Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/11/15 2:20 p.m.3 views

nishang

This repository is an offensive tool for Windows exploitation, specifically for adding backdoors to Windows systems. It contains a collection of PowerShell scripts that can be used to add various types of backdoors, including constrained delegation backdoors, registry backdoors, and screensaver...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/11/13 1:35 p.m.3 views

CTF-All-In-One

This repository is an offensive tool for CTF Capture The Flag competitions, specifically targeting Linux binary security. The repository contains a collection of tools and resources for learning and practicing binary exploitation, reverse engineering, and other related skills. The repository...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/11/12 12:35 a.m.3 views

linuxkernel_pwn

It is an offensive tool for Linux kernel exploitation. The repository contains a Makefile that compiles and builds two exploits: expdoublefetch and expsidechannel. The primary CVE ID is not explicitly mentioned, but the exploits target Linux kernel vulnerabilities. The probable entry points are t...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/11/11 10:39 p.m.3 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including Flask SSTI, Apache Parsing Vulnerability, and others. The tool allows users to easily create and run vulnerable environments for testing and training...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/08 11:26 p.m.3 views

ScanCVE

This is a PoC exploit for CVE-2021-NNNN, an exploit module/toolkit targeting GitHub. The target product/service is GitHub, and the vulnerability class/vector is not explicitly stated, but it appears to be related to CVE monitoring and alerting. The probable entry point is the ScanCVE.py script,...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/07 10:39 p.m.3 views

dedecmscan

This is a Python script for a web application vulnerability scanner, specifically targeting DedeCMS versions. The script is designed to identify various vulnerabilities in the application, including SQL injection, cross-site scripting XSS, and other potential issues. The script consists of severa...

7AI score
Exploits0
Gitee
Gitee
added 2020/11/05 6:1 p.m.3 views

vulhub2

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/11/05 3:39 p.m.3 views

marshalsec

This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/11/04 2:0 p.m.3 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/11/04 1:54 a.m.3 views

Pocsuite

This is an offensive tool for penetration testing and vulnerability assessment. It is a Python-based framework called Pocsuite, developed by the Knownsec 404 Team. The tool is designed to perform remote vulnerability testing and proof-of-concept development. The target product/service or framewor...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/11/03 5:22 p.m.3 views

vulhub

It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/11/03 2:9 p.m.3 views

isf1

This is an offensive tool for Industrial Control Systems ICS exploitation. It is a Python-based framework, similar to Metasploit, designed for ICS exploitation. The framework is called ICSSploit and is a fork of the routersploit project. The tool has various modules for different types of ICS...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/11/03 1:35 p.m.3 views

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/11/02 3:16 p.m.3 views

Exploit for Code Injection in Redhat Richfaces

CVE-2018-14667-poc Richfaces漏洞环境及PoC 靶场:vulenvironment下的war包直接丢到tomcat即可 PoC build:build artifactId run:java -jar CVE-2018-14667-poc.jar "cmd" about debug 直接将vulenvironment下的war包下的war解压,然后从idea导入,并将tomcat下的lib添加到library path request demo: GET...

9.8CVSS7AI score0.74171EPSS
Exploits6
Gitee
Gitee
added 2020/10/21 10:54 p.m.3 views

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including various web applications and services, designed to demonstrate common vulnerabilities. The tool is used to create a vulnerable environment for testing and...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/10/13 4:31 p.m.3 views

Exploit for Buffer Underflow in Microsoft

简介 安全行业小工具以及学习资源收集项目,此项目部分内容来自:https://www.t00ls.net/thread-38964-1-1.html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程,学习平台等等。 设备基线加固资料 https://github.com/re4lity/Benchmarks https://learn.cisecurity.org/benchmarks https://nvd.nist.gov/ncp/repository 内网渗透学习资料...

9.3CVSS7.1AI score0.89557EPSS
Exploits25
Gitee
Gitee
added 2020/10/13 2:27 p.m.3 views

vulhub1

It is an offensive tool for web application vulnerability training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Git, InfluxDB, and more. The vulnerability class/vector is no...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/10/08 5:10 p.m.3 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...

