Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/06 12:55 a.m.127 views

Awesome-Bugbounty-Writeups

This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:21 a.m.127 views

Pentest-and-Development-Tips

Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本,但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用,可通过nc简单判断 eg. 对于8001端口,nc连接上去,随便输入一个字符串,得到了以下结果: $ nc -vv localhost 8001...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/13 12:31 a.m.125 views

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:2 a.m.125 views

Exploit for Race Condition in Canonical Ubuntu_Linux

Linux Exploit Suggester 2 ========================= Next-generation exploit suggester based on LinuxExploitSuggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching. This expands the scope of searchable exploits. Output...

7.8CVSS7.2AI score0.83524EPSS
Exploits133
Gitee
Gitee
added 2025/07/27 3:47 a.m.125 views

aflnet

It is an offensive tool for network protocols. AFLNet is a greybox fuzzer for protocol implementations. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between...

7.5AI score
Exploits0
Gitee
Gitee
added 2025/09/13 1:2 a.m.124 views

wazuh

This repository is an issue template for Wazuh, a free and open-source platform for threat prevention, detection, and response. The repository contains various templates for reporting bugs, making feature requests, and testing integration and component tests. The templates are organized by...

7AI score
Exploits0
Gitee
Gitee
added 2025/08/16 8:41 p.m.124 views

Exploit for CVE-2023-1234

It is an offensive tool for SSH exploitation. The repository contains a proof of concept PoC exploit for CVE-2023-1234, which targets vulnerable proxycommand configurations on SSH clients. The target product/service is OpenBSD's SSH, and the vulnerability class/vector is remote command execution...

4.3CVSS8AI score0.00707EPSS
Exploits7
Gitee
Gitee
added 2025/09/14 5:46 p.m.122 views

EvilOSX

This is an evil RAT Remote Administration Tool for macOS / OS X. It is a Python-based tool that allows for remote access and control of a compromised system. The tool is designed to be undetectable by anti-virus software and is persistent, meaning it will survive a reboot. The tool has a modular...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 5:0 a.m.122 views

CTF-challenges-by-me

This repository contains a series of CTF Capture The Flag challenges created by l4wio. The challenges are designed to test various skills such as web security, cryptography, and problem-solving. The repository includes several files and directories, each containing a specific challenge. The...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/21 11:11 p.m.120 views

sslyze

It is an offensive tool for scanning SSL/TLS configurations. The primary target of this tool is the SSL/TLS configuration of a server, which can be analyzed to ensure it uses strong encryption settings and is not vulnerable to known TLS attacks. The tool can connect to a server to perform the...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:29 a.m.120 views

gosec

This is a Go AST Abstract Syntax Tree scanner for identifying security vulnerabilities in Go code. The scanner is called "gosec" and is part of the GolangCI project. It can be installed using the command "go get github.com/golangci/gosec/cmd/gosec/...". The scanner can be configured to run a subs...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/13 5:2 a.m.120 views

Zeratool

This repository, Zeratool, is an automatic exploit generation tool for exploitable CTF Capture The Flag problems. It uses the angr concolic analysis engine to analyze binaries and identify vulnerabilities, and then weaponizes these vulnerabilities for remote code execution through pwntools. The...

8.6AI score
Exploits0
Gitee
Gitee
added 2025/09/13 3:4 a.m.120 views

marshalsec

It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...

8.9AI score
Exploits0
Gitee
Gitee
added 2025/09/06 3:36 p.m.120 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository contains operational information regarding the vulnerability in the Log4j logging library CVE-2021-44228. The vulnerability allows an attacker to execute arbitrary code on a system by injecting malicious data into the logging system. The repository provides a list of known...

10CVSS8.9AI score0.99999EPSS
Exploits348
Gitee
Gitee
added 2025/10/28 5:14 p.m.119 views

Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat

This is a Java class file that appears to be a payload for a malicious attack. The class is named "Foo" and has a single method, "", which is the constructor. The constructor takes no arguments and does not perform any actions. The class also has a "serialVersionUID" field, which is a unique...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:41 p.m.119 views

APTSimulator

This is a toolset for simulating an APT Advanced Persistent Threat attack on a Windows system. The tool, called APT Simulator, is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. It is designed to be simple and easy to use, requiring...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/06 3:49 a.m.119 views

ossindex-maven-plugin

It is an offensive tool for dependency audit. The primary CVE ID is not present in the provided context. The target product/service or framework is Maven, and the vulnerability class/vector is dependency audit. Notable dependencies/tooling include the OSS Index REST API v2.0. The execution contex...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:58 a.m.119 views

Exploit for CVE-2021-1675

CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewart | John Hammond | July 1, 2021 ---------------------------------------------------------- CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare." Proof-of-concept exploits ha...

9.3CVSS9.2AI score0.86132EPSS
Exploits63
Gitee
Gitee
added 2025/08/03 4:23 a.m.119 views

AutoLocalPrivilegeEscalation

AutoLocalPrivilegeEscalation An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically This script is created due to Hackademics, there are so much possible exploit for that version of kernel, as a rookie OSCP student, I am not able to fin...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:39 a.m.119 views

Exploit for CVE-2024-2961

sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x10 AI&大模型安全 0x11 所有内容 乌云镜像 乌云镜像,已挂 乌云镜像,已挂 近期安全热点 CVE-2025-48384: Git子模块回车符CR解析注入可致RCE GitHub MCP漏洞:劫持MCP服务访问私有仓库数据 glibc iconv中的缓冲区溢出导致PHP...

10CVSS7.6AI score0.8833EPSS
Exploits63
Gitee
Gitee
added 2024/12/20 4:39 p.m.119 views

PEASS-ng

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix\ and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors s...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 3:29 p.m.118 views

clusterd

This is an open-source application server attack toolkit called clusterd. It automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. The toolkit currently supports six different application server platforms, with several more in development and...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/13 12:41 a.m.118 views

Exploit for CVE-2023-1234

This repository is an offensive tool for Linux server clusters. It is a PoC exploit for CVE-2023-1234, which is not specified in the provided context. The target product/service or framework is not explicitly stated, but it appears to be a Linux server cluster management tool. The vulnerability...

4.3CVSS8.1AI score0.00707EPSS
Exploits7
Gitee
Gitee
added 2025/09/06 12:46 a.m.118 views

Exploit for CVE-2021-1675

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng @edwardzpeng & Xuefeng Li @lxf02942370 Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Patch update Microsoft has released a patch to...

9.3CVSS7AI score0.99759EPSS
Exploits75
Gitee
Gitee
added 2025/07/27 4:29 a.m.118 views

Exploit for OS Command Injection in Gnu Bash

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes. Current Exploits index may be out of date phpMoAdmin Remote Code Execution CVE-2015-2208 LotusCMS Remote Code Execution OSVDB-75095 ElasticSearch Remote Code Execution CVE-2015-1427 ShellShock...

10CVSS9.4AI score0.99999EPSS
Exploits206
Gitee
Gitee
added 2025/07/27 4:2 a.m.118 views

Exploit for CVE-2020-0609

BlueGate Proof of Concept Denial of Service + scanner for CVE-2020-0609 and CVE-2020-0610. These vulnerabilities allows an unauthenticated attacker to gain remote code execution with highest privileges via RD Gateway for RDP. Please use for research and educational purpose only. Usage Make sure y...

10CVSS10AI score0.74897EPSS
Exploits10
Gitee
Gitee
added 2025/07/27 3:36 a.m.118 views

Exploit for Use After Free in Microsoft

This is a PoC exploit for CVE-2019-0708, also known as the "BlueKeep" vulnerability. The vulnerability is in the Remote Desktop Protocol RDP service, which is a remote access protocol used by Windows systems. The exploit is designed to scan for vulnerable systems and exploit the vulnerability to...

10CVSS8.1AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2025/07/06 3:21 a.m.118 views

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:47 p.m.117 views

Phantom-Evasion

This is a Python antivirus evasion tool called Phantom-Evasion. It is free software, licensed under the GNU General Public License GPL version 3. The tool is designed to evade detection by antivirus software and is intended for educational or research purposes only. The tool has several modules,...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/13 12:52 p.m.117 views

Exploit for CVE-2023-36880

Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1. It is a PoC exploit for CVE-2023-36880. The code performs the following steps: 1. Loads a vulnerable version of the "prefsenclavex64.dll" enclave 2. Call the vulnerable "SealSettings"...

4.8CVSS7.3AI score0.01616EPSS
Exploits1
Gitee
Gitee
added 2025/08/03 4:19 a.m.117 views

Dracnmap

Dracnmap is an open-source program designed to exploit networks and gather information using the help of Nmap. It is intended to simplify the process of network scanning by utilizing the script engine of Nmap and performing various automatic scanning techniques with advanced commands. Dracnmap is...

6.6AI score
Exploits0
Gitee
Gitee
added 2025/08/03 4:13 a.m.117 views

Exploit for Deserialization of Untrusted Data in Ibm Sterling_B2B_Integrator

Java Deserialization Exploits A collection of curated Java Deserialization Exploits Currently this repo contains exploits for the following vulnerabilities: - Cisco Prime Infrastructure Java Deserialization RCE CVE-2016-1291 - IBM WebSphere Java Object Deserialization RCE CVE-2015-7450 - OpenNMS...

10CVSS6.9AI score0.97655EPSS
Exploits53
Gitee
Gitee
added 2025/07/27 3:35 a.m.116 views

Exploit for CVE-2016-2384

Linux kernel exploits ===================== | Date | Link | Description | Vector | Impact | | --- | --- | --- | --- | --- | | 02.2016 | CVE-2016-2384 | Double-free in USB MIDI driver | Physical + Local | LPE | | 03.2016 | prefetch-side-channel | KASLR bypass via prefetch | Local | Info-leak | |...

7.8CVSS7.4AI score0.20797EPSS
Exploits57
Gitee
Gitee
added 2025/09/14 6:46 p.m.115 views

PoC

PoC exploit for MS-16-137, LSASS Remote Null Ptr Deref. The target product/service is Windows LSASS Local Security Authority Subsystem Service. The vulnerability class/vector is a remote code execution vulnerability, specifically a null pointer dereference. The probable entry point is the...

8.7AI score
Exploits0
Gitee
Gitee
added 2025/09/07 1:22 a.m.115 views

sslscan

This is a tool for scanning SSL/TLS protocols and ciphers on a target server. The tool is called sslscan and is written in C. It is designed to be a command-line interface for scanning SSL/TLS protocols and ciphers on a target server. The tool can be built on various platforms, including Linux an...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 3:20 p.m.115 views

Exploit for Path Traversal in Codiad

Exploit-Framework Exploits: |Vendor|Vulnerability|Effected Version|Description|Author| |:-:|:-:|:-:|:-:|:-:| |zblog|NOTCVE| https://github.com/WangYihang/Exploit-Framework/wiki Contribution: 1. Guidance of writing exploit module TODO: - 解析字符串 - 深层模块化 - 上下文栈维护 - 日志 - 自动补全 - Exploit 搜索 - Wiki -...

9.8CVSS7.1AI score0.98283EPSS
Exploits106
Gitee
Gitee
added 2025/07/27 2:54 a.m.115 views

odat

This is an offensive tool for Oracle Database. The tool is called ODAT Oracle Database Attacking Tool and is designed to exploit various vulnerabilities in Oracle databases. The tool is written in Python and uses various libraries such as scapy, cxOracle, and progressbar. The tool has several...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:53 p.m.114 views

fastjson-remote-code-execute-poc

This is a Java-based proof-of-concept PoC exploit for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is designed to be used with IntelliJ IDEA, a popular integrated development environment IDE for Java development. The exploit consists of two main...

