Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/05/26 11:42 p.m.4 views

vulhub

It is an offensive tool for Web Application. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to test web applications for vulnerabilities, specifically for web application security testing. The tool includes a variety of...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/05/25 3:21 p.m.4 views

Exploit for CVE-2020-11651

CVE-2020-11651 is a proof-of-concept PoC exploit for a vulnerability in the SaltStack master. The exploit is designed to obtain pre-auth RCE Remote Code Execution on a SaltStack master and all associated minions. The vulnerability is not explicitly stated in the provided code, but it is likely...

9.8CVSS8.1AI score0.96405EPSS
Exploits24
Gitee
Gitee
added 2020/05/22 11:19 p.m.4 views

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

CVE-2020-2555 概述 在2020年1月,互联网上爆出了Weblogic反序列化远程命令执行漏洞(CVE-2020-2555),Oracle Fusion中间件Oracle Coherence存在缺陷,攻击者可利用该漏洞在未经授权下通过构造T3协议请求,获取Weblogic服务器权限,执行任意命令,风险较大。 影响 Oracle Coherence 3.7.1.17 Oracle Coherence & Weblogic 12.1.3.0.0 Oracle Coherence & Weblogic 12.2.1.3.0 Oracle Coherence & Weblogic...

9.8CVSS9.6AI score0.97116EPSS
Exploits26
Gitee
Gitee
added 2020/05/22 1:15 p.m.4 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. CVE-2016-9086 is present in the provided context. The target product/service or framework is GitLab, the vulnerability class/vector is a remote code execution RCE vulnerability, the probable entry points are the data...

6.5CVSS8.5AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/05/12 3:6 p.m.4 views

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, provided by Vulhub. The repository contains a collection of vulnerable environments, each with its own set of vulnerabilities and exploits. The repository is designed to be easy to use, with a simple installation process and a...

9.8CVSS9.5AI score0.99686EPSS
Exploits46
Gitee
Gitee
added 2020/05/12 1:38 p.m.4 views

vulhub

This repository is an open-source collection of vulnerable web applications and environments for security testing and education, maintained by vulhub. It is a defensive blue-team research and threat mitigation tool. The repository contains a variety of vulnerable web applications and environments...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/05/11 2:9 p.m.4 views

Exploit for CVE-2019-1040

CVE-2019-1040 Great writeup! Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin . So, I wrote CVE-2019-1040.py for easy to use. You can also check out my exchange2domain repo: https://github.com/ridter/exchange2domain, another way to use exchange to get DC...

5.9CVSS7.2AI score0.48043EPSS
Exploits6
Gitee
Gitee
added 2020/05/07 10:28 a.m.4 views

Exploit for CVE-2013-0422

K8tools 20190428 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

10CVSS9.1AI score0.99448EPSS
Exploits97
Gitee
Gitee
added 2020/05/07 10:27 a.m.4 views

pentest-wiki

This repository is an information gathering library for penetration testers/researchers. It contains various tools and documentation for gathering information about a target organization, including IP analysis, whois analysis, and social media research. The library includes bookmarks for various...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/05/06 3:20 p.m.4 views

Information_Collection_Handbook

Handbook of information collection for penetration testing...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/23 10:58 p.m.4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a PoC exploit for CVE-2020-0796, a Windows SMBv3 LPE Local Privilege Escalation vulnerability. The exploit is written in C++ and uses the Windows API to manipulate system handles and exploit the vulnerability. The code includes a function to get the address of a handle, and another functi...

10CVSS9.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/04/23 5:10 p.m.4 views

metasploit-framework

This is a Metasploit Framework repository. The framework is a penetration testing tool that allows users to create and execute exploits against various targets. The repository contains a wide range of modules, including exploits, payloads, and auxiliary tools. The framework is written in Ruby and...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/04/23 11:16 a.m.4 views

antSword

This is a comprehensive analysis of the provided code and metadata from the AntSword repository. Classification: Exploit module/toolkit targeting web applications Primary CVE ID: Not specified Target product/service or framework: Web applications Vulnerability class/vector: Not specified Probable...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/04/22 9:30 a.m.4 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including Flask SSTI Server-Side Template Injection and other vulnerabilities. The tool is designed to help users test and demonstrate vulnerabilities in a controlled...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/04/20 3:46 p.m.4 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含: 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书:https://www.jianshu.com/p/6649118ba7b6...

