1886 matches found
vulhub2
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, web server security, and more. The primary purpose of Vulhub is to provide a simple and easy-to-use...
Exploit for CVE-2019-1003000
PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to a vulnerability in Jenkins' Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins. The exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass...
CTF-All-In-One
This repository is an offensive tool for CTF Capture The Flag competitions, specifically targeting Linux systems. The primary vulnerability class is not explicitly stated, but based on the content, it appears to be focused on binary exploitation Pwn. The tool is designed to be used in a CTF...
metasploit-framework
This repository is an offensive tool for Metasploit Framework. The Metasploit Framework is a comprehensive platform for developing and executing exploits, post-exploitation tools, and malware. It is a powerful tool for penetration testers, security researchers, and red teamers. The framework...
exploitdb
This is a repository of exploits and proof-of-concepts for various vulnerabilities in software and systems. The repository is maintained by Offensive Security and is used by penetration testers and vulnerability researchers. The exploits are categorized into different types, including exploits,...
Zeratool
This is an offensive tool for CTF Capture The Flag problems. It is designed to automatically generate exploits and remotely capture flags for exploitable CTF problems. The tool, called Zeratool, uses the angr binary analysis framework to concolically analyze binaries by hooking printf and looking...
vulhub
This is a collection of vulnerable Docker environments, known as Vulhub. It's an open-source project that provides pre-built vulnerable environments for testing and learning purposes. The project is maintained by phith0n and is available on GitHub. The repository contains a variety of vulnerable...
awesome-jenkins-rce-2019
No description...
pocsuite3
This is a Python package called pocsuite3, which is a remote vulnerability testing and proof-of-concept development framework. It is developed by the Knownsec 404 Team and comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security...
BHR_Labs
No description...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security training and testing. The primary vulnerability class targeted by Vulhub is web application vulnerabilities, including Remote Cod...
vulhub
It is an offensive tool for vulnerable environments. The repository contains pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for testing and training purposes. The target product/service or...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, which is not explicitly stated in the provided code. However, based on the code and the context, it appears that the target is a Windows...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploit checklists, including information on how to exploit various vulnerabilities in Spring Boot applications. The repository includes several subdirectories, each containing a specific exploit: 1...
TPScan
thinkphp rce sql tools...
SHIRO-550
No description...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class targeted by Vulhub is not explicitly stated, but it...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
exploitdb
This repository is an official collection of exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need...
CMSmap
It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be designed for testing popular Content Management Systems CMSs such as WordPress,...
ysoserial
This is a Java-based tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to attack vulnerable Java applications. The tool uses a variety of payloads, including CommonsCollectionsK1,...
CDK
This is an offensive tool for container penetration. It is called CDK Container Penetration Toolkit and is designed for offering stable exploitation in different slimmed containers without any OS dependency. The tool comes with useful net-tools and many powerful PoCs/EXPs that help users to escap...
blogpost_qiling_dlink_1
It is an offensive tool for exploiting vulnerabilities in software. The repository contains a Python script that exploits a vulnerability in a software product. The script is designed to be used by a penetration tester or a security researcher to test the security of the software. The script uses...
Exploit for CVE-2020-27949
This is a PoC exploit for CVE-2020-27949, a vulnerability in macOS's DTrace system that allows an attacker to read memory of other processes without elevated permissions. The exploit creates probes in the victim process using the /dev/fasttrap device, which lacks permission checks, allowing any...
emp3r0r
This is a Linux post-exploitation framework made by linux user, known as emp3r0r. The framework is designed to provide a comprehensive set of tools for exploiting and manipulating Linux systems. The framework is composed of several components, including a build script, a command-line interface CL...
ctfs-1
This repository contains notes and code on past CTF Capture The Flag challenges, with a focus on web, crypto, and realistic challenges. The repository is organized into several sections, each covering a different type of challenge. The web section includes write-ups on various web-based challenge...
awesome-virtualization
This is a collection of resources about virtualization, not an exploit or offensive tool. It is a curated list of awesome resources about virtualization, including documentation, books, courses, papers, research projects, and more. The repository includes information on mainstream hypervisors,...
