Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/02/17 10:52 p.m.3 views

exploitdb

This repository is an official collection of exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is a repository for exploits and Proof-of-Concepts rather than advisories, making it a valuable resource for those who need...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/02/17 1:35 p.m.3 views

CMSmap

It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be designed for testing popular Content Management Systems CMSs such as WordPress,...

7.3AI score
Exploits0
Gitee
Gitee
added 2021/02/02 3:35 p.m.3 views

ysoserial

This is a Java-based tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to attack vulnerable Java applications. The tool uses a variety of payloads, including CommonsCollectionsK1,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/02/02 2:38 p.m.3 views

vulhub1

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/01/24 10:47 a.m.3 views

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 ------ 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默认管理员密码 admin123 经常被忽略修改,很容易就被利用了。 0x10 靶场环境 0x20 目录结构 CVE-2019-5475 ├──...

9CVSS7.9AI score0.18396EPSS
Exploits5
Gitee
Gitee
added 2021/01/24 10:47 a.m.3 views

Exploit for CVE-2020-27949

This is a PoC exploit for CVE-2020-27949, a vulnerability in macOS's DTrace system that allows an attacker to read memory of other processes without elevated permissions. The exploit creates probes in the victim process using the /dev/fasttrap device, which lacks permission checks, allowing any...

5.5CVSS7.1AI score0.00977EPSS
Exploits2
Gitee
Gitee
added 2021/01/24 10:43 a.m.3 views

emp3r0r

This is a Linux post-exploitation framework made by linux user, known as emp3r0r. The framework is designed to provide a comprehensive set of tools for exploiting and manipulating Linux systems. The framework is composed of several components, including a build script, a command-line interface CL...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/01/24 10:42 a.m.3 views

ctfs-1

This repository contains notes and code on past CTF Capture The Flag challenges, with a focus on web, crypto, and realistic challenges. The repository is organized into several sections, each covering a different type of challenge. The web section includes write-ups on various web-based challenge...

7.6AI score
Exploits0
Gitee
Gitee
added 2021/01/22 2:34 p.m.3 views

awesome-virtualization

This is a collection of resources about virtualization, not an exploit or offensive tool. It is a curated list of awesome resources about virtualization, including documentation, books, courses, papers, research projects, and more. The repository includes information on mainstream hypervisors,...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/01/20 8:52 p.m.3 views

CTF-All-In-One

This is a book about CTF Capture The Flag competitions, specifically the Pwn binary exploitation module. The book is written by Yang Cheng, a member of L-Team, and is aimed at beginners. It covers the basics of binary security, including x86/x64 platforms, Linux systems, and the basics of exploit...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/01/18 12:31 p.m.3 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability hub. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The repository includes a range of tools, such as Docker image builders, format checkers, and Markdown linters, as...

9.8CVSS7.3AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2021/01/17 11:22 p.m.3 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a repository for testing and demonstrating various vulnerabilities in different applications and frameworks. The repository contains a variety of vulnerable environments, including web applications, databases, an...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/01/15 4:1 p.m.3 views

PayloadsAllTheThings

It is an offensive tool for general-purpose. This repository contains a collection of payloads for various purposes, including exploitation and testing. The payloads are not specifically tied to a particular CVE or GHSA ID. The target product/service or framework is not explicitly stated, but the...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/01/13 10:39 p.m.3 views

penetration

This is a collection of exploit code and research for various vulnerabilities in web applications, specifically content management systems CMS. The code is written in various programming languages, including PHP, and is used to demonstrate how to exploit vulnerabilities in these systems. The...

8.4AI score
Exploits0
Gitee
Gitee
added 2021/01/09 1:29 a.m.3 views

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security. It contains various tools and techniques for exploiting web applications, including a cheat sheet for CSRF injection, a CRLF injection tool, and a proof-of-concept for exploiting CORS misconfiguration. The tools and techniques in...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/01/09 1:26 a.m.3 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/12/29 8:32 p.m.3 views

poc

This repository appears to be a proof-of-concept PoC exploit for a vulnerability in Comodo Antivirus. The code is written in C++ and utilizes the Windows API to interact with the Comodo Antivirus service. The exploit targets the Comodo Antivirus service, which is responsible for scanning files an...

8AI score
Exploits0
Gitee
Gitee
added 2020/12/28 4:25 p.m.3 views

Exploit for Incorrect Default Permissions in Microsoft

Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques based on Mitre ATT&CK You c...

8.8CVSS8.9AI score0.15257EPSS
Exploits4
Gitee
Gitee
added 2020/12/23 7:5 p.m.3 views

IMChecker

It is an offensive tool for API-misuse detection. The repository, kangleli/IMChecker, is a tool for detecting API-misuse bugs in C programs. It is a static analysis tool that uses a domain-specific language DSL called IMSpec to specify API usage constraints. The tool is designed to identify...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/20 1:27 p.m.3 views

My-CTF-Web-Challenges

This is a collection of CTF Capture The Flag web challenges created by orange. The repository contains source code, write-ups, and idea explanations for various challenges. The challenges are categorized by year, with challenges from HITCON 2018, 2019, and 2020, as well as other CTF events. The...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/12/12 10:51 p.m.3 views

Pocsuite

It is an offensive tool for vulnerability exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is likely used for exploiting vulnerabilities in web applications. The target product/service or framework is not explicitly stated, but it is likely a web...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/12/10 2:28 a.m.3 views

