1886 matches found
MITMf
MITMf is a framework for Man-In-The-Middle attacks. It is a modular and easily extendible tool that aims to provide a one-stop-shop for network attacks. The framework is based on sergio-proxy and has been rewritten from scratch to address the shortcomings of other tools like Ettercap and Mallory...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess
This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the DLL. T...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are the docker-compose files, which are used to build and...
Vxscan
This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository is an offensive tool for ActiveMQ. It is a PoC exploit for CVE-2016-3088. The tool is designed to upload a shell to the ActiveMQ server, allowing for remote code execution. The exploit targets a vulnerability in the ActiveMQ file server, which allows an attacker to upload a file t...
Office8570
This is a Microsoft PowerPoint presentation file .ppt that contains a malicious payload. The file is encoded with a password, and the presentation itself contains a malicious VBA Visual Basic for Applications macro that can be used to deliver a payload. The presentation contains a slide layout th...
pwntools
This repository is an offensive tool for binary exploitation. It is a collection of common binary exploitation tools, including pwntools, a Python library for binary exploitation. The repository includes a variety of tools and scripts for exploiting vulnerabilities in binaries, including exploit...
Exploit for Deserialization of Untrusted Data in Oracle Access_Manager
CVE-2020-2555 is a remote code execution RCE vulnerability in Oracle WebLogic Server. It is caused by a deserialization bug in the com.tangosol.util.extractor.ReflectionExtractor class. The vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted...
penetrationLean
No description...
PrivescCheck
This is an offensive tool for Windows privilege escalation. It is an extended and updated version of PowerUp, aiming to enumerate common Windows security misconfigurations that can be leveraged for privilege escalation and gather various information useful for exploitation and/or post-exploitatio...
exploit-database
This is a repository of exploits and proof-of-concepts for various software vulnerabilities. The repository is maintained by The Exploit Database, a project sponsored by Offensive Security. The database is a collection of publicly available exploits and corresponding vulnerable software, gathered...
commix
This is a PoC exploit for command injection attacks, specifically targeting web-based applications. The tool, named Commix, is designed to automate the process of testing web applications for command injection vulnerabilities. It can be used by web developers, penetration testers, or security...
PowerUpSQL
This is a PowerShell toolkit for attacking SQL Server, called PowerUpSQL. It includes functions for discovering SQL Server instances, auditing for common weak configurations, and escalating privileges on scale. The toolkit is designed for internal penetration tests and red team engagements, but c...
SecGen
This is a Ruby application called SecGen, which creates vulnerable virtual machines for learning and practicing security penetration testing techniques. The application uses Vagrant, Puppet, and Ruby to generate randomly vulnerable virtual machines based on a scenario specification. The scenario...
Exploit for Improper Input Validation in Microsoft
It is an offensive tool for IIS. The repository contains a proof-of-concept PoC exploit for CVE-2020-1350, a vulnerability in IIS. The target product/service is IIS, and the vulnerability class/vector is unspecified. The probable entry point is the .vs/CVE-2020-1350/config/applicationhost.config...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including a Flask SSTI Server-Side Template Injection vulnerability environment. The tool is designed to be easy to use, requiring only two simple commands to...
vulhub-200710
It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, designed for web application security training. The tool is not explicitly stated to be a PoC exploit or an exploit module/toolkit, but...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...
pocsuite
This is a Python-based framework for remote vulnerability testing and proof-of-concept development, known as Pocsuite. It is developed by the Knownsec Security Team and comes with a powerful proof-of-concept engine, many niche features for penetration testers and security researchers. The framewo...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository carvin0316/vulhub contains a collection of vulnerable environments based on Docker-Compose. The target product/service or framework is not explicitly stated, but the environments are designed to be...
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...
Gopherus
This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...
shiro-check-rce
shiro反序列化漏洞检测RCE工具...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The target product/service or framework is not explicitly stated, but the environments are...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary tool in this repository is a Python script named ActiveMQExP/ActiveMQExPV1.0.py, which is designed to exploit a vulnerability in Apache ActiveMQ, specifically...
vulhub
It is an offensive tool for vulnerable environments. The target product/service or framework is a collection of pre-built vulnerable docker environments. The vulnerability class/vector is various, including but not limited to SQL injection, cross-site scripting, and remote code execution. The...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is various, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is not specified, but it...