CTF-All-In-One
This is a book about CTF Capture The Flag competitions, specifically the Pwn binary exploitation module. The book is written by Yang Cheng, a member of L-Team, and is aimed at beginners. It covers the basics of binary security, including x86/x64 platforms, Linux systems, and the basics of exploit...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
This repository is an offensive tool for a vulnerability hub. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The repository includes a range of tools, such as Docker image builders, format checkers, and Markdown linters, as...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is a repository for testing and demonstrating various vulnerabilities in different applications and frameworks. The repository contains a variety of vulnerable environments, including web applications, databases, an...
penetration
This is a collection of exploit code and research for various vulnerabilities in web applications, specifically content management systems CMS. The code is written in various programming languages, including PHP, and is used to demonstrate how to exploit vulnerabilities in these systems. The...
PayloadsAllTheThings
This repository is an offensive tool for Web Application Security. It contains various tools and techniques for exploiting web applications, including a cheat sheet for CSRF injection, a CRLF injection tool, and a proof-of-concept for exploiting CORS misconfiguration. The tools and techniques in...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
poc
This repository appears to be a proof-of-concept PoC exploit for a vulnerability in Comodo Antivirus. The code is written in C++ and utilizes the Windows API to interact with the Comodo Antivirus service. The exploit targets the Comodo Antivirus service, which is responsible for scanning files an...
Exploit for Incorrect Default Permissions in Microsoft
Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...
IMChecker
It is an offensive tool for API-misuse detection. The repository, kangleli/IMChecker, is a tool for detecting API-misuse bugs in C programs. It is a static analysis tool that uses a domain-specific language DSL called IMSpec to specify API usage constraints. The tool is designed to identify...
My-CTF-Web-Challenges
This is a collection of CTF Capture The Flag web challenges created by orange. The repository contains source code, write-ups, and idea explanations for various challenges. The challenges are categorized by year, with challenges from HITCON 2018, 2019, and 2020, as well as other CTF events. The...
Pocsuite
It is an offensive tool for vulnerability exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is likely used for exploiting vulnerabilities in web applications. The target product/service or framework is not explicitly stated, but it is likely a web...
Gopherus
This is a Python script for a tool called Gopherus, which is designed to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...
vulhub
It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments for web application security training. The tool is designed to be user-friendly, requiring no prior knowledge of docker, and can be installed and run wit...
BurpSuite-collections
No description...
pentest-wiki
This repository is an information gathering library for penetration testers and researchers, containing various tools and documentation for gathering information about a target organization. The repository includes scripts and guides for performing whois searches, querying whois databases, and...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
HackSysExtremeVulnerableDriver
This is a repository for the HackSys Extreme Vulnerable Driver HEVD, a tool for testing and demonstrating various types of vulnerabilities in Windows drivers. The repository contains build scripts for both 32-bit and 64-bit architectures on Windows and Linux. The repository includes scripts for...
vulhub
It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The vulnerability class/vector is...
CVE
This is a collection of HTML files from a blog about reverse engineering and security. The files are dated from August 2019 to September 2019 and appear to be written in Chinese. The content includes various topics such as: Creating and finding SEH Structured Exception Handler in Windows Input...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary CVE ID present in the context is not explicitly stated, but the repository contains various vulnerable environments, including ones...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The repository contains various proof-of-concept PoC exploits and scripts for exploiting the vulnerability, which affects the Windows SMB protocol. The exploits are designed to demonstrate the vulnerability's impact and are not...
vulhub
It is an offensive tool for Vulnerability Research. This repository contains pre-built vulnerable environments based on Docker-Compose. The tool allows users to easily create and manage vulnerable environments for testing and research purposes. The environments are designed to be easy to use and...
vulhub1
It is an offensive tool for web application vulnerability exploitation. The primary CVE ID is not explicitly mentioned, but the tool appears to be designed for exploiting vulnerabilities in web applications, particularly those related to web frameworks such as Flask. The tool is likely used for...