1886 matches found
Vxscan
This is a Python-based comprehensive scanning tool called Vxscan. It is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The too...
pocsuit3
Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the repository: This repository is an open-sourced remote vulnerability testing and proof-of-concept development framework called pocsuite3, developed by the Knownsec 404 Team. It comes with a powerf...
Exploit for Path Traversal in Mikrotik Routeros
This is a proof of concept PoC exploit for the critical WinBox vulnerability CVE-2018-14847 that allows for arbitrary file read of plain text passwords. The vulnerability has been fixed, but the project is no longer supported or updated. The exploit is written in Python and uses the socket librar...
Summer2021-No.110 操作系统安全漏洞扫描与报警项目
This is a Python script for a Linux operating system risk assessment tool called Euler Guardian. The script is designed to perform various checks on the system, including firewall configuration, open ports, and system information. It also includes a module for sending email notifications. The...
SpringBootVulExploit
This repository is an offensive tool for Spring Boot exploitation. It contains various modules and scripts that can be used to exploit vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can b...
CVE
Received CVE list...
Some-PoC-oR-ExP
This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability targeted by the code is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The tool is designed to exploit this vulnerability to...
POC-EXP
It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...
nuclei-templates
This is a community-curated list of templates for the nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are the core of the nuclei scanner, which powers the...
PayloadsAllTheThings
It is an offensive tool for Web Application Security. The repository, PayloadsAllTheThings, contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The provided code snippet is a GitHub funding model configuration file .github/FUNDING.yml...
Exploit for Out-of-bounds Write in Gnu Glibc
PoC exploit for CVE-2018-1000001, a buffer underflow in glibc realpath that allows local privilege escalation. The target product/service is glibc, a dependency of various Linux distributions including Debian and Ubuntu. The vulnerability class/vector is LPE Local Privilege Escalation. The probab...
CMSmap
This is a Python-based open-source CMS scanner called CMSmap, which automates the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool is designed to integrate common vulnerabilities for different types of CMSs in a...
vulhubdocker2
This repository is an open-source project for vulnerability research and training, specifically targeting various web applications and services. It is a collection of vulnerable environments and tools for testing and learning about common web application vulnerabilities. The repository contains a...
vulhub
This repository is an offensive tool for creating pre-built vulnerable environments based on Docker-Compose. It is a collection of vulnerable applications and services that can be used for testing and training purposes. The repository includes a variety of vulnerable applications, such as CouchDB...
CDK
This is a container penetration toolkit called CDK, which is designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs and helps users to escape container and take over K8s cluster easily. The...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including Docker, Git, and Oracle Java. The repository is maintained by phith0n and is licensed under the MIT...
x-scan
This is a vulnerability scanner framework written in Python, specifically designed for scanning web applications. The framework is called "X Vulnerability Scanner Framework" and is maintained by "BaCde". The code is organized into several modules, each responsible for a specific type of...
AllAboutBugBounty
This repository is an offensive tool for bug bounty hunting, specifically for bypassing various security measures and exploiting vulnerabilities in web applications. The primary focus is on identifying and exploiting weaknesses in business logic, authentication, and authorization. The repository...
PayloadsAllTheThings
It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads, but no specific exploit or vulnerability is identified. However, the presence of a funding.yml file suggests that the repository may be used to support the work of the maintainer, swisskyrepo...
Awesome-Red-Teaming
This is an offensive tool for Red Teaming. It is a list of resources for anyone wishing to learn about Red Teaming, including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, command and contro...
pocsuite3
This is a PoC exploit for CVE-2021-NNNN, an exploit module/toolkit targeting a vulnerability in a specific product/service or framework. The target product/service or framework is not explicitly stated, but based on the code and metadata, it appears to be a web application vulnerability. The...
awesome-mobile-security
It is an offensive tool for mobile security research. The repository xynsd/awesome-mobile-security is a curated collection of resources and tools for mobile security research, covering both Android and iOS platforms. It aggregates various references and tools from their respective owners, serving...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and tools for testing and demonstrating various attacks. The repository includes a variety of modules and tools for different types of attacks, such as web...
purple-team-attack-automation
This is an offensive tool for Metasploit Framework. The tool is designed to automate the process of exploiting vulnerabilities in various systems. It is likely used for penetration testing and vulnerability assessment purposes. The tool is written in Ruby and utilizes the Metasploit Framework,...
vulhub
This is an open-source, community-driven project called Vulhub, which provides a comprehensive collection of vulnerable systems and applications for educational and testing purposes. The repository contains a wide range of vulnerable systems, including web applications, databases, and networks, a...
shadowbroker
This repository contains a collection of exploits and tools, including the "EARLYSHOVEL" exploit for RedHat 7.0-7.1 Sendmail 8.11.x, the "EBBISLAND EBBSHAVE" exploit for Solaris 6, 7, 8, 9 & 10, and the "ECHOWRECKER" exploit for remote Samba 3.0.x Linux. The repository also includes a payload...