9.8CVSS7AI score0.93143EPSS
Exploits9
Gitee
Gitee
added 2020/10/06 8:56 p.m.3 views

ICS-security

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several categories, including a directory of...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/10/06 8:53 p.m.3 views

SQLInjectionWiki

This is a comprehensive wiki on SQL injection, a type of web application security vulnerability. The wiki is maintained by NetSPI and is available in both English and Chinese versions. The wiki covers various aspects of SQL injection, including detection, exploitation, and mitigation. The wiki...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/10/06 8:50 p.m.3 views

maltrail

This is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. The system can detect various types of malicious traffic, including domain name, URL, IP address, and HTTP User-Agent header value. It also uses advanced...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/10/02 10:7 p.m.3 views

BurpSuite-collections

有关burpsuite的插件非商店,文章以及使用技巧的收集此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载---Collection of burpsuite plugins non-stores, articles and tips for using Burpsuite, no crack version file...

7AI score
Exploits0
Gitee
Gitee
added 2020/10/01 2:55 p.m.3 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The repository contains various vulnerable environments, each with its own set of vulnerabilities, allowing users to test and learn about different types of attacks. The environments are built using Docker and Docker...

9.8CVSS7AI score0.99686EPSS
Exploits45
Gitee
Gitee
added 2020/09/27 3:16 p.m.3 views

Vulmap

This is a vulnerability scanner tool called Vulmap, developed by vulmon. It is an open-source online local vulnerability scanner project that scans installed software on a host and checks for vulnerabilities against the vulmon API. The tool can be used for defensive and offensive purposes,...

7AI score
Exploits0
Gitee
Gitee
added 2020/09/26 9:20 p.m.3 views

jsrsasign

This is an open-source JavaScript library called jsrsasign, which provides cryptographic functions for RSA/RSAPSS/ECDSA/DSA signing and validation, ASN.1, PKCS1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, and CAdES. The library is available on Node.js and...

7AI score
Exploits0
Gitee
Gitee
added 2020/09/13 12:55 p.m.3 views

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan. It is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/09/11 3:4 p.m.3 views

Exploit for CVE-2016-2384

This repository contains a proof-of-concept exploit for the vulnerability in the usb-midi Linux kernel driver CVE-2016-2384. The exploit targets a use-after-free bug in the driver, which can be exploited to gain root privileges. The exploit consists of two parts: a userspace part poc.py and a...

4.9CVSS7.5AI score0.03723EPSS
Exploits10
Gitee
Gitee
added 2020/09/11 3:0 p.m.3 views

My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/09/04 11:14 a.m.3 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. This repository contains a collection of payloads, but no specific exploit or vulnerability is identified. The provided code snippet is a funding model configuration for GitHub Sponsors and Ko-fi, indicating that the repository's author is ope...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/09/04 10:2 a.m.3 views

vulhub

It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The vulnerability class/vector is not...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/09/03 10:33 a.m.3 views

vuls

The repository is a collection of exploits, proof-of-concepts, and other resources for various vulnerabilities. The primary language used in the repository is Chinese, but some code snippets and comments are in English. The repository appears to be a collection of tools and scripts for exploiting...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/09/01 3:33 p.m.3 views

BurpSuite-collections

burp插件...

7AI score
Exploits0
Gitee
Gitee
added 2020/09/01 11:17 a.m.3 views

BurpSuite-collections

No description...

7AI score
Exploits0
Gitee
Gitee
added 2020/09/01 9:22 a.m.3 views

PowerSploit

This is a PowerShell module repository called PowerSploit, which is a collection of tools for penetration testing and red teaming. The repository contains several modules, including AntivirusBypass and CodeExecution. The AntivirusBypass module is designed to help evade antivirus detection, and it...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/09/01 9:22 a.m.3 views

ysoserial

This is a Java tool called ysoserial, which is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to execute arbitrary code on a Java application that performs unsafe deserialization of objects...