8.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 11:1 a.m.114 views

windows-privesc-check

It is an offensive tool for Windows privilege escalation checking. The tool, windows-privesc-check, is a standalone executable that runs on Windows systems, attempting to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or access local apps. I...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/13 5:14 p.m.114 views

ExploitOnCLI

This is an offensive tool for searching exploits in multiple databases. The tool, named ExploitOnCLI or EOC, is written in PHP for Linux and allows users to search for exploits in various databases, including Exploit-DB, PacketStormSecurity, IEDB, Siph0n, CXSecurity, and Exploit4Arab. The tool ca...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:9 p.m.114 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Remote Code Injection In Log4j https://twitter.com/jas502n/status/1468946197629272066 SpringBoot-pom.xml default use : xml org.springframework.boot spring-boot-starter-web mvn dependency:tree java INFO | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.6.1:compile IN...

10CVSS7.7AI score0.99999EPSS
Exploits348
Gitee
Gitee
added 2025/09/06 12:46 a.m.114 views

Exploit for Use After Free in Microsoft

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 "HTTP Protocol Stack Remote Code Execution Vulnerability", a use-after-free dereference in http.sys patched by Microsoft in May 2021. According to this tweet the vulnerability has...

9.8CVSS9AI score0.99718EPSS
Exploits24
Gitee
Gitee
added 2025/07/06 3:23 a.m.114 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS9.1AI score0.82697EPSS
Exploits23
Gitee
Gitee
added 2025/08/09 11:24 p.m.113 views

BeRoot

BeRoot Project BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege. \ It has been added to the pupy project as a post exploitation module so it will be executed in memory without touching the disk. This tool does not realize any...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:39 a.m.113 views

Exploit for Incorrect Default Permissions in Microsoft

This List is no longer updated. Awesome Red Teaming List of Awesome Red Team / Red Teaming Resources This list is for anyone wishing to learn about Red Teaming but do not have a starting point. Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and...

8.8CVSS9.9AI score0.15257EPSS
Exploits4
Gitee
Gitee
added 2025/07/27 3:30 a.m.113 views

Exploit for Out-of-bounds Write in Debian Debian_Linux

awesome-browser-exploit Share some useful archives about browser exploitation. I'm just starting to collect what I can found, and I'm only a starter in this area as well. Contributions are welcome. Chrome v8 Basic v8 github mirrordocs withingithub on-stack replacement in v8article // multiple...

8.6CVSS7.1AI score0.03246EPSS
Exploits6
Gitee
Gitee
added 2025/03/07 2:11 p.m.114 views

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of concept for the CVE-2024-38819 vulnerability, which I reported, demonstrating a path traversal exploit. Execution Steps 1. Build the Docker image Spring Boot 3.3.4, based on Spring Framework 6.1.13 cd vuln docker build -t cve-2024-38819-poc...

7.5CVSS7.6AI score0.54862EPSS
Exploits6
Gitee
Gitee
added 2025/09/06 10:57 a.m.113 views

Exploit for Insufficiently Protected Credentials in Linuxfoundation Containerd

It is an offensive tool for Kubernetes. The repository contains information on various methods to hack and exploit Kubernetes clusters, including articles, videos, and presentations on topics such as securing clusters by eliminating risky permissions, Kubernetes pentest methodology, and container...

6.1CVSS6AI score0.02209EPSS
Exploits1
Gitee
Gitee
added 2025/08/17 12:26 a.m.112 views

firejail

This repository is an open-source Linux sandboxing platform called Firejail. It is a Linux namespaces and seccomp-bpf sandbox that allows users to run applications in a secure environment, isolating them from the rest of the system. The repository contains a variety of tools and scripts for...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/08/07 9:7 p.m.112 views

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

7AI score
Exploits0
Total number of security vulnerabilities1886