1886 matches found
exploit-database
This is a repository of exploits and proof-of-concepts for various software vulnerabilities. The repository is maintained by The Exploit Database, a project sponsored by Offensive Security. The database is a collection of publicly available exploits and corresponding vulnerable software, gathered...
commix
This is a PoC exploit for command injection attacks, specifically targeting web-based applications. The tool, named Commix, is designed to automate the process of testing web applications for command injection vulnerabilities. It can be used by web developers, penetration testers, or security...
PowerUpSQL
This is a PowerShell toolkit for attacking SQL Server, called PowerUpSQL. It includes functions for discovering SQL Server instances, auditing for common weak configurations, and escalating privileges on scale. The toolkit is designed for internal penetration tests and red team engagements, but c...
SecGen
This is a Ruby application called SecGen, which creates vulnerable virtual machines for learning and practicing security penetration testing techniques. The application uses Vagrant, Puppet, and Ruby to generate randomly vulnerable virtual machines based on a scenario specification. The scenario...
Exploit for Improper Input Validation in Microsoft
It is an offensive tool for IIS. The repository contains a proof-of-concept PoC exploit for CVE-2020-1350, a vulnerability in IIS. The target product/service is IIS, and the vulnerability class/vector is unspecified. The probable entry point is the .vs/CVE-2020-1350/config/applicationhost.config...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including a Flask SSTI Server-Side Template Injection vulnerability environment. The tool is designed to be easy to use, requiring only two simple commands to...
vulhub-200710
It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose, designed for web application security training. The tool is not explicitly stated to be a PoC exploit or an exploit module/toolkit, but...
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...
pocsuite
This is a Python-based framework for remote vulnerability testing and proof-of-concept development, known as Pocsuite. It is developed by the Knownsec Security Team and comes with a powerful proof-of-concept engine, many niche features for penetration testers and security researchers. The framewo...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository carvin0316/vulhub contains a collection of vulnerable environments based on Docker-Compose. The target product/service or framework is not explicitly stated, but the environments are designed to be...
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...
Gopherus
This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...
shiro-check-rce
shiro反序列化漏洞检测RCE工具...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
This is a PoC exploit for CVE-2013-0001, a SQL injection vulnerability scanner written in Python. The target product/service is a web application, and the vulnerability class is SQL injection. The probable entry point is the sqliscanner.py script, which is invoked by running the script with the -...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The target product/service or framework is not explicitly stated, but the environments are...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary tool in this repository is a Python script named ActiveMQExP/ActiveMQExPV1.0.py, which is designed to exploit a vulnerability in Apache ActiveMQ, specifically...
vulhub
It is an offensive tool for vulnerable environments. The target product/service or framework is a collection of pre-built vulnerable docker environments. The vulnerability class/vector is various, including but not limited to SQL injection, cross-site scripting, and remote code execution. The...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is various, including Flask, Apache, Nginx, and Jenkins. The vulnerability class/vector is not specified, but it...
Vxscan
This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection,...
fuzzdb-collect
This repository appears to be a collection of files related to filename bruteforce attacks. The files are in a format that suggests they are used for testing or fuzzing purposes. The Extensions.Backup.fuzz.txt file contains a...
test_hack
This repository contains a collection of exploits and vulnerabilities for various web applications, including CMS systems. The exploits are categorized by the affected application, and each category contains multiple exploits. The first category, "BLUECMS", contains exploits for BlueCMS v1.6 sp1,...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
POC-EXP
This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities. The exploits are written in Python and target different applications, including Apache James Server, Apache Flink Web Dashboard, and Apache Solr. The Apache James Server exploit is a remote command...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The repository contains a collection of docker-compose files for various vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and more. The environments are designed to be easy to use, with simple...
MCIR
This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...
Exploit for OS Command Injection in Atom Electron
CVE-2018-1000006-DEMO The Demo for CVE-2018-1000006 Analysis Electron v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】 POC 可以直接使用 elecrce\elecrce-win32-x64\elecrce.exe 也可以自己打包成exe应用,生成有漏洞的版本应用,以版本1.7.8为例: electron-packager ./test elecrce --win --out ./elecrce --arch=x64 --version=0.0.1...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable Docker environments, including a Flask SSTI Server-Side Template Injection environment. The tool is designed to be used for testing and training purposes, allowing users to practice...