Vxscan
This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...
fuzzdb-collect
This repository appears to be a collection of files related to filename bruteforce attacks. The files are in a format that suggests they are used for testing or fuzzing purposes. The Extensions.Backup.fuzz.txt file contains a...
CiscoExploit
This is a collection of three separate tools for exploiting vulnerabilities in Cisco devices. The tools are: 1. CiscoRV320Dump-master: This tool is designed to dump the configuration of a Cisco RV320 router. It includes a script called dumpconfig.py that extracts the configuration from the router...
test_hack
This repository contains a collection of exploits and vulnerabilities for various web applications, including CMS systems. The exploits are categorized by the affected application, and each category contains multiple exploits. The first category, "BLUECMS", contains exploits for BlueCMS v1.6 sp1,...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
POC-EXP
This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities. The exploits are written in Python and target different applications, including Apache James Server, Apache Flink Web Dashboard, and Apache Solr. The Apache James Server exploit is a remote command...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...
MCIR
This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...
Exploit for OS Command Injection in Atom Electron
CVE-2018-1000006-DEMO The Demo for CVE-2018-1000006 Analysis Electron v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】 POC 可以直接使用 elecrce\elecrce-win32-x64\elecrce.exe 也可以自己打包成exe应用,生成有漏洞的版本应用,以版本1.7.8为例: electron-packager ./test elecrce --win --out ./elecrce --arch=x64 --version=0.0.1...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable Docker environments, including a Flask SSTI Server-Side Template Injection environment. The tool is designed to be used for testing and training purposes, allowing users to practice...
PayloadsAllTheThings
This is a collection of security-related tools and resources, including a list of useful payloads and bypass techniques for web application security and penetration testing/CTF Capture The Flag. The repository includes tools such as Pacu, an AWS exploitation framework, and Bucket Finder, a tool f...
Exploit for Deserialization of Untrusted Data in Oracle Access_Manager
CVE-2020-2555 is a remote code execution RCE vulnerability in Oracle WebLogic Server. It is caused by a deserialization bug in the com.tangosol.util.extractor.ReflectionExtractor class. The vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The probable entry point is the flask/ssti directory, where the...
penetration
The repository contains a collection of exploit files and scripts for various vulnerabilities in web applications, specifically CMS platforms. The exploits are categorized by the affected CMS, with each category containing multiple exploit files. The exploits are written in various programming...
信息收集
This repository is an information collection tool for penetration testing and vulnerability assessment. It is a collection of scripts and tools for gathering information about a target system or network. The repository is written in Python and includes various modules for different tasks such as...
EquationExploit
Based on the provided code, it appears to be a Windows executable file likely a PE file that contains a malicious payload. The code is written in C and is designed to be compiled and executed on a Windows system. The code is a PE file, which is a type of executable file used on Windows systems. T...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The repository contains various scripts and exploits for demonstrating the vulnerability, including EternalBlue, Eternalchampion, and Eternalromance. The exploits are designed to target Windows systems and can be used to gain...
pwn_category
This is a PoC exploit for a vulnerability in the GNU C Library glibc version 2.3.4. The exploit targets the printfchk function, which is used to perform formatted printing. The vulnerability allows for arbitrary read and write operations in the heap, which can be used to achieve code execution. T...
tater
It is an offensive tool for Windows Privilege Escalation. The tool is called Tater, a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector is Privilege Escalation. The probable entr...
Information_Collection_Handbook
This is a collection of tools and resources for information gathering, specifically for penetration testing and vulnerability assessment. The repository is maintained by Qftm and is available on GitHub. The repository contains a variety of tools and scripts for gathering information about a targe...
metasploit-framework
This is an offensive tool for Metasploit Framework. It is a collection of Ruby code that provides a framework for developing and executing exploits, as well as a platform for testing and validating vulnerabilities. The repository contains a wide range of modules and tools for various tasks,...
Vxscan
Based on the provided code and context, here is a summary of the analysis: Classification: It is an offensive tool for web application security testing. Primary Functionality: The tool, named Vxscan, is designed to perform a comprehensive scan of a web application, including: 1. Sensitive file...
PayloadsAllTheThings
Exploit module/toolkit targeting Amazon Web Services AWS environments. The repository contains a list of useful payloads and bypass for Web Application Security and Pentest/CTF. The primary vulnerability class targeted is CRLF Carriage Return-Line Feed injection, which can be used to inject...