Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/14 6:14 p.m.112 views

webcgi-exploits

This repository is a collection of exploits related to web CGI interfaces. It is a multi-language repository, with exploits written in PHP and Python. The exploits are designed to take advantage of vulnerabilities in web servers and CGI interfaces, allowing for remote code execution, port...

8.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 2:19 p.m.112 views

teler-waf

This repository is an open-source Go HTTP middleware called teler-waf, which protects local web services from various threats, including OWASP Top 10 vulnerabilities, malicious actors, botnets, and brute force attacks. The repository contains a variety of files, including issue templates, pull...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:0 a.m.112 views

Exploit for Out-of-bounds Write in Apple Mac_Os_X

This is a PoC exploit for CVE-2019-8695, which is a vulnerability in the MySQL server that allows authentication without knowing the cleartext password. The exploit targets the Secure Password Authentication plugin aka mysqlnativepassword, the default method used by MySQL. The target...

9.3CVSS7.2AI score0.01205EPSS
Exploits1
Gitee
Gitee
added 2025/09/13 5:46 p.m.112 views

hackingtool

This is an offensive tool for penetration testing and hacking. It is a collection of various tools for different types of attacks, including information gathering, web attacks, SQL injection, phishing, and more. The tool is written in Python and is designed to be run on Linux systems, including...

7.5AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:9 p.m.112 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...

10CVSS9AI score0.99999EPSS
Exploits354
Gitee
Gitee
added 2025/09/06 10:57 a.m.113 views

Exploit for Insufficiently Protected Credentials in Linuxfoundation Containerd

It is an offensive tool for Kubernetes. The repository contains information on various methods to hack and exploit Kubernetes clusters, including articles, videos, and presentations on topics such as securing clusters by eliminating risky permissions, Kubernetes pentest methodology, and container...

6.1CVSS6AI score0.02209EPSS
Exploits1
Gitee
Gitee
added 2025/08/07 9:7 p.m.112 views

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:57 a.m.112 views

0day-security-software-vulnerability-analysis-technology

0day-security-software-vulnerability-analysis-technology 《0day安全:软件漏洞分析技术(第二版)》随书资料包使用注意事项 资料包中资料仅用于学习目的,任何组织、个人、机构不可以任何形式利用资料包中的资料进行商业盈利目的的活动。 资料包中的部分资料和实验代码有可能引起某些安全软件的报警,书籍作者,出版社,看雪论坛对这些使用这些资料造成的后果概不负责,请您在充分了解这些资料用途的基础上慎用。 任何组织、个人、机构不得利用本书及相关资料进行任何形式的非法活动。 root@Jas502n:/tmp/0day2 git push -u...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:52 a.m.112 views

Exploit for Type Confusion in Google Chrome

This is a JavaScript exploit code for a Chrome vulnerability, specifically CVE-2021-38001. The code is designed to be used in the context of the Chrome V8 JavaScript engine. The code defines two functions: d2u and u2d. The d2u function takes a 64-bit floating-point value and converts it to a 32-b...

8.8CVSS7.4AI score0.26703EPSS
Exploits1
Gitee
Gitee
added 2025/07/27 4:32 a.m.112 views

Exploit for Out-of-bounds Read in Openssl

This repository contains exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House. The exploits target various vulnerabilities in different products and services, including: 1. AirWatch MDM solution: The repository contains a file called...

7.5CVSS9.3AI score0.99999EPSS
Exploits87
Gitee
Gitee
added 2025/07/27 3:39 a.m.112 views

Android-Reports-and-Resources

It is an offensive tool for Android. This repository contains a list of Android Hackerone disclosed reports and other resources, including hardcoded credentials, WebView vulnerabilities, insecure deeplinks, and RCE/ACE exploits. The primary report is CVE-2021-XXXX-XXXX, but only a few reports are...

8.2AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:31 a.m.112 views

fatt

This is a Python script for extracting network metadata and fingerprints from packet capture files pcap or live network traffic. The script, named "fatt," is designed for monitoring honeypots and other network forensic analysis use cases. It uses the pyshark library, a Python wrapper for tshark,...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:16 p.m.111 views

airbug

This repository is an offensive tool for collecting and utilizing web application vulnerabilities, specifically targeting Content Management Systems CMS. It is a Python-based tool that allows users to load and execute Proof of Concept PoC code for various vulnerabilities. The tool is designed to ...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:26 p.m.111 views

Exploit for CVE-2021-34525

This is an offensive tool for Windows. It is a PoC exploit for CVE-2021-34525, an exploit module targeting Windows systems. The tool is designed to exploit a vulnerability in the Windows operating system, allowing an attacker to gain elevated privileges. The exploit is likely to be used for testi...

