Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/14 6:5 p.m.106 views

Exploit for Generation of Error Message Containing Sensitive Information in Postgresql

This is a PoC exploit for CVE-2021-3393, a Java source code static code analysis and danger function identifier program. The tool, named JavaID, identifies dangerous functions in Java source code by way of regular matching. It targets Java vulnerabilities such as XXE, Java Object Deserialization,...

4.3CVSS7.5AI score0.01187EPSS
Exploits2
Gitee
Gitee
added 2025/09/06 9:25 p.m.106 views

metasploit-framework

This is an offensive tool for penetration testing. It is the Metasploit Framework, a comprehensive platform for developing and executing exploits. The framework is written in Ruby and provides a wide range of features for penetration testing, including exploit development, vulnerability scanning,...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:59 a.m.106 views

Exploit for Improper Input Validation in Samsung Samsung_Mobile

PoC exploit for CVE-2016-4038, a 0day vulnerability in System Management Mode code execution for Lenovo ThinkPad model line. The exploit targets the SystemSmmRuntimeRt UEFI driver GUID: 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and allows arbitrary code execution in System Management Mode. The...

7.8CVSS7.9AI score0.00352EPSS
Exploits1
Gitee
Gitee
added 2025/09/22 1:42 a.m.105 views

RedTeam-Tactics-and-Techniques

It is an offensive tool for Windows. The repository contains a script that appears to be a Windows shell extension, likely used for red teaming or penetration testing. The script is written in a format compatible with the Windows Taskbar and Shell. The script is designed to toggle the desktop,...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:26 p.m.105 views

JustTryHarder

This is a cheat sheet repository for the PWK Pentester's Workbench course and the OSCP Offensive Security Certified Professional exam. It is inspired by PayloadAllTheThings. The repository contains various tools, scripts, and resources for penetration testing and exploitation. The repository...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:25 p.m.105 views

Software-Security-Learning

It is an offensive tool for binary analysis. The repository Software-Security-Learning contains a collection of resources for learning software security, including tools and tutorials for binary analysis. The tools listed include Pharos, Angr, Vuzzer, PEDA, and pwntools, which are used for static...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 2:39 p.m.105 views

rapidscan

This is a Python-based web vulnerability scanner called RapidScan. It is designed to automate the process of security scanning by using a multitude of available Linux security tools and some custom scripts. The tool is still under development and currently supports around 80 vulnerability tests...

6.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:52 a.m.105 views

TEE-reversing

This repository is an offensive tool for learning how to reverse-engineer and achieve trusted code execution on ARM devices. It contains a curated list of public TEE resources, including papers on TEE reversing and security analysis. The repository includes links to various papers and resources o...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/09/21 8:32 p.m.104 views

MUD-Manager

This is an offensive tool for IoT devices. It is an exploit module for the Cisco MUD-Manager, which is a technique for constrained end devices to signal to the network what sort of access and network functionality they require to properly function. The tool is designed to exploit vulnerabilities ...

8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:50 p.m.104 views

AutoRDPwn

This is a post-exploitation framework called AutoRDPwn, written in PowerShell. It is designed to automate the Shadow attack on Microsoft Windows computers, which allows a remote attacker to view and control the victim's desktop without their consent. The framework has a user-friendly interface an...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/09/13 6:50 p.m.104 views

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/13 1:25 a.m.104 views

hackingtool

This is an all-in-one hacking tool for hackers, written in Python. The tool is designed to be run on Linux, Kali Linux, or Parrot OS. It provides a menu-driven interface for various hacking tasks, including information gathering, wireless attacks, SQL injection, phishing, web attacks,...

7.8AI score
Exploits0
Gitee
Gitee
added 2025/09/13 12:37 a.m.104 views

Exploit for Out-of-bounds Read in Openssl

PoC exploit for CVE-2014-0160 Heartbleed. The target product/service is OpenSSL, and the vulnerability class/vector is memory disclosure specifically, the ability to extract private keys. The probable entry point is the ssl3writebytes function, which is sometimes exported in OpenSSL libraries. Th...

