

Exploit for CVE-2017-3143

Awesome Vulnerability Research 🦄 A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious abou...

7.5CVSS7.8AI score0.57472EPSS
Exploits1
Gitee
Gitee
added 2025/10/28 5:17 p.m.145 views

nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:37 p.m.145 views

linux-exploit-development-tutorial

This is a Linux exploit development tutorial for beginners. The repository contains a series of chapters on various topics, including basic knowledge, stack security, heap security, and kernel security. The first chapter covers basic knowledge, including format string vulnerabilities, integer...

7.7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 11:51 a.m.144 views

Exploit for CVE-2020-1472

!Pythonpython-shield CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation Description A Python script which uses the Impacket library to test for CVE-2020-1472 - Zerologon vulnerability credits to Secura research. The flaw stems from the Netlogon Remote Protocol, available...

10CVSS8.1AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2024/05/08 3:51 p.m.144 views

Shiro-721

This is a vulnerability analysis of a repository containing a proof-of-concept PoC exploit for a remote code execution RCE vulnerability in Apache Shiro, a Java-based security framework. The vulnerability is caused by a padding oracle attack, which allows an attacker to construct serialized data...

8AI score
Exploits0
Gitee
Gitee
added 2020/02/25 7:20 p.m.143 views

Exploit for Improper Access Control in Oracle Jdk

This repository contains a collection of exploit files and proof-of-concept PoC vulnerability demonstration files from the team at Hacker House. The files are categorized into several subdirectories, each containing a specific type of exploit or vulnerability. The files include: 1. AIX-0days.txt:...

10CVSS7.6AI score0.99999EPSS
Exploits95
Gitee
Gitee
added 2025/09/13 5:45 p.m.142 views

JNDIExploit

This is a Java-based exploit tool for JNDI Java Naming and Directory Interface injection vulnerabilities. The tool is designed to inject a payload into the JNDI repository, allowing an attacker to execute arbitrary code on the target system. The tool is based on the Rogue JNDI project and support...

8.7AI score
Exploits0
Gitee
Gitee
added 2025/08/03 4:29 a.m.142 views

Exploit for CVE-1999-0078

Browsable content of eqgrp-auction-file.tar.xz - Original file: https://mega.nz/!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv405hX8kn7MEsa1iLH5UjKU - Passphrase: CrDj";Va.NdlnzB9M?@K2deB7mN as disclosed by the ShadowBrokers, source - This summary is provided by the community: complaints/credits to jvoisin @...

10CVSS8AI score0.84502EPSS
Exploits52
Gitee
Gitee
added 2025/09/06 12:9 p.m.141 views

Exploit for Path Traversal in Mikrotik Routeros

This is a PoC exploit for CVE-2018-14847 targeting RouterOS-based routers. The tool, named Meris RouterOS Checker, checks a list of IP addresses to validate if they were infected with Meris. It uses the RouterOS API, SSH, and WinBox to connect to the routers and attempt to exploit the...

9.1CVSS6.9AI score0.96087EPSS
Exploits23
Gitee
Gitee
added 2025/07/27 3:55 a.m.141 views

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

7AI score
Exploits0
Gitee
Gitee
added 2024/10/15 10:37 a.m.141 views

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that contains a malicious payload. The file is encoded with a custom algorithm, making it difficult to analyze without decoding. The code is written in C and uses various techniques to evade detection, including: 1. Co...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/11/27 9:16 p.m.140 views

burp_mirror_gui

Burp Multiple Instance Management Tool This solution, when combined with jsforward or mitmdump, effectively addresses the following pain points in penetration testing: 1. Enables real-time testing for privilege escalation, unauthorized access, business logic vulnerabilities, and session-related...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:26 p.m.140 views

kali-linux-cheatsheet

It is an offensive tool for penetration testing. The repository contains a Kali Linux Cheat Sheet for Penetration Testers, which provides quick references, commands, and techniques for various aspects of penetration testing. The cheat sheet covers topics such as reconnaissance and enumeration,...

6.5AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:10 p.m.140 views

pasta

The repository is a collection of code snippets and notes for learning PHP, specifically for those studying the language. The code snippets cover a range of topics, including forms, good coding practices, interview tasks, and database-related concepts. The repository is organized into several...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:17 a.m.140 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Acrobat

技术文章存档 ------ Paper list: Talking About Exploit Writing Bypassing AntiVirus Detection for Malicious PDFs MBR病毒分析 使用bochs调试MBR 基于MBR的系统登录密码验证程序 PDF文件格式分析 恶意PDF文件解析思路 Win 7下定位kernel32.dll基址及shellcode编写 CVE-2009-0658漏洞分析 Firefox vulnerabilityCVE-2011-0065 Bypassing DEP CVE-2009-4324漏洞分析 Flash XSS漏洞挖...

10CVSS9.2AI score0.87719EPSS
Exploits45
Gitee
Gitee
added 2024/12/11 11:9 p.m.140 views

vulnerability scanner

This is a Java-based web vulnerability scanner. The tool is classified as an offensive tool for web vulnerability scanning. The primary vulnerability being targeted is not explicitly stated, but based on the code and metadata, it appears to be a web application scanner that can perform SQL...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:47 a.m.139 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

Awesome Advanced Windows Exploitation References List of Awesome Advanced Windows Exploitation References This list is for anyone wishing to upgrade on their Windows Exploitation Knowledge. Anyway, this is a living resources and will update regularly with latest research articles/talks of awesome...