8.8CVSS7.7AI score0.02084EPSS
Exploits1
Gitee
Gitee
added 2025/09/06 12:6 p.m.111 views

metasploit-framework

This is a Metasploit Framework repository. The Metasploit Framework is an open-source penetration testing platform used for identifying vulnerabilities in computer systems and applications. It is a comprehensive toolset for security professionals to simulate attacks and test defenses. The...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:54 a.m.111 views

hacking-material-books

This repository is an offensive tool for Metasploit and Nmap scripting. It contains a collection of articles and resource files for Metasploit RC/ERB scripting, Nmap NSE scripting, and bash programming. The repository includes examples of how to use Metasploit RC/ERB scripting to automate tasks,...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:33 a.m.111 views

Exploit for Classic Buffer Overflow in Microsoft

ExplodingCan An implementation of ExplodingCan's exploit extracted from FuzzBunch, the "Metasploit" of the NSA. Details Vulnerability: Microsoft IIS WebDav 'ScStoragePathFromUrl' Remote Buffer Overflow CVE: CVE-2017-7269 Disclosure date: March 31 2017 Affected product: Microsoft Windows Server 20...

10CVSS7AI score0.99823EPSS
Exploits39
Gitee
Gitee
added 2025/07/06 2:42 a.m.111 views

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...

10CVSS7AI score0.99999EPSS
Exploits145
Gitee
Gitee
added 2025/09/21 2:32 p.m.110 views

RedTeam-Tactics-and-Techniques

Red Teaming Tactics and Techniques...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:34 p.m.110 views

Cobaltstrike-MS17-010

This repository is an Aggressor Script for Cobalt Strike targeting the MS17-010 vulnerability. It includes a PowerShell module for scanning and exploiting the vulnerability, as well as a stager for delivering a payload. The script is designed to run on Windows 7 x64 and Windows 2008 R2 systems. T...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:21 p.m.110 views

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows an attacker to authenticate as the domain controller account with a zero-length password. The exploit uses the impacket library to connect to the Netlogon service and send a zero-length challenge and...

10CVSS7.3AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2025/07/27 4:27 a.m.110 views

Exploit for Use After Free in Adobe Flash_Player

APTREPORT collected by @blackorbird https://x.com/blackorbird Interesting apt report & sample & malware & technology & intellegence collection APT Group for country Threat Actor Groups Tracked by Palo Alto Networks Unit 42...

9.8CVSS7.2AI score0.89618EPSS
Exploits19
Gitee
Gitee
added 2025/07/06 3:24 a.m.110 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...

8.1CVSS8.4AI score0.99988EPSS
Exploits23
Gitee
Gitee
added 2025/07/06 3:19 a.m.110 views

jenkins-rce

No description provided...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:59 p.m.109 views

chw00t

chw00t - Unices chroot breaking tool...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/06 4:31 p.m.109 views

Exploit for CVE-2015-2231

adups-get-super-serial CVE-2015-2231 Proof of Concept The POC I was using to demonstrate CVE-2015-2231 'Get Super Serial'. Was asked by a few people to post it so they could use similar things on other ADUPS firmware based devices which have this vulnerability. Cleaning up the laptop and posting...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:17 a.m.109 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in Bluetooth devices that allow an attacker to remotely execute code on a device. The PoC code is written in Python and uses the PyBluez library to...

8.8CVSS7.4AI score0.2285EPSS
Exploits27
Gitee
Gitee
added 2025/03/02 9:31 p.m.109 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: gitlab.com/exploit-database/exploitdb - Binary Exploits: gitlab.com/exploit-database/exploitdb-bin-sploits - Papers...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:12 p.m.108 views

PHP-backdoors

This is a collection of PHP backdoors, a type of malicious code that allows unauthorized access to a web server. The repository contains multiple backdoors, each with its own features and functionality. Here is a summary of the analysis: Classification: Exploit module/toolkit targeting web server...

7.8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 1:50 p.m.108 views

Exploit for CVE-2012-0053

This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...

4.3CVSS6.1AI score0.82756EPSS
Exploits4
Gitee
Gitee
added 2025/09/13 5:38 p.m.108 views

kerma

This repository is an exploit toolkit for a critical vulnerability in Mikrotik RouterOS Winbox. The vulnerability is present in all versions from 6.29 to 6.42. The toolkit includes several scripts and tools to exploit the vulnerability and extract user credentials. The PoC.py script is the main...

7.5AI score
Exploits0
Gitee
Gitee
added 2025/09/13 4:36 a.m.108 views

security-analytics

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and detecting threats, which may assist detection engineers, threat hunters,...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/09/06 2:36 a.m.108 views

graphql-playground

This repository is an offensive tool for GraphQL. It is a GraphQL IDE for better development workflows, featuring context-aware autocompletion and error highlighting, interactive, multi-column docs, and support for real-time GraphQL Subscriptions. The tool is vulnerable to an XSS Reflection attac...