Exploit for CVE-2021-24086
PoC exploit for CVE-2021-24086, a Windows TCP/IP Denial of Service Vulnerability. The target is the Windows TCP/IP stack, specifically the tcpip.sys driver, which is vulnerable to a NULL dereference. The vulnerability can be triggered remotely by sending a malicious UDP packet over IPv6. The...
writeup
This is a Python script for exploiting a vulnerability in the "Aegis" binary. The script is designed to be used with the "pwn" library, which is a Python library for exploitation. The script starts by setting a debug flag to 1, which means that the script will run in debug mode. If the debug flag...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The repository contains various PoCs Proof of Concepts and exploits for the vulnerability, which is a remote code execution vulnerability in the Windows SMBv1 protocol. The vulnerability is caused by a buffer overflow in the...
pentest-wiki
This is a collection of information gathering tools and techniques for penetration testing and security research. The repository contains various scripts and documentation for gathering information about a target organization, including IP analysis, whois analysis, and social media research. The...
vulhub1
This is an open-source collection of vulnerable systems and applications for educational purposes, maintained by phith0n. It provides a controlled environment for learning and practicing penetration testing, vulnerability assessment, and security research. The repository contains various vulnerab...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. The repository contains a collection of PowerShell scripts and modules, including AntivirusBypass and CodeExecution, which are designed to bypass antivirus software and execute malicious code, respectively. The AntivirusBypass module...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is an exploit module/toolkit targeting the CVE-2021-3156 sudo vulnerability, dubbed Baron Samedit by Qualys. The target product/service is the sudo command, and the vulnerability class/vector is a heap-based overflow. The probable entry point is the sudoedit function, which is a part of the...
PayloadsAllTheThings
It is an offensive tool for general-purpose exploitation. The repository contains a list of supported funding platforms, including GitHub Sponsors, Ko-fi, and Buy Me a Coffee. The primary funding platform is GitHub Sponsors, with the username swisskyrepo. No specific exploits or tools are present...
marshalsec
This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting various Java open-source marshalling libraries. The tool, named "marshalsec," is designed to unmarshal arbitrary, attacker-supplied types and demonstrate the potential for remote code...
CTF-All-In-One
This is a comprehensive security guide for CTF Capture The Flag competitions, written in Chinese. The guide covers various topics, including Linux basics, web security, reverse engineering, and cryptography. It is intended for beginners and intermediate learners. The guide is organized into sever...
CMSmap
This is an open-source Python tool called CMSmap, designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool is still in its early stages and may contain bugs or flaws. The primary purpose of CMSm...
wolfssl
This repository is an implementation of the wolfSSL library, a cryptographic library for secure communication. The library is designed to be used with various platforms, including Arduino, and provides a range of cryptographic functions for secure data transmission. The repository contains a...
jexboss
Exploit module/targeting JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. The provided code is a Python script that appears to be a tool for testing and exploiting vulnerabilities in JBoss Application Server and other Java-based platforms. The script is written i...
PayloadsAllTheThings
It is an offensive tool for Web Application Security and Pentest/CTF. The repository contains a list of useful payloads and bypass techniques. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of various exploits and tools. The target product/service or framework i...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...
suricata-rules
This repository contains Suricata IDS Intrusion Detection System rules for detecting various types of malicious activity, including CobaltStrike, crypto miners, and other threats. The rules are designed to identify specific patterns and behaviors associated with these threats. The rules are...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones for...
glimmer
This is a Python-based framework called Glimmer, which is a poc proof-of-concept framework for various attacks. The framework is designed to be extensible and allows users to write their own parsers for different protocols and targets. The framework has several dependencies, including rich,...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, called Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but it includes a wide range of vulnerabilities i...
Exploit for Use After Free in Adobe Flash_Player
Awesome CobaltStrike 0x00 前言 1. 一部分是近期做RedTeam项目的时候看到的一些关于CobaltStrike不错的文章 2. 目前网上的Aggressor Script种类繁多,大多数资源的聚合都是只给出对应的链接,而不说明是干什么的,以至于在查看时不知道如何选择,要一个一个打开看 3. 关于新特性BOF资源的整合 4. 解决要用的时候找不到合适aggressor script或者BOF的问题 5. 如果有本repo没有涉及的优质内容,欢迎大家提交pr 0x01 相关文章合集 基础知识参考: 1. CobaltStrikewiki 2...
rocComExpRce
综合RCE漏洞利用工具...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...
vulhub2
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, web server security, and more. The primary purpose of Vulhub is to provide a simple and easy-to-use...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to a vulnerability in Jenkins' Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins. The exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass...