Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/07/17 1:24 a.m.3 views

exploit-database

This is a repository of exploits and proof-of-concepts for various software vulnerabilities. The repository is maintained by The Exploit Database, a project sponsored by Offensive Security. The database is a collection of publicly available exploits and corresponding vulnerable software, gathered...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/07/17 1:23 a.m.3 views

commix

This is a PoC exploit for command injection attacks, specifically targeting web-based applications. The tool, named Commix, is designed to automate the process of testing web applications for command injection vulnerabilities. It can be used by web developers, penetration testers, or security...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/07/17 1:23 a.m.3 views

PowerUpSQL

This is a PowerShell toolkit for attacking SQL Server, called PowerUpSQL. It includes functions for discovering SQL Server instances, auditing for common weak configurations, and escalating privileges on scale. The toolkit is designed for internal penetration tests and red team engagements, but c...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/07/17 1:22 a.m.3 views

SecGen

This is a Ruby application called SecGen, which creates vulnerable virtual machines for learning and practicing security penetration testing techniques. The application uses Vagrant, Puppet, and Ruby to generate randomly vulnerable virtual machines based on a scenario specification. The scenario...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/07/15 11:12 a.m.3 views

Exploit for Improper Input Validation in Microsoft

It is an offensive tool for IIS. The repository contains a proof-of-concept PoC exploit for CVE-2020-1350, a vulnerability in IIS. The target product/service is IIS, and the vulnerability class/vector is unspecified. The probable entry point is the .vs/CVE-2020-1350/config/applicationhost.config...

10CVSS9.4AI score0.92178EPSS
Exploits21
Gitee
Gitee
added 2020/07/14 11:36 a.m.3 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including a Flask SSTI Server-Side Template Injection vulnerability environment. The tool is designed to be easy to use, requiring only two simple commands to...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/07/10 9:53 a.m.3 views

vulhub-200710

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, designed for web application security training. The tool is not explicitly stated to be a PoC exploit or an exploit module/toolkit, but...

7AI score
Exploits0
Gitee
Gitee
added 2020/07/07 10:42 a.m.3 views

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/07/01 2:53 p.m.3 views

pocsuite

This is a Python-based framework for remote vulnerability testing and proof-of-concept development, known as Pocsuite. It is developed by the Knownsec Security Team and comes with a powerful proof-of-concept engine, many niche features for penetration testers and security researchers. The framewo...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/06/26 4:35 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository carvin0316/vulhub contains a collection of vulnerable environments based on Docker-Compose. The target product/service or framework is not explicitly stated, but the environments are designed to be...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/06/26 11:0 a.m.3 views

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

7AI score
Exploits0
Gitee
Gitee
added 2020/06/26 11:0 a.m.3 views

Gopherus

This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/06/20 12:50 a.m.3 views

shiro-check-rce

shiro反序列化漏洞检测RCE工具...

7AI score
Exploits0
Gitee
Gitee
added 2020/06/19 1:32 p.m.3 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

This is a PoC exploit for CVE-2013-0001, a SQL injection vulnerability scanner written in Python. The target product/service is a web application, and the vulnerability class is SQL injection. The probable entry point is the sqliscanner.py script, which is invoked by running the script with the -...

4.3CVSS8.1AI score0.13553EPSS
Exploits1
Gitee
Gitee
added 2020/06/18 10:29 a.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The target product/service or framework is not explicitly stated, but the environments are...

6.5AI score
Exploits0
Gitee
Gitee
added 2020/06/12 3:13 p.m.3 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary tool in this repository is a Python script named ActiveMQExP/ActiveMQExPV1.0.py, which is designed to exploit a vulnerability in Apache ActiveMQ, specifically...

9.8CVSS8.1AI score0.98518EPSS
Exploits19
Gitee
Gitee
added 2020/06/03 4:6 p.m.3 views

vulhub

It is an offensive tool for vulnerable environments. The target product/service or framework is a collection of pre-built vulnerable docker environments. The vulnerability class/vector is various, including but not limited to SQL injection, cross-site scripting, and remote code execution. The...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/06/02 11:30 p.m.3 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is various, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is not specified, but it...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/06/02 8:52 p.m.3 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...