9.8CVSS8.9AI score0.99448EPSS
Exploits69
Gitee
Gitee
added 2020/04/14 12:2 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which define the...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/04/11 6:49 p.m.4 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
Gitee
Gitee
added 2020/04/10 12:38 p.m.4 views

wolfssl

This is a collection of files related to the wolfSSL library, a cryptographic library for embedded systems. The library is designed to be compatible with Arduino projects and provides a range of cryptographic functions, including SSL/TLS, RSA, and AES. The files include: IDE/ARDUINO/README.md: A...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/07 4:50 p.m.4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB Server Message Block protocol, specifically SMBv3. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the scanner.py script, which sends a specially crafted SMB negotiate request to...

10CVSS8.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/04/02 12:58 p.m.4 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target...

9.8CVSS7.8AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2020/04/01 3:16 p.m.4 views

Exploit for Improper Resource Shutdown or Release in Microsoft

CVE-2018-8120 CVE-2018-8120 Windows LPE exploit 测试支持: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64 WinXP x32, Win2003 x32,Win2003 x64 原exp不支持xp,2003,当前代码在原基础上增加了对这两个系统的支持。 Usage shell CVE-2018-8120 exploit by...

7.2CVSS7AI score0.73721EPSS
Exploits18
Gitee
Gitee
added 2020/03/28 4:57 p.m.4 views

shadowbroker-1

This repository, fengzihk/shadowbroker-1, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists various exploits, such as EARLYSHOVEL, EBBISLAND, ECHOWRECKER, EASYBEE, and...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/03/28 4:57 p.m.4 views

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/28 4:54 p.m.4 views

Exploit for Incorrect Authorization in Jenkins Git

CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin v3.7 Description: An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Versions...

5.3CVSS6.8AI score0.03988EPSS
Exploits2
Gitee
Gitee
added 2020/03/26 2:49 p.m.4 views

AssassinGo

This is an extensible and concurrency pentest framework in Go, also with a WebGUI. It is an offensive tool for Network Scanning, Vulnerability Scanning, and Information Gathering. The primary CVE ID is not specified in the provided context. The target product/service is not explicitly stated, but...

6.6AI score
Exploits0
Gitee
Gitee
added 2020/03/23 1:22 p.m.4 views

hitconDockerfile

This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/03/20 4:41 a.m.4 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an open-source collection of pre-built vulnerable docker environments, vulhub. It is an offensive tool for web application security training and testing. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab, and the...

6.5CVSS8AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/03/13 8:44 p.m.4 views

welpwn

This is an exploit module for a vulnerability in a binary, targeting a heap-based overflow in a baby heap implementation. The exploit is designed to execute a shell on the vulnerable system. The exploit uses a combination of alloc, show, and delete functions to manipulate the heap and create a...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/03/13 1:20 a.m.4 views

PowerSploit1

This is a PowerShell module for code execution and antivirus bypass. The module contains several functions, including: 1. Find-AVSignature: This function locates tiny AV signatures using the same method as DSplit from "class101" on heapoverflow.com. 2. Invoke-DllInjection: This function injects a...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/03/12 12:30 p.m.4 views

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Cloud_Foundation

PoC exploit for CVE-2021-22023, a remote code execution vulnerability in Fastjson versions = 1.2.47. The target product/service is Fastjson, a popular Java library for JSON parsing and generation. The vulnerability class/vector is remote code execution RCE. The probable entry point is the...

7.2CVSS8.7AI score0.00999EPSS
Exploits1
Gitee
Gitee
added 2020/03/07 4:15 p.m.4 views

Exploit for Improper Authentication in Microsoft

It is an exploit module targeting Microsoft Exchange Server. The primary CVE ID is CVE-2020-0688. The vulnerability class is a deserialization vulnerability, specifically a TextFormattingRunProperties deserialization vulnerability. The probable entry point is the exploit.py script. Notable...

9CVSS9.6AI score0.99965EPSS
Exploits30
Gitee
Gitee
added 2020/03/07 10:56 a.m.4 views

Privilege-Escalation-Tater

It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not present in the provided context, but it is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/03/07 8:41 a.m.4 views

poc

This is a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. Here's a summary of the PoCs: 1. Discuz x3.0 /static/image/common/focus.swf Cross Site Scripting XSS POC: Thi...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/02/25 7:21 p.m.4 views

Exploit for Incorrect Authorization in Jenkins Git

CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin v3.7 Description: An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Versions...

