1886 matches found
Exploit for CVE-2016-2434
About This is where I will post analysis of Public Exploits, or some of my 1day exploits. Public exploit analysis - Personally I think the best way to learn a public exploit is by understanding it line-by-line until I can understand the exploit to the fullest. I will post some of these...
VulScan
MongoDB 未授权漏洞检测 mongodbunauth.py mongodbunauthmulti.py install python3 -m pip install pymongo mongodbunauth.py 单个IP检测 python3 mongodbunauth.py ip port zoounauthmulti.py 批量检测 python3 mongodbunauthmulti.py /root/unAuth/mongodb/us.txt 10...
CTFDefense
This repository, CTFDefense, contains tools for offline CTF Capture The Flag challenges. The tools are written in Python and are designed to monitor and analyze system events. The repository includes a script called SimpleMonitor.py, which uses the pyinotify library to watch for file system event...
browsersploit
This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...
Buffer-Overflow-Exploit-Development-Practice
It is an offensive tool for buffer overflow exploit development. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool is designed for buffer overflow exploit development, which typically involves vulnerabilities ...
scripts
This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...
sudo_inject
Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...
Exploit for Improper Initialization in Linux Linux_Kernel
This is a PoC exploit for the Dirty Pipe vulnerability CVE-2022-0847 on Android, specifically targeting Pixel 6 devices with a security patch level from 2022-02-05 to 2022-04-05. The exploit is designed to overwrite readable files and can't overwrite the first byte of each page each 4096 bytes. I...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
Pentest
This repository is an offensive tool for web application exploitation, specifically a backdoor for web applications. It contains a JavaScript file check.js that is designed to be injected into a web page to steal user credentials. The tool uses the jQuery library jquery.cookie.min.js to manage...
Ninja
This is an open-source C2 server created for stealth red team operations, specifically designed to bypass AMSI Advanced Threat and Malware Protection and other security measures. The server is written in PowerShell and utilizes various modules to achieve its goals. The server includes several...
CTFium
This is a collection of CTF Capture The Flag writeups by PersianCats. It is a repository of technical writeups for various CTF challenges from different events. The writeups cover a range of topics, including exploitation of vulnerabilities, reverse engineering, and binary analysis. The repositor...
malSploitBase
This repository contains a collection of exploit code and research related to various malware and crimeware tools. The exploits are categorized into different sections, including Banking, Exploit Pack, and Http Botnets. The Banking section contains exploits for various banking malware, such as...
Exploit for Out-of-bounds Read in Openssl
It is an exploit module/toolkit targeting OpenSSL versions vulnerable to CVE-2014-0160, also known as the Heartbleed vulnerability. The tool, ssltest.py, scans multiple hosts for this vulnerability in an efficient multi-threaded manner without exploiting the server. The probable entry point is th...
powertools
PowerTools Is Now Deprecated! PowerView and PowerUp have moved to the PowerSploit repository under ./Recon/ and ./Privesc/ respectively. PowerPick will move repository locations shortly back to its original home. PewPewPew is no longer supported. No pull requests will be accepted and no issues wi...
awesome-mobile-security
This is a curated repository of mobile security resources, specifically for Android and iOS. It aggregates various tools and references from their original owners, serving as a centralized hub for mobile security-related information. The repository does not contain any exploit code or tools but...
easy-linux-pwn
This is a set of Linux binary exploitation tasks for beginners on various architectures. The tasks are designed to be solved using a suggested approach, even if there are other easier ways. The tasks assume a dynamically linked libc with a known binary and require the use of ROP Return-Oriented...
exifcleaner
Cross-platform desktop GUI app to clean image metadata...
ASLRay
This repository contains a Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying. The exploit targets the test binary, which is a simple program that takes a string argument and prints it. The exploit works by spraying the stack with a large amount of data, which increases the chances ...
Crypt-SSLeay
This is a Perl module called Crypt::SSLeay, which provides OpenSSL support for LWP Library for WWW in Perl. The module is used to handle SSL/TLS connections and is part of the LWP distribution. The module has a version of 0.7304 and is maintained by A. Sinan Unur, David Landgren, Joshua Chamas, a...
Exploit for CVE-2018-3149
log4j2-exploits https://user-images.githubusercontent.com/37479424/145661983-131eb84a-9ac5-4014-9f6b-10b69d8d7cf4.mp4 This fundamental vulnerability was reported by CVE-2018-3149 and patched by this article. 8u121 Release Notes However, the logging library for java called log4j2 had JNDILookup,...
PrivEsc
PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...
commix
This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...
IOHIDeous
IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here. Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13.2 anymore, and I don't feel like investigating that. Maybe patched, maybe just the consequence of a random change, I...
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl
Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...
Exploit for CVE-2020-1472
ZeroLogon exploitation script Exploit code based on https://www.secura.com/blog/zero-logon and https://github.com/SecuraBV/CVE-2020-1472. Original research and scanner by Secura, modifications by RiskSense Inc. To exploit, clear out any previous Impacket installs you have and install Impacket fro...