PayloadsAllTheThings
This is a collection of security-related tools and resources, including a list of useful payloads and bypass techniques for web application security and penetration testing/CTF Capture The Flag. The repository includes tools such as Pacu, an AWS exploitation framework, and Bucket Finder, a tool f...
Exploit for Deserialization of Untrusted Data in Oracle Access_Manager
CVE-2020-2555 is a remote code execution RCE vulnerability in Oracle WebLogic Server. It is caused by a deserialization bug in the com.tangosol.util.extractor.ReflectionExtractor class. The vulnerability allows an attacker to execute arbitrary code on the server by sending a specially crafted...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The probable entry point is the flask/ssti directory, where the...
penetration
The repository contains a collection of exploit files and scripts for various vulnerabilities in web applications, specifically CMS platforms. The exploits are categorized by the affected CMS, with each category containing multiple exploit files. The exploits are written in various programming...
信息收集
This repository is an information collection tool for penetration testing and vulnerability assessment. It is a collection of scripts and tools for gathering information about a target system or network. The repository is written in Python and includes various modules for different tasks such as...
EquationExploit
Based on the provided code, it appears to be a Windows executable file likely a PE file that contains a malicious payload. The code is written in C and is designed to be compiled and executed on a Windows system. The code is a PE file, which is a type of executable file used on Windows systems. T...
MS17-010
This repository is for public analysis of the MS17-010 vulnerability. The repository contains various scripts and exploits for demonstrating the vulnerability, including EternalBlue, Eternalchampion, and Eternalromance. The exploits are designed to target Windows systems and can be used to gain...
pwn_category
This is a PoC exploit for a vulnerability in the GNU C Library glibc version 2.3.4. The exploit targets the printfchk function, which is used to perform formatted printing. The vulnerability allows for arbitrary read and write operations in the heap, which can be used to achieve code execution. T...
tater
It is an offensive tool for Windows Privilege Escalation. The tool is called Tater, a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector is Privilege Escalation. The probable entr...
Information_Collection_Handbook
This is a collection of tools and resources for information gathering, specifically for penetration testing and vulnerability assessment. The repository is maintained by Qftm and is available on GitHub. The repository contains a variety of tools and scripts for gathering information about a targe...
metasploit-framework
This is an offensive tool for Metasploit Framework. It is a collection of Ruby code that provides a framework for developing and executing exploits, as well as a platform for testing and validating vulnerabilities. The repository contains a wide range of modules and tools for various tasks,...
Scanners-Box
This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...
Vxscan
Based on the provided code and context, here is a summary of the analysis: Classification: It is an offensive tool for web application security testing. Primary Functionality: The tool, named Vxscan, is designed to perform a comprehensive scan of a web application, including: 1. Sensitive file...
PayloadsAllTheThings
Exploit module/toolkit targeting Amazon Web Services AWS environments. The repository contains a list of useful payloads and bypass for Web Application Security and Pentest/CTF. The primary vulnerability class targeted is CRLF Carriage Return-Line Feed injection, which can be used to inject...
PrivEsc
PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...
Unix-PrivEsc
UNIX-PrivEsc ============ This is just an effort to aggregate local UNIX privilege escalation exploits. They are all publicly available but don't allow for a sensible overview + it's always the quirky ones that you can't find when you need them. I am going to progressively push out exploits from ...
PayloadsAllTheThings
This repository is an offensive tool for API key and bucket S3 exploitation. It contains tools and exploits for various types of attacks, including CRLF injection, CSRF injection, and API key leaks. The repository includes a variety of scripts and modules for different types of attacks, such as...
CMSmap
It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context, but the tool is designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool,...
fuzzdb-collect
Based on the provided code and context, I will analyze the situation and provide a concise summary. Summary: The provided code appears to be a Python script designed to perform...
exploitdb
This repository is an official collection of exploits and Proof-of-Concepts for various software vulnerabilities, maintained by Offensive Security. The repository is updated daily with the most recently added submissions. Exploits are located in the /exploits/ directory, and shellcodes can be fou...
kernel_exploit_series
This repository is an exploit series for learning how to exploit kernel vulnerabilities, specifically targeting the Linux kernel. The repository contains various exploit modules and tools, including: 1. 1-heapsprayUAF: This directory contains exploit code for a use-after-free UAF vulnerability in...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...
metasploit-framework
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The primary target of this tool is the Metasploit Framework itself, which is a Ruby-based framework for developing and executing...