7.5CVSS6.7AI score0.99999EPSS
Exploits87
Gitee
Gitee
added 2025/09/06 12:58 a.m.104 views

Exploit for CVE-2021-34527

A PrintNightmare CVE-2021-34527 Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, it does not actually...

9CVSS9.3AI score0.99759EPSS
Exploits41
Gitee
Gitee
added 2025/07/27 4:3 a.m.104 views

command-injection-payload-list

It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...

7.7AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:44 a.m.104 views

graphql-playground

This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...

6.3AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:28 a.m.104 views

welpwn

Introduction Pwnning is an art. welpwn is designed to make pwnning an art, freeing you from dozens of meaningless jobs. Features - Automatically get those magic values for you. - libc address - heap address - stack address - program address with PIE - canary - Support multi glibc debugging. - 2.1...

6.8AI score
Exploits0
Gitee
Gitee
added 2024/04/26 3:33 p.m.104 views

Gopherus

This tool, Gopherus, is designed to generate gopher links for exploiting Server-Side Request Forgery SSRF and gaining Remote Code Execution RCE in various servers. The tool supports multiple protocols and services, including MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP. The tool...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:2 p.m.103 views

WindowsRegistryRootkit

It is an offensive tool for Windows. This repository contains a kernel rootkit that resides within Windows registry value data, developed by Oleksiuk Dmytro aka Cr4sh. The rootkit exploits a zero-day vulnerability in win32k.sys, a Windows kernel-mode driver, through a buffer overflow in the...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:55 p.m.103 views

Some-PoC-oR-ExP

This repository is an offensive tool for collecting or writing various vulnerability POCs and exploits. The primary vulnerability targeted by the provided code is CNVD-2020-10487, a Tomcat-Ajp LFI Local File Inclusion vulnerability. The tool is designed to exploit this vulnerability to gain...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:42 p.m.103 views

Exploit for OS Command Injection in Apache Airflow

This is a proof-of-concept PoC exploit for CVE-2020-11978, a remote code execution RCE vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experiment...

8.8CVSS9.6AI score0.99118EPSS
Exploits9
Gitee
Gitee
added 2025/07/27 4:2 a.m.103 views

Exploit for Use After Free in Adobe Flash_Player

CobaltStrike-Toolset Aggressor Script, Kit, Malleable C2 Profiles, External C2 and so on - Kits - ResourceKit - ExploitKit - Aggressor Script - chromedumpmimikatz.cna - nopowershell - SMBexecpsh Further Resources nopowershell smbexecpsh.cna CVE-2018-15982...

10CVSS7.2AI score0.81971EPSS
Exploits13
Gitee
Gitee
added 2025/07/25 11:30 a.m.103 views

Exploit for Deserialization of Untrusted Data in Google Android

CVE-2024-31317 Can I even use this? This was patched in https://source.android.com/docs/security/bulletin/2024-06-01 If your device runs a patch under 2024-06-01 you can use this. The "Google Play system update" date is irrevelant and you can and should update your google play. How to use the...

7.8CVSS7.9AI score0.00779EPSS
Exploits12
Gitee
Gitee
added 2025/07/06 3:25 a.m.103 views

Exploit for Use After Free in Google Android

This is a PoC Proof of Concept application demonstrating the power of an Android kernel arbitrary R/W, targeting CVE-2019-2215. The application is designed to exploit this vulnerability, which allows for arbitrary read and write access to the kernel. The exploit is implemented in the native/poc.c...

7.8CVSS8.7AI score0.72105EPSS
Exploits27
Gitee
Gitee
added 2025/09/14 6:46 p.m.102 views

Vanquish

It is an offensive tool for enumeration. The tool is called Vanquish, and it is designed to perform multiple active information gathering phases on a target system. It is built in Python and leverages various open-source enumeration tools on Kali Linux. The tool can be installed using the command...

