1886 matches found
CMSmap
It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context, but the tool is designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool,...
fuzzdb-collect
Based on the provided code and context, I will analyze the situation and provide a concise summary. Summary: The provided code appears to be a Python script designed to perform...
exploitdb
This repository is an official collection of exploits and Proof-of-Concepts for various software vulnerabilities, maintained by Offensive Security. The repository is updated daily with the most recently added submissions. Exploits are located in the /exploits/ directory, and shellcodes can be fou...
kernel_exploit_series
This repository is an exploit series for learning how to exploit kernel vulnerabilities, specifically targeting the Linux kernel. The repository contains various exploit modules and tools, including: 1. 1-heapsprayUAF: This directory contains exploit code for a use-after-free UAF vulnerability in...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an offensive tool for Vulnerability Research and Exploitation. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is a remote code execution vulnerability. The probable entry point is the...
metasploit-framework
This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The primary target of this tool is the Metasploit Framework itself, which is a Ruby-based framework for developing and executing...
jailbreakme-unified
This is a web-based jailbreak solution that unifies existing jailbreak solutions and new ones. It is created by Sem Voigtländer and supports various iOS versions, including 8.4.1, 9.3 up to 9.3.3, 11.3.1, and 12.0 up to 12.0.1 64-bit, as well as 3.1.2 up to 4.0.1 and 8.4.1 and 9.1 up to 9.3.4...
vmware_escape
This is a VMware Escape Exploit targeting VMware WorkStation 12.5.5. The exploit is designed to escape the sandbox environment and execute arbitrary code on the host system. The exploit is likely to be a heap overflow vulnerability, which is a type of buffer overflow attack that occurs when a...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...
venom
This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom", uses msfvenom to generate shellcode in various formats and injects it into a template, which is then compiled using compilers like gcc or pyinstaller. The module als...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ (膜一波,现在unamer的代码已经可以执行shellcode了) CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Flask SSTI Server-Side Template Injection vulnerability. The target product/service is Flask, a Python web framework. The vulnerability class/vector is SSTI, which allows an attacker to...
POC-T
This is a Python-based penetration testing framework called POC-T. It is designed to facilitate concurrent testing of multiple targets and supports various features such as multi-threading, URL parsing, and user agent management. The framework includes a range of scripts for testing different...
Vxscan
This is a Python script for a comprehensive vulnerability scanner, Vxscan. The script is designed to perform various types of scans, including: 1. Directory scanning and JavaScript leak detection 2. WAF/CDN identification 3. Port scanning 4. Fingerprinting and service identification 5. Operating...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tintin Tintin\+\+
PoC exploit for CVE-2008-0671. The target product/service is Windows SMB Server Message Block service. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the NetAPI function in the Windows SMB service. Notable dependencies/tooling include Impacket and PyCrypt...
shadowbroker
This repository, "Cross6/shadowbroker", contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules and tools...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is used to exploit a vulnerability in the Windows SMB service, specifically the MS08-067 NetAPI vulnerability. The module is designed to run on the Metasploit Framework and can be used to test the...
exploitdb
The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...
maltrail
This is a defensive blue-team research and threat mitigation analysis of the Maltrail repository. The repository is a malicious traffic detection system that can be used to identify and block malicious traffic. The analysis reveals that the Maltrail system uses a combination of IP address and...
icsmaster
This repository, cnforyou/icsmaster, is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for identifying vulnerable systems, as well a...
metasploit-framework
This is an offensive tool for Metasploit Framework. The Metasploit Framework is a penetration testing platform that allows users to create and execute exploits against various targets. The framework is written in Ruby and provides a modular architecture that makes it easy to add new exploits and...
metasploit-framework
This is an offensive tool for the Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for identifying and exploiting vulnerabilities in computer systems. It is a widely used tool in the field of penetration testing and red...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
PoC exploit for CVE-2017-10271, an RCE vulnerability in Oracle WebLogic. The exploit targets the async/AsyncResponseService endpoint and uses a SOAP request to inject malicious code. The payload is a Java XMLDecoder that creates a ProcessBuilder to execute a bash shell with a reverse shell payloa...
metasploit-framework
This is a repository for the Metasploit Framework, a penetration testing tool. The repository contains various files and directories related to the project, including configuration files, documentation, and test scripts. The Metasploit Framework is a powerful tool for testing the security of...
bin-sploitskkk
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains binary exploits located in the /bin-sploits/ directory. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by...
shadowbroker
This repository, jasonhan233/shadowbroker, is an offensive tool collection containing exploits and payloads. The repository was initially reported for containing sensitive data, and several files were deleted as a result. The remaining files include a mix of exploit code, payloads, and...
