Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2025/09/06 12:46 a.m.85 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit is written in C and uses a heap overflow technique to gain elevated privileges. The exploit is designed to be run on a system with the vulnerable sudo version installed. The usage of the...

7.8CVSS7.9AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2025/09/06 12:17 a.m.85 views

xss

This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:59 a.m.85 views

OSCP

OSCP Hello world! This repo contain some of the scripts, exploits, and documents made during my OSCP journey. The list include but not limited to the following: LinuxPrivCheck.sh Yes, there are far better scripts out there, However this one has less output to go thru and it has colors. Think basi...

8.2AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:6 a.m.85 views

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

6.5AI score
Exploits0
Gitee
Gitee
added 2025/07/06 2:42 a.m.85 views

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

CVE-2019-19781 Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash CVE-2019-19781.sh XX.XX.XX.XX 'cat /etc/passwd' Reference :...

9.8CVSS9.6AI score0.99999EPSS
Exploits48
Gitee
Gitee
added 2024/04/25 5:50 p.m.85 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

hacktheboxoscp 介绍 准备oscp考试过程中做的hackthebox里的oscp向靶机 因为oscp考试内容改变,新增域渗透。所以还有红日出的vulnstack靶场 新增:endgame,fortresses,open beta season对应HTB相应的栏目。是oscp向靶机列表外练手打的 靶机摘要 hackthebox lame lame vsftpd笑脸漏洞烟雾弹,samba服务漏洞才是真凶 legacy ms08-067,但靶机有点问题,除了第一次,后面都连不上端口了 blue blue 神似 修改命名管道,手打ms17-010 Devel Devel 神似...

5.9CVSS7AI score0.45205EPSS
Exploits2
Gitee
Gitee
added 2025/09/14 11:40 a.m.84 views

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a searchable archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/13 9:8 p.m.84 views

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is written in Python and provides a set of tools for developing and executing exploits. The library is designed to be extensible and customizable, allowing users to easily add new functionality and plugins. The library i...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/13 5:43 p.m.84 views

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/13 12:52 a.m.84 views

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass and CodeExecution, which provide various functions for bypassi...

7.6AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:9 p.m.84 views

Exploit for OS Command Injection in Sixapart Movable_Type

cve-2021-20837-poc PoC for the CVE-2021-20837 : RCE in MovableType This vulnerability was discovered with the collaboration of The.Criminal.One. This PoC was developped by him. BLOG POST: https://nemesis.sh/posts/movable-type-0day/...

9.8CVSS9.3AI score0.88144EPSS
Exploits11
Gitee
Gitee
added 2025/09/06 11:51 a.m.84 views

InfiniteWP-exploit

It is an exploit module for InfiniteWP Client 1.9.4.5 - Authentication Bypass. The primary CVE ID is not explicitly stated, but the exploit is based on a vulnerability disclosed at https://0day.work/infinitewp-client-1-9-4-5-authentication-bypass/. The target product/service is InfiniteWP Client,...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:23 a.m.84 views

uptux

uptux Specialized privilege escalation checks for Linux systems. Implemented so far: - Writable systemd paths, services, timers, and socket units - Disassembles systemd unit files looking for: - References to executables that are writable - References to broken symlinks pointing to writeable...

7.3AI score
Exploits0
Gitee
Gitee
added 2025/09/14 5:51 p.m.83 views

Beebeeto-framework

This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 3:40 p.m.83 views

RootHelper

This is an offensive tool for Linux privilege escalation. The primary CVE ID is not explicitly mentioned, but the tool fetches scripts that aid in privilege escalation, suggesting that it targets vulnerabilities in Linux systems. The tool, called RootHelper, downloads and unzips scripts that...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 9:55 a.m.83 views

Exploit for OS Command Injection in Gnu Bash

PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...

10CVSS8.5AI score0.99999EPSS
Exploits131
Gitee
Gitee
added 2025/09/13 4:36 a.m.83 views

threat-detection-as-code

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. The...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/09/06 2:18 p.m.83 views

awesome-windows-exploitation

This is a curated list of Windows Exploitation resources and tools. The list is organized by category, including Windows stack overflows, Windows heap overflows, kernel-based Windows overflows, Windows kernel memory corruption, return-oriented programming, Windows memory protections, bypassing...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:36 a.m.83 views

maltrail

It is an offensive tool for network traffic analysis. The primary CVE ID is not present in the provided context, but the tool is designed to detect malicious traffic. The target product/service or framework is not explicitly stated, but it is likely a network traffic analysis system. The...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/08/03 4:14 a.m.83 views

personal-security-checklist

It is an offensive tool for community guidelines and contributor policies. The repository contains a curated checklist of 300+ tips for protecting digital security and privacy in 2022. The primary CVE ID is not present in the provided context. The target product/service or framework is not...