9.3CVSS9.5AI score0.8593EPSS
Exploits44
Gitee
Gitee
added 2025/09/20 7:29 a.m.139 views

weblogic-monitoring-exporter

This is a Java-based project for exporting metrics from WebLogic Server WLS instances to Prometheus. The project is available in two forms: a web application and a separate process. The web application is deployed to the server from which metrics are to be extracted, while the separate process is...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:43 a.m.138 views

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

9.8CVSS7AI score0.99993EPSS
Exploits140
Gitee
Gitee
added 2025/09/20 6:39 a.m.137 views

rubysec

This is a Ruby library for performing mutation testing, which is a form of testing that ensures that test coverage is comprehensive by introducing small changes mutations into the code under test and verifying that the tests fail as expected. The library, called Mutant, is designed to be used in...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/08 5:5 a.m.137 views

applications_hap

It is an offensive tool for mobile applications. The repository contains a collection of HAP HarmonyOS Application Package files, which are likely used for testing or demonstrating various mobile applications on the HarmonyOS platform. The files include demos for features such as flashlight, medi...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/11/07 10:58 a.m.136 views

nuclei-templates

This repository is an offensive tool for vulnerability scanning and exploitation, specifically for the nuclei engine. It contains a community-curated list of templates for discovering security vulnerabilities in applications. The templates are used by the nuclei scanner to power the actual scanni...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:6 p.m.134 views

mona

This is a repository for mona.py, a Python script used to automate and speed up specific searches while developing exploits, particularly for the Windows platform. Mona.py runs on Immunity Debugger and WinDBG, and requires Python 2.7. The script is designed to work with 32-bit processes, although...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:17 p.m.133 views

exploit_me

This is a vulnerable ARM/AARCH64 application, specifically designed for a CTF Capture The Flag style exploitation tutorial. The application is written in C and is intended to demonstrate various types of vulnerabilities, including integer overflow, stack overflow, array overflow, off-by-one, stac...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:14 p.m.133 views

fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/08/14 12:49 p.m.133 views

Exploit for CVE-2020-11989

使用说明 首页 所见即所得,点击对应的按钮会跳转到相应的模块 渗透测试 网站扫描 网站扫描功能缝了afrog项目地址,基本就是差不多把该扫描器的功能UI化,且内置反连无需再配置ceye或jndi已将jndi有关poc全部替换成反连地址,主动探测的漏洞或者指纹会写入到report目录下的html文件中,并没有将afrog命令的输出进行删除(所以你在go run main.go运行工具时,依然能看到命令行存在afrog的输出内容) 目标格式支持 URL 或者 IP:PORT 仅指纹扫描/指纹POC扫描/主动指纹探测 - 仅指纹扫描:只对当前网页发送两个数据包进行探测指纹 - 主动指纹探测:...

9.8CVSS8.9AI score0.24436EPSS
Exploits1
Gitee
Gitee
added 2025/07/27 3:31 a.m.133 views

jexboss

This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.7 and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/07 12:43 a.m.132 views

Exploit for Improper Authentication in Oracle Database_Server

This is an offensive tool for Oracle Database exploitation. The repository contains several modules that exploit various vulnerabilities in Oracle Database, including: 1. CVE-2012-3137: This module exploits a vulnerability in Oracle Database that allows an attacker to obtain remote passwords usin...

6.4CVSS7.2AI score0.31437EPSS
Exploits4
Gitee
Gitee
added 2025/09/06 4:17 a.m.131 views

Exploit for Use After Free in Google Android

This is a proof-of-concept PoC application demonstrating the power of an Android kernel arbitrary R/W, specifically targeting CVE-2019-2215. The application, named Qu1ckR00t, is designed to exploit this vulnerability to achieve root access on an Android device. The exploit is implemented in the...

7.8CVSS8.6AI score0.72105EPSS
Exploits27
Gitee
Gitee
added 2025/09/28 9:3 p.m.130 views

sparta

This is a network infrastructure penetration testing tool called SPARTA. It is a Python GUI application that simplifies the scanning and enumeration phase of penetration testing by providing point-and-click access to various tools and displaying all tool output in a convenient way. The tool...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 12:21 p.m.130 views

PinTools

This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/13 4:43 a.m.128 views

personal-security-checklist-1

This repository is an open-source project for a curated checklist of 300+ tips for protecting digital security and privacy in 2022. It is a community-driven project that allows contributors to suggest and submit points to be added, amended, or removed from the list. The project has a code of...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/13 1:8 a.m.127 views

Pikachu

This is a proof-of-concept PoC exploit for a vulnerable web application system called Pikachu. The system contains a variety of common web security vulnerabilities, including SQL injection, cross-site scripting XSS, cross-site request forgery CSRF, remote code execution RCE, and more. The...

7.7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 11:51 a.m.127 views

Scanners-Box

This is a collection of open-source scanners from the GitHub platform, including subdomain enumeration, database vulnerability scanners, weak password or information leak scanners, port scanners, fingerprint scanners, and other large-scale scanners. The collection is maintained by We5ter and...

7.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:55 a.m.127 views

Awesome-Bugbounty-Writeups

This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...

7.9AI score
Exploits0
Total number of security vulnerabilities1886