7.4AI score
Exploits0
Gitee
Gitee
added 2020/05/30 9:2 p.m.3 views

fuzzdb-collect

This repository appears to be a collection of files related to filename bruteforce attacks. The files are in a format that suggests they are used for testing or fuzzing purposes. The Extensions.Backup.fuzz.txt file contains a...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/05/26 2:47 p.m.3 views

test_hack

This repository contains a collection of exploits and vulnerabilities for various web applications, including CMS systems. The exploits are categorized by the affected application, and each category contains multiple exploits. The first category, "BLUECMS", contains exploits for BlueCMS v1.6 sp1,...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/05/26 11:17 a.m.3 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/05/23 9:34 a.m.3 views

POC-EXP

This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities. The exploits are written in Python and target different applications, including Apache James Server, Apache Flink Web Dashboard, and Apache Solr. The Apache James Server exploit is a remote command...

8.9AI score
Exploits0
Gitee
Gitee
added 2020/05/22 1:54 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...

8.4AI score
Exploits0
Gitee
Gitee
added 2020/05/21 12:25 p.m.3 views

MCIR

This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...

8.1AI score
Exploits0
Gitee
Gitee
added 2020/05/15 11:4 p.m.3 views

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO The Demo for CVE-2018-1000006 Analysis Electron v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】 POC 可以直接使用 elecrce\elecrce-win32-x64\elecrce.exe 也可以自己打包成exe应用,生成有漏洞的版本应用,以版本1.7.8为例: electron-packager ./test elecrce --win --out ./elecrce --arch=x64 --version=0.0.1...

9.3CVSS7AI score0.84707EPSS
Exploits31
Gitee
Gitee
added 2020/05/15 10:28 p.m.3 views

vulhub

It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable Docker environments, including a Flask SSTI Server-Side Template Injection environment. The tool is designed to be used for testing and training purposes, allowing users to practice...

8.2AI score
Exploits0
Gitee
Gitee
added 2020/05/09 6:53 p.m.3 views

PayloadsAllTheThings

This is a collection of security-related tools and resources, including a list of useful payloads and bypass techniques for web application security and penetration testing/CTF Capture The Flag. The repository includes tools such as Pacu, an AWS exploitation framework, and Bucket Finder, a tool f...

7AI score
Exploits0
Gitee
Gitee
added 2020/05/06 3:20 p.m.3 views

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

CVE-2020-2555 is a remote code execution RCE vulnerability in Oracle WebLogic Server. It is caused by a deserialization bug in the com.tangosol.util.extractor.ReflectionExtractor class. The vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted...

9.8CVSS9.8AI score0.97116EPSS
Exploits26
Gitee
Gitee
added 2020/05/05 4:26 p.m.3 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The probable entry point is the flask/ssti directory, where the...

8.3AI score
Exploits0
Gitee
Gitee
added 2020/04/27 7:36 p.m.3 views

penetration

The repository contains a collection of exploit files and scripts for various vulnerabilities in web applications, specifically CMS platforms. The exploits are categorized by the affected CMS, with each category containing multiple exploit files. The exploits are written in various programming...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/26 2:20 p.m.3 views

信息收集

This repository is an information collection tool for penetration testing and vulnerability assessment. It is a collection of scripts and tools for gathering information about a target system or network. The repository is written in Python and includes various modules for different tasks such as...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/04/26 9:31 a.m.3 views

EquationExploit

Based on the provided code, it appears to be a Windows executable file likely a PE file that contains a malicious payload. The code is written in C and is designed to be compiled and executed on a Windows system. The code is a PE file, which is a type of executable file used on Windows systems. T...