6.8AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:45 a.m.83 views

Dictionary-Of-Pentesting

This repository is an offensive tool for bug bounty hunting and penetration testing, specifically a dictionary collection project for various types of attacks, including Pentesing, Fuzzing, Bruteforce, and BugBounty. The primary target product/service is not explicitly stated, but the repository...

6.6AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:17 a.m.83 views

Exploit for CVE-2011-3918

This repository is an Android Exploits collection, containing various exploits and hacks for Android devices. The exploits are categorized into different types, including Denial of Service DoS and remote code execution. The DoS exploits include: Android FTPServer 1.9.0 Remote DoS CVE-2011-3918...

7.8CVSS9.9AI score0.02399EPSS
Exploits7
Gitee
Gitee
added 2025/07/27 4:4 a.m.83 views

shelling

This repository is an offensive tool for OS command injection. It is a comprehensive OS command injection payload generator, suitable for detecting OS command injection vulnerabilities. The tool, named SHELLING, provides a customizable payload generator with various features, including support fo...

7.8AI score
Exploits0
Gitee
Gitee
added 2024/11/08 10:25 a.m.83 views

hackingtool

This is an offensive tool for a comprehensive hacking suite. The primary purpose of this tool is to provide a wide range of functionalities for hackers, including information gathering, exploitation, and post-exploitation activities. The tool is designed to be user-friendly and can be run on...

8.3AI score
Exploits0
Gitee
Gitee
added 2025/09/28 8:37 p.m.82 views

gauntlt

This is an offensive tool for web application security testing. It is a ruggedization framework that enables security testing that is usable by devs, ops, and security. The tool is called Gauntlt. The target product/service or framework is not explicitly stated, but based on the examples provided...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/09/14 1:24 p.m.82 views

anti-xss

It is an offensive tool for PHP. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to prevent Cross-site scripting XSS attacks. The target product/service is PHP, and the vulnerability class/vector is XSS. The probable entry points are not explicitly...

5.7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:6 p.m.82 views

poc

Proof of Concepts As the result of plugin writing or just general bug hunting, researchers at Tenable often stumble upon new and interesting vulnerabilities. These vulnerabililities are shared with the community on our company blog, Medium, or through our research advisories. We've decided to...

7.5AI score
Exploits0
Gitee
Gitee
added 2025/09/06 2:15 a.m.82 views

php-saml

This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:17 a.m.82 views

La MaraDNS

MaraDNS is a small open-source DNS server. It is an authoritative DNS server that handles recursion using the included "Deadwood" program. The MaraDNS repository contains various files, including a README, CHANGELOG, and Dockerfile, which provide information on how to compile and run MaraDNS, as...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:45 a.m.82 views

BigBountyRecon

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation...

7AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:42 a.m.82 views

pentest-guide

This repository is an offensive tool for penetration testing, specifically a guide based on OWASP Open Web Application Security Project including test cases, resources, and examples. It contains various modules and tools for testing different types of vulnerabilities, such as Brute Force, Busines...

7.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:40 a.m.82 views

pathbrute

This is an exploit module/toolkit targeting web servers, specifically designed to brute force directories and files names. The tool, named "pathbrute," uses wordlists from Exploit databases and Metasploit to identify interesting content on servers, including potentially vulnerable websites. It ca...

7.4AI score
Exploits0
Gitee
Gitee
added 2025/07/06 3:24 a.m.82 views

Exploit for Improper Authentication in Microsoft

Exploit and detect tools for CVE-2020-0688Microsoft Exchange default MachineKeySection deserialize vulnerability build csc ExchangeCmd.cs csc ExchangeDetect.cs usage ExchangeDetect ExchangeCmd sub commands: exec args exec command arch get remote process architecturefor shellcode shellcode run...

9CVSS9.4AI score0.99965EPSS
Exploits30
Gitee
Gitee
added 2024/11/24 5:32 p.m.82 views

cve_article

No description provided...

7AI score
Exploits0
Gitee
Gitee
added 2024/10/02 3:53 p.m.82 views

aflnet_profuzzbench

It is an offensive tool for network protocols. The primary CVE ID is not present in the provided context, but the tool is an extension of American Fuzzy Lop AFL, which is a greybox fuzzer for protocol implementations. The tool, AFLNet, is seeded with a corpus of recorded message exchanges between...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/13 8:20 a.m.81 views

browserify-sourcemap-poc

This is a proof-of-concept repository for browserify source mapping. The repository contains a index.js file that reads the contents of three JavaScript files foo.js, bar.js, and sub/foo.js and creates a source map for each file. The source map is then used to map the original source code to the...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 10:17 p.m.81 views

Exploit for Code Injection in Vmware Spring_Framework

No description...