6.4AI score
Exploits0
Gitee
Gitee
added 2025/08/17 1:23 a.m.108 views

Findsploit

It is an offensive tool for searching exploit databases. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool searches for exploits in local and online databases, suggesting it is a general-purpose exploit finder...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:55 a.m.108 views

AllVideoPocsFromHackerOne

This is an offensive tool for retrieving public reports from HackerOne, a bug bounty platform. The tool, named "AllPocsFromHackerOne," is designed to grab public reports from HackerOne and categorize vulnerabilities by technique. It appears to be a Python script that utilizes the HackerOne API to...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:39 a.m.108 views

Sitadel

This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible for Python = 3.4. It allows more flexibility for users to write new modules and implement new features, such as frontend framework detection, content delivery network detection, and plugi...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:28 a.m.108 views

WebMap

This is an exploit module/toolkit targeting WebMap, a web dashboard for Nmap XML reports. The primary CVE ID is not explicitly mentioned, but the code and context suggest it is related to a vulnerability in the Django framework used by WebMap. The probable entry point is the rmNotes function in...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:11 a.m.108 views

PSKernel-Primitives

PSKernel-Primitives Over time I'll add PowerShell helper functions to assist in kernel exploitation. Common PowerShell Exploit Constructs Create buffer powershell Byte buffer int/hex $Buff = Byte0x41255 + Byte0x420xff Buffer includes pointer Takes care of endianness, may need ".ToInt32" or...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:9 a.m.108 views

Active-Directory-Exploitation-Cheat-Sheet

Based on the provided context and code cues, here is a summary of the analysis: Classification: This is an offensive tool for Windows Active Directory exploitation. Primary CVE ID: Not specified. Target Product/Service: Windows Active Directory. Vulnerability Class/Vector: Not specified. Probable...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:24 a.m.108 views

Vulmap

This is an online local vulnerability scanner project called Vulmap. It is an open-source tool that can be used for defensive and offensive purposes. The tool scans the localhost to gather installed software information and checks for vulnerabilities using the Vulmon API. If vulnerabilities exist...

6.6AI score
Exploits0
Gitee
Gitee
added 2024/11/18 5:45 p.m.108 views

Exploit for SQL Injection in Projectworlds Life_Insurance_Management_System

This is a collection of vulnerability reports from the dachuaner/POC repository. The reports describe various vulnerabilities in different software systems, including: 1. 1Panel面板最新前台RCE漏洞CVE-2024-39911: A remote code execution RCE vulnerability in the 1Panel面板 latest frontend, allowing attackers...

10CVSS9.2AI score0.04566EPSS
Exploits6
Gitee
Gitee
added 2025/09/14 4:34 p.m.107 views

Exploit for CVE-2016-4655

This is a PoC exploit for iOS 9.3.5, targeting CVE-2016-4655 and CVE-2016-4656. The exploit aims to gain root access over the device by exploiting kernel vulnerabilities. The supported devices are listed in offsetfinder.h. The exploit is based on the original disclosure by Lookout and the OS X...

9.3CVSS7.1AI score0.66788EPSS
Exploits13
Gitee
Gitee
added 2025/09/14 4:21 p.m.107 views

PrivExchange

This is a proof-of-concept PoC tool for abusing Microsoft Exchange to obtain Domain Admin privileges. The tool, named PrivExchange, requires the Impacket library and can be used to subscribe to push notifications on Exchange Web Services, which will make Exchange connect back to the attacker and...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 1:55 p.m.107 views

offensiveinterview

It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/08/17 12:40 a.m.107 views

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/08/09 11:29 p.m.107 views

Exploit for Out-of-bounds Write in Cypress Cyw20735_Firmware

This repository is an offensive tool for firmware emulation and fuzzing. It provides a virtual environment to fuzz wireless firmwares, allowing for the extraction of their current state and re-execution in a virtual environment for fuzzing. The tool is currently optimized for the CYW20735 Bluetoo...

7.8CVSS7.2AI score0.00339EPSS
Exploits1
Gitee
Gitee
added 2025/07/27 3:46 a.m.107 views

Exploit for CVE-2017-0144

This repository is an offensive tool for Windows. It is an implementation of the DoublePulsar backdoor in C/C++. The tool includes a suite of exploits and detectors for various vulnerabilities, including the EternalBlue vulnerability CVE-2017-0144. The tool can be used to upload a DLL to a...

9.3CVSS8AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2025/07/27 3:35 a.m.107 views

fuzzdb-collect

Based on the provided code and context, here is a summary of the analysis: Classification: This is a Python script for brute-forcing 3-character...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/22 1:17 a.m.106 views

dostackbufferoverflowgood

This is a Windows executable file .exe named "dostackbufferoverflowgood.exe" that is intentionally vulnerable to a stack buffer overflow attack. The file is part of a repository on GitHub, which is a collection of resources for a talk on vulnerability exploitation. The file is a 32-bit executable...

8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:5 p.m.106 views

Exploit for Generation of Error Message Containing Sensitive Information in Postgresql

This is a PoC exploit for CVE-2021-3393, a Java source code static code analysis and danger function identifier program. The tool, named JavaID, identifies dangerous functions in Java source code by way of regular matching. It targets Java vulnerabilities such as XXE, Java Object Deserialization,...

4.3CVSS7.5AI score0.01187EPSS
Exploits2
Total number of security vulnerabilities1886