PolyAsciiShellGen

It is an offensive tool for x86 platforms. The primary CVE ID present in the provided context is not explicitly stated, but the tool is related to bypassing MSB data filters for buffer overflow exploits on Intel x86 platforms, as described in the paper "Bypassing MSB Data Filters for Buffer...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/09 9:42 a.m.3 views

Gopherus

This is a Python script for a tool called Gopherus, which is designed to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/12/08 10:54 p.m.3 views

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments for web application security training. The tool is designed to be user-friendly, requiring no prior knowledge of docker, and can be installed and run wit...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/12/06 11:12 a.m.3 views

BurpSuite-collections

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/12/05 1:22 p.m.3 views

pentest-wiki

This repository is an information gathering library for penetration testers and researchers, containing various tools and documentation for gathering information about a target organization. The repository includes scripts and guides for performing whois searches, querying whois databases, and...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/12/03 4:36 p.m.3 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/12/02 2:8 p.m.3 views

HackSysExtremeVulnerableDriver

This is a repository for the HackSys Extreme Vulnerable Driver HEVD, a tool for testing and demonstrating various types of vulnerabilities in Windows drivers. The repository contains build scripts for both 32-bit and 64-bit architectures on Windows and Linux. The repository includes scripts for...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/12/01 4:32 p.m.3 views

vulhub1

It is an offensive tool for web application exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it appears to be a collection of pre-built vulnerable environments based on Docker-Compose. The repository contains various Docker-Compose files for...

8AI score
Exploits0
Gitee
Gitee
added 2020/11/27 3:49 p.m.3 views

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The vulnerability class/vector is...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/11/27 2:42 p.m.3 views

CVE

This is a collection of HTML files from a blog about reverse engineering and security. The files are dated from August 2019 to September 2019 and appear to be written in Chinese. The content includes various topics such as: Creating and finding SEH Structured Exception Handler in Windows Input...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/11/27 10:58 a.m.3 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploits and research materials. The repository includes various projects, each targeting a specific vulnerability in Spring Boot applications. The vulnerabilities include: 1. JNDI Object deserialization RCE Remote Code Execution ...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/26 12:56 a.m.3 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary CVE ID present in the context is not explicitly stated, but the repository contains various vulnerable environments, including ones...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/11/22 3:59 p.m.3 views

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The repository contains various proof-of-concept PoC exploits and scripts for exploiting the vulnerability, which affects the Windows SMB protocol. The exploits are designed to demonstrate the vulnerability's impact and are not...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/11/21 10:13 p.m.3 views

vulhub

It is an offensive tool for Vulnerability Research. This repository contains pre-built vulnerable environments based on Docker-Compose. The tool allows users to easily create and manage vulnerable environments for testing and research purposes. The environments are designed to be easy to use and...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/11/20 1:24 p.m.3 views

vulhub1

It is an offensive tool for web application vulnerability exploitation. The primary CVE ID is not explicitly mentioned, but the tool appears to be designed for exploiting vulnerabilities in web applications, particularly those related to web frameworks such as Flask. The tool is likely used for...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/11/17 3:27 p.m.3 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The primary CVE ID present in the context is not explicitly stated, but the repository contains various vulnerable environments, including ones...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/11/17 10:5 a.m.3 views

pocsuite3

This is a Python package called pocsuite3, which is a remote vulnerability testing and proof-of-concept development framework. It is developed by the Knownsec 404 Team and comes with a powerful proof-of-concept engine, many powerful features for penetration testers and security researchers. The...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/11/16 9:6 p.m.3 views

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for web application security training. The...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/15 2:20 p.m.3 views

nishang

This repository is an offensive tool for Windows exploitation, specifically for adding backdoors to Windows systems. It contains a collection of PowerShell scripts that can be used to add various types of backdoors, including constrained delegation backdoors, registry backdoors, and screensaver...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/11/13 1:35 p.m.3 views

CTF-All-In-One

This repository is an offensive tool for CTF Capture The Flag competitions, specifically targeting Linux binary security. The repository contains a collection of tools and resources for learning and practicing binary exploitation, reverse engineering, and other related skills. The repository...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/11/12 12:35 a.m.3 views

linuxkernel_pwn

It is an offensive tool for Linux kernel exploitation. The repository contains a Makefile that compiles and builds two exploits: expdoublefetch and expsidechannel. The primary CVE ID is not explicitly mentioned, but the exploits target Linux kernel vulnerabilities. The probable entry points are t...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/11/11 10:39 p.m.3 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and others. The tool allows users to easily create and run vulnerable environments for testing and training...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/07 10:39 p.m.3 views

dedecmscan

This is a Python script for a web application vulnerability scanner, specifically targeting DedeCMS versions. The script is designed to identify various vulnerabilities in the application, including SQL injection, cross-site scripting XSS, and other potential issues. The script consists of severa...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/05 6:1 p.m.3 views

vulhub2

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/11/05 3:39 p.m.3 views

marshalsec

This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/04 2:0 p.m.3 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/11/04 1:54 a.m.3 views

Pocsuite

This is an offensive tool for penetration testing and vulnerability assessment. It is a Python-based framework called Pocsuite, developed by the Knownsec 404 Team. The tool is designed to perform remote vulnerability testing and proof-of-concept development. The target product/service or framewor...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/11/03 5:22 p.m.3 views

vulhub

It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/03 2:9 p.m.3 views

isf1

This is an offensive tool for Industrial Control Systems ICS exploitation. It is a Python-based framework, similar to Metasploit, designed for ICS exploitation. The framework is called ICSSploit and is a fork of the routersploit project. The tool has various modules for different types of ICS...

7.1AI score
Exploits0
Total number of security vulnerabilities1886