8AI score
Exploits0
Gitee
Gitee
added 2020/08/30 8:12 p.m.3 views

welpwn

This is an exploit module for a vulnerability in a binary, targeting a heap-based buffer overflow. The module is part of the PwnContext framework, which is a Python library for exploitation and reverse engineering. The module is designed to exploit a vulnerability in a binary that allows for a...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/08/17 5:25 p.m.3 views

pwn_example

This is a C programming challenge repository, specifically designed for learning and practicing stack-based buffer overflow attacks. The repository contains several example projects, each demonstrating a different type of attack. The main project, "pwnheapbase/useafterfree", is a simple note-taki...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/08/17 3:50 p.m.3 views

shadowbroker

This repository, ctfer-stao/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository includes a README file with links to a Steemit post and an archived webpage, which likely provide more information about the contents of the repository. The repository...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/08/10 5:44 p.m.3 views

BurpSuite-collections

有关burpsuite的插件非商店,文章以及使用技巧的收集此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载---Collection of burpsuite plugins non-stores, articles and tips for using Burpsuite, no crack version file...

7AI score
Exploits0
Gitee
Gitee
added 2020/08/07 1:41 p.m.3 views

pwnstudy

The provided context is a GitHub repository named "zhangbo123321/pwnstudy" containing a file named "Article/2018西普杯全国高校信息安全铁人三项大赛-河南赛区个人赛题解.md". This file appears to be a solution to a CTF Capture The Flag challenge, specifically a pwn challenge, from a 2018 national collegiate cybersecurity...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/08/07 1:37 p.m.3 views

webcgi-exploits

This repository is an offensive tool for Web CGI interfaces. It contains exploits for various web CGI interfaces, including PHP and Python. The primary focus is on FastCGI and Apache Modphp. The exploits are designed to take advantage of vulnerabilities in the web CGI interfaces, allowing for...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/08/07 12:45 p.m.3 views

penetration

This repository contains a collection of 0-day exploits and vulnerabilities for various CMS platforms, including CreateLive CMS, BlueCMS, and DVBBS. The exploits are primarily SQL injection and file upload vulnerabilities. The CreateLive CMS exploits include: A SQL injection vulnerability in the...

9AI score
Exploits0
Gitee
Gitee
added 2020/08/05 9:53 a.m.3 views

KITT-Lite

This is an offensive tool for wireless network exploitation. It is a collection of scripts and tools for various wireless-related tasks, including wireless network scanning, device identification, and password cracking. The toolset includes scripts for tasks such as: Wireless network scanning usi...

7AI score
Exploits0
Gitee
Gitee
added 2020/08/04 5:58 p.m.3 views

pwntools

This repository is an offensive tool for binary exploitation, specifically a Python library for writing exploits. It is not a PoC exploit for a specific CVE, but rather a toolkit for creating exploits. The primary vulnerability class targeted by this library is not explicitly stated, but it is...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/08/03 10:41 a.m.3 views

pwntools

It is an offensive tool for binary exploitation. The repository contains the pwntools project, a Python library for binary exploitation. The primary vulnerability class targeted by this tool is RCE Remote Code Execution. The probable entry points for this tool are the exploit.py script and the...

8AI score
Exploits0
Gitee
Gitee
added 2020/08/01 12:57 a.m.3 views

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350, a Windows DNS DoS vulnerability. The target product/service is Windows DNS server, and the vulnerability class/vector is a denial-of-service DoS attack. The probable entry point is the sigreddos.py script, which listens on port 53 on both TCP and UDP. Notable...

10CVSS9.4AI score0.92178EPSS
Exploits21
Gitee
Gitee
added 2020/07/31 5:53 p.m.3 views

MITMf

MITMf is a framework for Man-In-The-Middle attacks. It is a modular and easily extendible tool that aims to provide a one-stop-shop for network attacks. The framework is based on sergio-proxy and has been rewritten from scratch to address the shortcomings of other tools like Ettercap and Mallory...

7AI score
Exploits0
Gitee
Gitee
added 2020/07/30 8:16 p.m.3 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the DLL. T...

10CVSS9.8AI score0.16655EPSS
Exploits9
Gitee
Gitee
added 2020/07/28 5:42 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are the docker-compose files, which are used to build and...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/07/28 10:29 a.m.3 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...

7.4AI score
Exploits0
Total number of security vulnerabilities1886