1886 matches found
KitHack
This is a collection of tools and scripts for the KitHack framework, a penetration testing tool. The repository includes a Python script, clean.sh, which is used to clean up the tools directory. The script checks if the user has root permissions and, if so, removes any tools that are not empty. T...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Redhat Enterprise_Linux
PoC exploit for CVE-2020-2732. It is an exploit for the PlayStation 4 on 5.05 firmware. The exploit targets the kernel and allows for arbitrary code execution. The exploit includes autolaunching code for Mira and Vortex's HEN payload. The bug was discovered by qwertyoruiopz. The exploit includes...
pentestdb
This is a repository of penetration testing tools and resources, specifically designed for web application security testing. The repository is called "pentestdb" and is maintained by a user named "alpha1e0". The repository contains a variety of tools and resources, including: 1. Exploit systems: ...
Exploit for Out-of-bounds Read in Openssl
This repository is an exploit for CVE-2014-0160, also known as the Heartbleed vulnerability. The exploit is designed to abuse OpenSSL clients that are vulnerable to this issue. The target product/service is OpenSSL, and the vulnerability class/vector is a buffer overflow in the TLS heartbeat...
Exploit for Use of Uninitialized Resource in Vmware Fusion
This is a VMware Escape Exploit, a proof-of-concept PoC exploit for CVE-2017-4905, targeting VMware WorkStation 12.5.5 and earlier versions. The exploit is designed to escape the VMware environment and execute arbitrary code on the host system. The exploit is written in C and uses a heap...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
PoC exploit for CVE-2021-44228, a Java logging library vulnerability. The target product/service is Apache Log4j, a Java logging library. The vulnerability class/vector is RCE Remote Code Execution via JNDI Java Naming and Directory Interface lookup. The probable entry points are JNDI lookups...
pwn2own2018
Pwn2Own 2018: Safari + macOS Safari RCE, sandbox escape, and LPE to kernel for macOS 10.13.3. Usage Install nasm and tornado: brew install nasm pip3 install tornado Check config.py if you want to change the host or ports. Afterwards start the server with ./server.py and navigate to the shown URL...
shellshocker-pocs
This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...
redteam-notebook
It is an offensive tool for network and web exploitation. The repository, redteam-notebook, contains a collection of commands, tips, and tricks for preparation and execution of red teaming activities, specifically for the OSCP exam. The primary vulnerability targeted is not explicitly stated, but...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Log4j2 日志内容 JNDI RCE 缓解措施 English version 国际镜像:https://github.com/zhangyoufu/log4j2-without-jndi 国内镜像:https://code.aliyun.com/zhangyoufu/log4j2-without-jndi/tree/master 使用方式 1. 寻找部署目录下的 log4j2-core 组件 find . -name 'log4j-core.jar' 2. 对找到的 log4j2-core JAR 包实施缓解措施 方式1: 使用 zip 命令从 JAR...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4J-RCE-Proof-Of-Concept CVE-2021-44228 This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: - https://www.lunasec.io/docs/blog/log4j-zero-day - https://github.com/advisories/GHSA-jfh8-c2jp-5v3q - https://github.com/apache/logging-log4j2/pull/608 -...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Usage ./CVE-2020-0796.py servername This script connects to the target host, and compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash the target. This...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso Exploit analysis POC Analysis by SungLin Knownsec 404 Team Writeup+PoC by @ZecOps References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796...
advisory-db
This is a security advisory database repository for Rust crates published via crates.io. The repository contains a collection of security advisories filed against various Rust crates, with each advisory containing information in TOML format. The advisories are categorized by crate name, and each...
TIDoS-Framework
The TIDoS Framework is a comprehensive web application penetration testing framework written in Python. It has five main phases: Reconnaissance, Scanning & Enumeration, Vulnerability Analysis, Exploits Castle, and Auxiliaries. The framework is designed to automate various tasks, including...
rtfm
This is a Debian package for a Python application called "RTFM" Read The Fine Manual. The package is version 0.96-RC1 and is intended for the "all" architecture. The package contains a single file, "rtfm.py", which is the main executable script for the application. The package also contains a...
ProcessInjection
It is an offensive tool for Windows. This repository contains proof-of-concept PoC code for injecting a DLL into a running process on Windows. The primary CVE ID is not explicitly stated, but the code appears to target a vulnerability in the Windows operating system. The target product/service is...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
ProxyVulns
ProxyVulns ProxyLogon Usage: python3 26855.py 1.1.1.1 ProxyOracle url Once a victim clicks this link, evil.com will receive the cookies...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...
Exploit for Incorrect Permission Assignment for Critical Resource in Tenable Nessus
Deprecated. Have a look at Watson instead. Sherlock PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
This is a collection of proof-of-concept PoC code for various kernel vulnerabilities. Here's a breakdown of the code and its implications: CVE-2015-0569 This PoC exploits a buffer overflow vulnerability in the prima wlan driver. The code writes a large buffer to a kernel memory location, causing ...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu
Experiments related to CVE-2015-3456 There is: - exploit/ is an "exploit" it just crashes QEMU. - mock/ contains a stripped down version of QEMU. Only the vulnerability remains. - patch/ contains a program to patch a running instance of QEMU. The main point is to not need debug symbols, nor the...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This repository contains Nmap NSE Network Sniffer Engine scripts designed to check for log4shell or LogJam vulnerabilities CVE-2021-44228 in various services. The scripts are written in Lua and are intended to be used with the Nmap network scanning tool. The scripts are categorized into different...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This repository is an operational information repository regarding the vulnerability in the Log4j logging library CVE-2021-44228. It contains information on Indicators of Compromise IoCs, detection rules, and scanning software related to the vulnerability. The repository is maintained by the...