9.8CVSS8.2AI score0.99677EPSS
Exploits101
Gitee
Gitee
added 2025/09/06 11:50 a.m.81 views

Exploit for Improper Input Validation in Vmware Vcenter_Server

No description provided...

10CVSS7AI score0.99999EPSS
Exploits13
Gitee
Gitee
added 2025/09/06 8:23 a.m.81 views

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

7AI score
Exploits0
Gitee
Gitee
added 2025/08/03 5:6 a.m.81 views

vulns

It is an offensive tool for Linux. The repository, 'vulns', contains a collection of vulnerabilities and attacks, including Slowloris, BEAST, CRIME, BREACH, TIME, Heartbleed, CCS Injection, Shellshock, Drupalgeddon, POODLE, goto fail, GHOST, FREAK, Superfish, Rowhammer, Logjam, Stagefright, VENOM...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 4:4 a.m.81 views

suricata-rules

suricata-rules Suricata是一个优秀的开源入侵检测系统,此项目记录安全运营人员提取的高质量Suricata IDS规则,欢迎大家提交。 规则编写要求如下 每个规则对应新建目录如下 webshell检测 规则目录名称-按照对应检测规则描述清楚即可 - webshell.pcap 规则对应的pcap包,尽量以flow的形式保存 - websehll.rules 自己提取的规则文件,尽量测试过提交。 - README 可以描述一些规则相关的东西,便于他人理解,支持Markdown 规则目录...

7.1AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:36 a.m.81 views

Exploit for Improper Authentication in Microsoft

cve-2020-0688 Usage: usage: cve-2020-0688.py -h -s SERVER -u USER -p PASSWORD -c CMD optional arguments: -h, --help show this help message and exit -s SERVER, --server SERVER ECP Server URL Example: http://ip/owa -u USER, --user USER login account Example: domain\user -p PASSWORD, --password...

9CVSS9.4AI score0.99965EPSS
Exploits30
Gitee
Gitee
added 2025/09/14 4:50 p.m.80 views

tactical-exploitation

This is a tactical exploitation toolkit repository. It contains a Python script called "easywin.py" that provides a toolkit for exploit-less attacks aimed at Windows and Active Directory environments. The script leverages information gathering and brute force capabilities against the SMB protocol...

6.7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 4:41 a.m.80 views

sinatra

This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/09/06 11:51 a.m.80 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository contains a PoC Proof of Concept code for the BlueBorne vulnerabilities. The BlueBorne vulnerabilities are a set of vulnerabilities in the Bluetooth Low Energy BLE protocol that allow an attacker to remotely execute code on a device. The vulnerabilities were discovered in 2017 and...

8.8CVSS7.4AI score0.2285EPSS
Exploits19
Gitee
Gitee
added 2025/08/09 11:20 p.m.80 views

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

6.9AI score
Exploits0
Gitee
Gitee
added 2025/07/27 3:43 a.m.80 views

Priv2Admin

This repository, Priv2Admin, is an exploitation path that allows users to misuse Windows privileges to elevate their rights within the OS. The repository lists various Windows privileges and their corresponding impact, tools, execution paths, and remarks. The privileges include...

6.8AI score
Exploits0
Gitee
Gitee
added 2024/08/18 10:18 p.m.80 views

Exploit for CVE-2018-2894

Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中,修复了Weblogic Web Service Test Page中一处任意文件上传漏洞,Web Service Test Page 在“生产模式”下默认不开启,所以该漏洞有一定限制, 利用该漏洞,可以上传任意jsp文件,进而获取服务器权限。 0x02 漏洞环境 Ubuntu 16.04 https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2894/ 执行如下命令,启动weblogic 12.2.1....

9.8CVSS6.8AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2021/10/19 5:1 p.m.80 views

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

This is a PoC exploit for CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, which are related to a DNS cache poisoning vulnerability in the dnsmasq service. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit uses a Python script to send...

4.3CVSS5.3AI score0.04873EPSS
Exploits2
Gitee
Gitee
added 2025/09/07 12:11 a.m.79 views

enumy

Enumy Enumy is an ultra fast portable executable that you drop on target Linux machine during a pentest or CTF in the post exploitation phase. Running enumy will enumerate the box for common security vulnerabilities. Installation You can download the final binary from the release x86 or x64 tab...

6.6AI score
Exploits0
Total number of security vulnerabilities1886