PWN_learning
This repository is an exploit for a stack smash vulnerability in a CTF challenge called "Smashes". The exploit is written in Python and uses the pwntools library. The vulnerability is caused by a buffer overflow in the stackchkfail function, which is called when a stack buffer overflow is detecte...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, but the target is not specified in the provided code. The module is written in Ruby and uses the Metasploit framework to interact with the...
poc
This repository appears to be a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. The PoCs cover a range of vulnerabilities, including SQL injection, cross-site scriptin...
tplmap
This is an offensive tool for web application penetration testing. It is a Python tool called Tplmap, which assists in the exploitation of Code Injection and Server-Side Template Injection SSTI vulnerabilities. The tool uses a number of sandbox escape techniques to gain access to the underlying...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is a defensive research tool for improving detection, response, and patch prioritization. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, and more...
SSCMS-PluginShell
安装VisualStudio 2. 导入该项目 3. 修改Startup.cs文件中的IPAddress.Parse值 c using Microsoft.Extensions.DependencyInjection; using SSCMS.Advertisement.Abstractions; using SSCMS.Advertisement.Core; using SSCMS.Plugins; using System.Diagnostics; using System; using System.Text; using System.Net.Sockets; using...
vulhub
This is an offensive tool repository for testing and demonstrating vulnerabilities in various software and systems. The repository is maintained by Vulhub, a community-driven project that aims to provide a comprehensive collection of vulnerable environments for testing and learning purposes. The...
nuclei-templates
This repository is a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves/ directory and are used by the nuclei scanner to identify potential vulnerabilities. The repository also contains workflows f...
vulhub
This is an open-source collection of vulnerable web applications and environments, designed for security training and testing. The repository contains a variety of applications, including web servers, databases, and other services, each with its own set of vulnerabilities. The goal is to provide ...
CrossC2-1
It is an offensive tool for macOS. The repository contains a CrossC2 framework fork, version 2.0, created by gloxec. The tool includes various modules for tasks such as file management, password gathering, keylogging, browser data dumping, and more. The framework uses a loader script that include...
SpringBootVulExploit
This repository is an offensive tool for Spring Boot exploitation, specifically targeting various vulnerabilities in Spring Boot applications. The primary vulnerability being targeted is a deserialization vulnerability in the Spring Boot framework, which can lead to remote code execution RCE. The...
pocsuite_poc_collect
It is an offensive tool for collecting POCs using the Pocsuite framework. The repository appears to be a collection of proof-of-concept POC exploits gathered using the Pocsuite framework. The primary CVE ID is not explicitly mentioned, but the repository is likely a collection of various POCs. Th...
penetrationLean
我的渗透学习笔记...
vulhub1
This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...
maltrail
This is a Python-based malicious traffic detection system called Maltrail. It is designed to identify and report malicious traffic, including malware, suspicious domains, and other types of malicious activity. The system uses a combination of publicly available blacklists and custom user-defined...
vulhub
This is an open-source collection of vulnerable systems and applications for educational purposes. It is a repository of vulnerable systems and applications, including web servers, databases, and other software, that can be used to test and learn about security vulnerabilities. The repository is...
IMChecker
This repository is an offensive tool for API misuse detection. The tool is called IMChecker, and it is designed to automatically detect API misuse in C programs. The tool uses a constraint-directed static analysis technique powered by a domain-specific language DSL for specifying API usage...
Gopherus
This is a Python script for a tool called Gopherus, which is used to exploit Server-Side Request Forgery SSRF vulnerabilities in various services. The tool can generate payloads for different services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The script uses a...
Pwn Write-ups
RE: 从零开始的 Pwn 世界之旅...
charlotte1
This is a Python script, charlotte.py, that appears to be a fully undetected shellcode launcher. It is designed to run on Windows systems and is intended to be used as a proof-of-concept POC exploit. The script uses XOR encryption to protect the shellcode and function names, making it difficult t...
lua-resty-waf
This is a Lua library for building a web application firewall WAF on top of the OpenResty stack. The library is called "lua-resty-waf" and is maintained by Robert Paprocki p0pr0ck5. The library provides a set of APIs for loading and managing rules, as well as for logging and storing data. It also...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is not a specific exploit or tool, but rather a collection of vulnerable environments for testing and learning purposes. The repository contains various vulnerable docker...
IntruderPayloads
No description...