7AI score
Exploits0
Gitee
Gitee
added 2020/04/26 9:31 a.m.3 views

MS17-010

This repository is for public analysis of the MS17-010 vulnerability. The repository contains various scripts and exploits for demonstrating the vulnerability, including EternalBlue, Eternalchampion, and Eternalromance. The exploits are designed to target Windows systems and can be used to gain...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/04/23 9:46 p.m.3 views

pwn_category

This is a PoC exploit for a vulnerability in the GNU C Library glibc version 2.3.4. The exploit targets the printfchk function, which is used to perform formatted printing. The vulnerability allows for arbitrary read and write operations in the heap, which can be used to achieve code execution. T...

7.7AI score
Exploits0
Gitee
Gitee
added 2020/04/19 11:8 p.m.3 views

tater

It is an offensive tool for Windows Privilege Escalation. The tool is called Tater, a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector is Privilege Escalation. The probable entr...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/04/17 9:42 p.m.3 views

Information_Collection_Handbook

This is a collection of tools and resources for information gathering, specifically for penetration testing and vulnerability assessment. The repository is maintained by Qftm and is available on GitHub. The repository contains a variety of tools and scripts for gathering information about a targe...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/14 5:58 p.m.3 views

metasploit-framework

This is an offensive tool for Metasploit Framework. It is a collection of Ruby code that provides a framework for developing and executing exploits, as well as a platform for testing and validating vulnerabilities. The repository contains a wide range of modules and tools for various tasks,...

8.6AI score
Exploits0
Gitee
Gitee
added 2020/03/28 4:57 p.m.3 views

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/28 4:54 p.m.3 views

Vxscan

Based on the provided code and context, here is a summary of the analysis: Classification: It is an offensive tool for web application security testing. Primary Functionality: The tool, named Vxscan, is designed to perform a comprehensive scan of a web application, including: 1. Sensitive file...

8.6AI score
Exploits0
Gitee
Gitee
added 2020/03/28 12:48 a.m.3 views

PayloadsAllTheThings

Exploit module/toolkit targeting Amazon Web Services AWS environments. The repository contains a list of useful payloads and bypass for Web Application Security and Pentest/CTF. The primary vulnerability class targeted is CRLF Carriage Return-Line Feed injection, which can be used to inject...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/03/28 12:36 a.m.3 views

PrivEsc

PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/28 12:35 a.m.3 views

Unix-PrivEsc

UNIX-PrivEsc ============ This is just an effort to aggregate local UNIX privilege escalation exploits. They are all publicly available but don't allow for a sensible overview + it's always the quirky ones that you can't find when you need them. I am going to progressively push out exploits from ...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/24 8:39 p.m.4 views

PayloadsAllTheThings

This repository is an offensive tool for API key and bucket S3 exploitation. It contains tools and exploits for various types of attacks, including CRLF injection, CSRF injection, and API key leaks. The repository includes a variety of scripts and modules for different types of attacks, such as...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/03/23 1:33 p.m.3 views

CMSmap

It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context, but the tool is designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool,...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/03/21 10:13 a.m.3 views

fuzzdb-collect

Based on the provided code and context, I will analyze the situation and provide a concise summary. Summary: The provided code appears to be a Python script designed to perform...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/03/15 1:44 p.m.3 views

exploitdb

This repository is an official collection of exploits and Proof-of-Concepts for various software vulnerabilities, maintained by Offensive Security. The repository is updated daily with the most recently added submissions. Exploits are located in the /exploits/ directory, and shellcodes can be fou...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/03/06 8:17 p.m.3 views

kernel_exploit_series

This repository is an exploit series for learning how to exploit kernel vulnerabilities, specifically targeting the Linux kernel. The repository contains various exploit modules and tools, including: 1. 1-heapsprayUAF: This directory contains exploit code for a use-after-free UAF vulnerability in...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/03 7:37 p.m.3 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...

6.5CVSS8AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/02/21 5:1 p.m.3 views

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The primary target of this tool is the Metasploit Framework itself, which is a Ruby-based framework for developing and executing...

8.5AI score
Exploits0
Total number of security vulnerabilities1886