Exploit for CVE-2021-4483
It is an offensive tool for PHP The repository contains a collection of PHP code snippets and functions for auditing and exploiting vulnerabilities, including a proof-of-concept exploit for CVE-2021-4483, an exploit module for targeting PHP applications, and a toolkit for auditing PHP code. The...
exifcleaner
Cross-platform desktop GUI app to clean image metadata...
pwn2exploit
pwn & exploit 这是些前段时间研究二进制的一些心得 Paper. 本来是希望能够从底层原理到全局把控的层次去整理. 这里只完成了部分的Paper, 还有很多的Paper只写了概要点. 个人有几篇 paper 还是很有参考价值的 linux进程动态so注入.md 这篇文章介绍了如何在目前的ELF下进行动态so注入, 介绍 gnu.hash 的结构和相关算法, 具体的代码可以参考evilELF, 代码设计规范. PWN之堆内存管理.md 这篇文章是我在阅读了很多参考资料和glibc后写的, 其中对于glibc分配算法中的各种缓存的设计有比较好的讲述以及对分配和释放算法有比价好的阐...
awesome-android-security
A curated list of Android Security materials and resources For Pentesters and Bug Hunters...
A-Red-Teamer-diaries
The provided context is a GitHub repository containing a Python script named RunFinger.py and a README.md file. The script is designed to gather information about the domain name and Windows machine running in the network. The README.md file contains information about the purpose of the script an...
pentest-wiki
This repository is an online security knowledge library for pentesters/researchers, providing information on various topics related to information gathering. The repository contains documentation on how to gather whois and DNS information, as well as Linux system architecture, processes, and user...
Exploit for Improper Access Control in Xen
kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...
Exploit for Path Traversal in Thecartpress Thecartpress_Ecommerce_Shopping_Cart
This is a PoC exploit for CVE-2015-3301, a vulnerability in the Stagefright media library that allows for remote code execution on Android devices. The exploit, called Metaphor, is designed to bypass Address Space Layout Randomization ASLR and execute arbitrary code on the device. The exploit...
pagodo
This is an offensive tool for web application discovery. The primary CVE ID is not present in the provided context. The target product/service or framework is Google Search, and the vulnerability class/vector is not explicitly stated. The probable entry points are scripts/modules such as...
Kernel-Bridge
This repository is an offensive tool for Windows kernel hacking. It is a Windows kernel hacking framework, driver template, hypervisor, and API written in C++. The primary function of this framework is to provide a set of tools for kernel-mode code injection, hooking, and manipulation. The...
disable_eval
This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...
docker-security-course
This is a vulnerable nodejs app for demos, as stated in the README.md file. The app is designed to demonstrate the use of Docker to clean up after a breach and prevent them from happening again in the future. The app is built using the Dockerfile, which creates an image with the name "node-hack"...
log4jScanner
This is a tool for scanning internal subnets for vulnerable log4j web services. It sends a JNDI payload to each discovered web service on common HTTP/S ports and logs the responding host IP. The tool does not send any exploits to the vulnerable hosts and is designed to be as passive as possible...
JavaDeserH2HC
This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...
PoC
Pedro Ribeiro @pedrib Exploit Dumping Grounds === This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC. advisories: all my public advisories, research notes, etc Pwn2Own: advisories related to my Pwn2Own...
GyoiThon
This is an offensive tool for penetration testing using machine learning. It is called GyoiThon. The tool is designed to perform penetration testing using machine learning algorithms and can be used to identify vulnerabilities in web applications and services. The tool uses a variety of technique...
WinPwn
This is an offensive tool for Windows. It is a PowerShell script repository, WinPwn, that automates various internal penetration test processes, including reconnaissance and exploitation. The script is designed to be used on a Windows system with no internet access, and it includes a menu-driven...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...
Exploit for CVE-2016-2610
This is a PoC exploit for CVE-2016-2610, a vulnerability in the PlayStation 4's kernel. The exploit targets the 4.55 firmware version and allows for arbitrary code execution as kernel. The exploit includes a loader that listens for payloads on port 9020 and executes them upon reception. The loade...
Exploit for CVE-2020-1189
PoC exploit for CVE-2020-1189, CVE-2020-1190, CVE-2020-1191, CVE-2020-1192, CVE-2020-1193, CVE-2020-1194, CVE-2020-1195, CVE-2020-1196, CVE-2020-1197, CVE-2020-1198, CVE-2020-1199, CVE-2020-1200, CVE-2020-1201, CVE-2020-1202, CVE-2020-1203, CVE-2020-1204, CVE-2020-1205, CVE-2020-1206,...
Exploit for Path Traversal in Apache Http_Server
This is a PoC exploit for CVE-2021-41773, a remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit targets the CGI enabled feature of these versions, allowing an attacker to execute arbitrary code on the server. The exploit is written in Python and uses...
payloadsallthethings
This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...