7.8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:28 p.m.102 views

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2019-0708. The target product/service is Windows Remote Desktop, and the vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the poc.py script, which is typically invoked by running it directly. The expected impact is remote cod...

10CVSS8.2AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2025/09/14 5:35 p.m.101 views

pentest_compilation

It is an offensive tool for Windows. The repository contains a compilation of commands, tips, and scripts used for penetration testing and red teaming exercises. The provided code snippet is an XML file named "detalle.SettingContent-ms" located in the "Phishing" directory. This file appears to be...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:18 p.m.101 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a proof-of-concept PoC exploit for a vulnerability in the bwconn.dll library, which is a Windows RPC Remote Procedure Call client. The vulnerability is identified as CVE-2016-0856. The PoC exploit is written in Python and uses the ctypes library to interact with the bwconn.dll library. Th...

10CVSS8.2AI score0.16655EPSS
Exploits9
Gitee
Gitee
added 2025/09/06 2:15 p.m.101 views

Exploit for CVE-2015-1805

This repository contains a collection of exploits for various vulnerabilities, including CVE-2015-1805, CVE-2017-7184, CVE-2017-2636, and CVE-2017-8890. The exploits are written in C and are designed to demonstrate the vulnerabilities in the Linux kernel. CVE-2015-1805 is a vulnerability in the...

7.8CVSS8.6AI score0.01902EPSS
Exploits11
Gitee
Gitee
added 2025/09/06 9:19 a.m.101 views

advisory-db

This is a security advisory database for Rust crates published through crates.io. The database is stored in TOML format and contains information about security advisories filed against various Rust crates. The advisories include details such as the affected package, patched versions, and a...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/06 2:37 a.m.101 views

ruby-advisory-db

This is a database of security advisories for Ruby libraries, maintained by the ruby-advisory-db project. The database contains a list of directories that match the names of Ruby libraries on rubygems.org, with each directory containing one or more advisory files for the library. Each advisory fi...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:28 p.m.100 views

Exploit for CVE-2021-22006

It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is CVE-2021-22006. The target product/service is Java-based applications, specifically those using JNDI services. The vulnerability class/vector is RCE Remote Code Execution, and the probable entry points are...

7.5CVSS7AI score0.06334EPSS
Exploits2
Gitee
Gitee
added 2025/09/13 3:49 p.m.100 views

Windows

It is an offensive tool for Windows exploitation. The repository contains a collection of tools for exploiting Windows, including exploits, post-exploitation agents, and PowerShell tools. The tools are organized into categories, such as Exploitation, PowerShell, and Misc. Some of the tools includ...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/13 5:2 a.m.100 views

peda

This repository is an offensive tool for exploit development. It is a Python Exploit Development Assistance for GDB PED A, which is a script that helps speed up the exploit development process on Linux/Unix. The tool is designed to work with GDB 7.x and Python 2.6+. The tool has various features,...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/28 8:46 p.m.99 views

discover

This is a collection of custom bash scripts used to automate various penetration testing tasks, including reconnaissance, scanning, enumeration, and malicious payload creation using Metasploit. The scripts are designed to be used with Kali Linux. The scripts are organized into several categories,...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:7 p.m.99 views

TL-BOTS

The repository TL-BOTS contains a collection of source code for various botnets. The botnets are categorized into several folders, including TL.BOTNET, TL.EXPLOITSCAN, and TL.IRC. The TL.BOTNET folder contains botnets that may be merged with TL-TROJAN at a later date, while the TL.EXPLOITSCAN...

8AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:3 p.m.99 views

postenum

It is an offensive tool for Linux enumeration and privilege escalation. The primary CVE ID is not explicitly mentioned, but the tool is designed to automate the process of gathering critical system information after gaining a foothold, which implies it targets vulnerabilities that allow initial...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:19 p.m.99 views

ExploitRemotingService

This is a .NET Remoting Service exploit tool. It is a proof-of-concept PoC exploit for a vulnerability in the .NET Remoting Service. The tool is designed to demonstrate the exploitation of this vulnerability, which allows an attacker to execute arbitrary code on a remote system. The tool consists...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:19 a.m.99 views

graphql-playground

It is an offensive tool for GraphQL. This repository contains a proof-of-concept PoC exploit for a vulnerability in the GraphQL Playground, a popular IDE for GraphQL development. The exploit targets an XSS Reflection attack vulnerability in the graphql-playground-html package, which was resolved ...

6.3AI score
Exploits0
Gitee
Gitee
added 2025/09/13 1:13 a.m.99 views

boopkit

This is a Linux rootkit and backdoor built using eBPF Extended Berkeley Packet Filter. The tool is called "boopkit" and is designed to establish a reverse TCP connection from a remote server to a local machine. The tool has several options, including: -lhost and -lport to specify the local host a...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:5 a.m.99 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现: http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

9.8CVSS7.9AI score0.99993EPSS
Exploits74
Gitee
Gitee
added 2025/07/27 4:4 a.m.99 views

xsser

XSSER ========== Presentation From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 Demo Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZO40vP-eKsgf Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj Version 2.75 - 2017: Non...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:24 a.m.99 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Remote Code Execution POC c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes Remote Code Execution POC for CVE-2020-0796 / "SMBGhost" Expected outcome: Reverse shell with system access. Intended only for educational and testing in corporate environments. ZecOps...

10CVSS9.3AI score0.9981EPSS
Exploits128
Gitee
Gitee
added 2025/07/06 2:32 a.m.99 views

Auto-Root-Exploit

Auto-Root-Exploit Auto Root Exploit Tool Author : Nilotpal Biswas Facebook : https://www.facebook.com/nilotpal.biswas.73 Twitter : https://twitter.com/nilotpalhacker USAGE : for kernel version 2.6 all bash autoroot.sh 2 for kernel version 3 all bash autoroot.sh 3 for kernel version 4 all bash...

7AI score
Exploits0
Gitee
Gitee
added 2025/06/25 11:17 p.m.99 views

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/09/28 8:56 p.m.98 views

KitHack

This is a collection of tools and scripts for the KitHack framework, a penetration testing tool. The repository includes a Python script, clean.sh, which is used to clean up the tools directory. The script checks if the user has root permissions and, if so, removes any tools that are not empty. T...

7.2AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:38 p.m.98 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Enterprise_Linux

PoC exploit for CVE-2020-2732. It is an exploit for the PlayStation 4 on 5.05 firmware. The exploit targets the kernel and allows for arbitrary code execution. The exploit includes autolaunching code for Mira and Vortex's HEN payload. The bug was discovered by qwertyoruiopz. The exploit includes...

6.8CVSS8.3AI score0.00927EPSS
Exploits1
Gitee
Gitee
added 2025/09/14 6:9 p.m.98 views

pentestdb

This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:3 p.m.98 views

Exploit for Out-of-bounds Read in Openssl

This repository is an exploit for CVE-2014-0160, also known as the Heartbleed vulnerability. The exploit is designed to abuse OpenSSL clients that are vulnerable to this issue. The target product/service is OpenSSL, and the vulnerability class/vector is a buffer overflow in the TLS heartbeat...

7.5CVSS7.2AI score0.99999EPSS
Exploits87
Gitee
Gitee
added 2025/09/14 5:56 p.m.98 views

p0wnedShell

This is an offensive PowerShell host application written in C that runs PowerShell commands and functions within a PowerShell runspace environment. It includes various offensive PowerShell modules and binaries to facilitate post-exploitation activities, such as bypassing mitigations and creating...

7.1AI score
Exploits0
Total number of security vulnerabilities1886