5.3CVSS6.9AI score0.03988EPSS
Exploits2
Gitee
Gitee
added 2020/02/21 8:31 p.m.4 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/02/21 4:51 p.m.4 views

commix

This is an automated tool for testing web-based applications to find command injection vulnerabilities. It is written in Python and can be used by web developers, penetration testers, or security researchers. The tool is designed to test web-based applications with the view to find bugs, errors, ...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/02/18 11:56 p.m.4 views

Exploit for Improper Authentication in Eclipse Mosquitto

PoC exploit for CVE-2017-7650, Redis 4.x/5.x RCE. The target product/service is Redis, a key-value store, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py invoked via CLI...

6.5CVSS7.5AI score0.02472EPSS
Exploits2
Gitee
Gitee
added 2020/02/18 9:25 p.m.4 views

AFLplusplus

This is a code repository for AFLplusplus, a tool for fuzz testing and vulnerability discovery. The repository contains various files and directories related to the project, including configuration files, makefiles, and documentation. The repository is organized as follows: .clang-format is a...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/02/17 4:59 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector targeted by this repository is not explicitly stated, but it appears to be a collection of various vulnerabilities in different environments. The probable entry points for these...

8.4AI score
Exploits0
Gitee
Gitee
added 2020/02/12 4:22 p.m.4 views

picoCTF-2019-writeups

The repository is a collection of write-ups for the picoCTF 2019 challenge. The write-ups cover various challenges, including general skills, web exploitation, and reverse engineering. The challenges involve solving problems such as decoding messages, exploiting vulnerabilities, and reversing...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/02/11 11:47 p.m.4 views

Exploit for CVE-2017-3251

PoC exploit for CVE-2017-3251, a Java object deserialization vulnerability. The ysoserial tool generates payloads that exploit this vulnerability by creating a malicious object that, when deserialized, executes arbitrary code. The tool takes a user-specified command and wraps it in a gadget chain...

4.9CVSS7.2AI score0.01746EPSS
Exploits1
Gitee
Gitee
added 2020/01/23 1:34 p.m.4 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, allowing users to easily create and test vulnerable environments without requiring prior knowledge of docker. The tool is designed to be user-friendly, with a...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/01/18 1:55 p.m.4 views

fastjson-remote-code-execute-poc

This repository is an exploit module for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is likely targeting a Java application that uses this library. The repository contains metadata from the IntelliJ IDEA project, which includes information about...

8.6AI score
Exploits0
Gitee
Gitee
added 2020/01/09 9:23 a.m.4 views

Vulmap

This is a Python script for a local vulnerability scanner, specifically designed for Linux systems. The script, named Vulmap, is part of the Vulmap Local Vulnerability Scanners project. It scans the host for installed packages, queries the Vulmon API for vulnerabilities, and prints the results,...

6.6AI score
Exploits0
Gitee
Gitee
added 2019/12/19 11:53 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not specified, but the repository includes various vulnerable environments based on Docker-Compose, such as flask/ssti, httpd/apacheparsingvulnerability, and nginx/nginxparsingvulnerability. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2019/12/09 11:26 a.m.4 views

maltrail

This is a malicious traffic detection system called Maltrail. It is a Python-based system that utilizes publicly available blacklists and custom user-defined lists to detect malicious traffic. The system can detect various types of malicious activity, including domain name, URL, IP address, and...

7.2AI score
Exploits0
Gitee
Gitee
added 2019/11/27 11:10 p.m.4 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which define the...

8.2AI score
Exploits0
Gitee
Gitee
added 2019/11/15 2:4 p.m.4 views

vulhub

It is an offensive tool for web application security training. The tool is a collection of pre-built vulnerable docker environments, Vulhub, which can be used to test and train web application security skills. The tool is designed to be easy to use, with a simple installation process and a...

7AI score
Exploits0
Gitee
Gitee
added 2019/11/05 12:3 p.m.4 views

fuzzdb-collect

Based on the provided code and context, it appears to be a Python script designed to perform a brute-force attack on file extensions. The script is part of...

7.1AI score
Exploits0
Gitee
Gitee
added 2019/10/31 11:42 a.m.4 views

vulhub

It is an offensive tool for vulnerable environments. This repository, vulhub, is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The...

7.1AI score
Exploits0
Total number of security vulnerabilities1886