Exploit for Out-of-bounds Write in 7-Zip
This repository is an exploit module for CVE-2022-29072, a privilege escalation vulnerability in 7-Zip through version 21.07 on Windows. The vulnerability allows an attacker to execute commands with elevated privileges when a file with the .7z extension is dragged to the HelpContents area. The...
Privesc
Privesc Windows PowerShell script that finds misconfiguration issues which can lead to privilege escalation. Disclaimer This repository contains tool developed strictly for educational purposes. Any misuse of the tool for illegal activities is strictly prohibited. Legal Notice It is important to...
Exploit for Use After Free in Microsoft
微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...
tidos-framework
The TIDoS Framework is an open-source, Python-based web application penetration testing framework. It is designed to cover various phases of a penetration test, including reconnaissance, scanning and enumeration, vulnerability analysis, and exploitation. The framework is built on top of the SQLit...
CTFDefense
This repository, CTFDefense, contains tools for offline CTF Capture The Flag challenges. The tools are written in Python and are designed to monitor and analyze system events. The repository includes a script called SimpleMonitor.py, which uses the pyinotify library to watch for file system event...
metasploit-framework
This repository is an offensive tool for Metasploit Framework. It is a collection of files and workflows used to build and test the Metasploit Framework, a penetration testing tool. The repository contains various templates for reporting issues, suggesting new features, and submitting pull...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in the Apache Log4j logging library. The repository, mirrorsyahoo/check-log4j, contains a tool called check-log4j that attempts to determine if a host is vulnerable to this vulnerability by looking for the presence of...
MaraDNS
MaraDNS is an open-source DNS server. It is a small, lightweight, and highly customizable DNS server that can be used as an authoritative or recursive nameserver. MaraDNS is written in C and is designed to be easy to configure and use. The repository contains a variety of files, including a READM...
Exploit for CVE-2021-1675
It Was All A Dream A CVE-2021-34527 a.k.a PrintNightmare Python Scanner. Allows you to scan entire subnets for the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, i...
php-saml
This is a PHP library for implementing SAML Security Assertion Markup Language authentication and authorization. It is a toolkit for adding SAML support to PHP software. The library is compatible with PHP 5.3.2 and later versions, and it uses the xmlseclibs library for XML encryption and...
Exploit for Improper Input Validation in Mozilla Firefox
Full chain exploit for CVE-2019-11708 & CVE-2019-9810 This is a full browser compromise exploit chain CVE-2019-11708 & CVE-2019-9810 targeting Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 t...
Linux_kernel_exploits
Linuxkernelexploits Some Linux kernel exploits for various real world kernel vulnerabilities here. More exploits are yet to come. This repo contains the exploits developed during a research project, as well as the code of FUZE to facilitate exploit generation. What is FUZE FUZE is a framework to...
PowerShell-Suite
This is an offensive tool for Windows UAC bypass. It is a PowerShell module called "Bypass-UAC" that provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is designed to bypass User Account Control UAC on Windows systems, allowing an...
Exploit for OS Command Injection in Docker
This repository is an offensive tool for container exploitation. The primary capability of this tool is to perform a container breakout via exposed Docker daemons docker.sock, CVE-2019-5736, and privileged container breakout via enabled CAPS and SYSCALLS. It also extracts data from Linux Kernel...
Exploit for CVE-2016-2434
About This is where I will post analysis of Public Exploits, or some of my 1day exploits. Public exploit analysis - Personally I think the best way to learn a public exploit is by understanding it line-by-line until I can understand the exploit to the fullest. I will post some of these...
Exploit for Use After Free in Google Chrome
CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe. host iframe.html on one site an...
geminabox
It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...
Buffer-Overflow-Exploit-Development-Practice
It is an offensive tool for buffer overflow exploit development. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool is designed for buffer overflow exploit development, which typically involves vulnerabilities ...
scripts
This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...
mitmf
This is a Python-based framework for Man-In-The-Middle MITM attacks, called MITMf. It is designed to provide a one-stop-shop for various network attacks and techniques. The framework contains a built-in SMB, HTTP, and DNS server that can be controlled and used by various plugins. It also includes...
Exploit for CVE-2010-1485
PoC exploit for CVE-2010-1485, Exploit module/toolkit targeting XXE vulnerability. The target product/service or framework is unspecified, but the tool is designed to automate exploitation of XXE vulnerabilities in various applications. The vulnerability class/vector is XXE XML eXternal Entity. T...
Gopherus
This tool is called Gopherus and it generates gopher links for exploiting Server-Side Request Forgery SSRF and gaining Remote Code Execution RCE in various servers. The tool can be used to exploit vulnerabilities in MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP servers. The tool...
Exploit for Cleartext Transmission of Sensitive Information in Paloaltonetworks Cortex_Xdr_Agent
Nuclei2Snort 📖 项目介绍 Nuclei2Snort 是一个高效的自动化工具,用于将 Nuclei POC(Proof of Concept)模板批量转换为 Snort IDS/IPS 规则。该工具帮助安全研究人员和运维团队快速将 Nuclei 的漏洞检测模板转换为可部署的网络入侵检测规则。 ✨ 主要特性 - 🚀 批量转换: 支持单文件和目录批量转换 - 🌐 智能翻译: 集成腾讯云翻译API,自动将英文漏洞描述翻译为中文 - 🔧 自动分类: 智能识别漏洞类型并映射到相应的Snort分类 - ⚡ 并发处理: 支持多线程并发转换,提高处理效率 - 🛡️ 安全配置:...
SharPyShell
SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C web applications that runs on .NET Framework = 2.0VB is not supported atm. Usage python3 SharPyShell.py genera...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...