My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...

ios-resources

PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...

linux-exploit-development-tutorial

It is an offensive tool for Linux. This is a tutorial for Linux exploit development, specifically targeting stack and heap security mechanisms. The tutorial covers various topics, including format string attacks, integer overflow, and buffer overflow attacks. It also discusses how to bypass...

MS17-010

This repository is a collection of exploits and tools for the MS17-010 vulnerability, also known as the EternalBlue exploit. The vulnerability is a remote code execution RCE bug in the SMBv1 protocol, which was used by the WannaCry ransomware in 2017. The repository contains various exploits and...

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for exploiting Industrial Control Systems ICS, similar to Metasploit. The framework, known as ICSSploit, is a fork of the routersploit project and is designed for ICS exploitation. It includes various modules for...

shadowbroker

This repository, "shadowbroker," contains a collection of exploits and tools leaked by the Shadow Brokers group. The exploits target various vulnerabilities in software and systems, including Red Hat, Solaris, Samba, IIS, and Windows operating systems. The exploits are categorized into several...

vulhub

It is an offensive tool for Vulnerability Research and Exploitation. The repository contains pre-built vulnerable environments based on Docker-Compose, allowing users to easily set up and test vulnerable systems without requiring extensive knowledge of Docker. The tool is designed for vulnerabili...

aMALgamous

This repository is an offensive tool for creating custom malware payloads. It is a Python-based tool that allows users to generate various types of malware payloads, including Meterpreter, Shell, and Python payloads, as well as payloads for specific platforms such as Windows and macOS. The tool i...

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads for various purposes, but no specific exploit or vulnerability is identified. The provided code snippet is a funding model configuration for GitHub Sponsors and Ko-fi, indicating that the...

ctf-2

This repository contains the writeup for the CSAW CTF 2015, a cybersecurity competition. The writeup is written in Polish and English, with the Polish version first. The writeup covers various challenges from the competition, including web, exploit, crypto, reversing, and forensics challenges. Ea...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902...

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. This repository contains a collection of payloads, but no specific exploit or vulnerability is identified. The provided code snippet is a funding model configuration for GitHub Sponsors and Ko-fi, indicating that the repository's author is ope...

vulhub

It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and more. The vulnerability class/vector is not...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...

vuls

The repository is a collection of exploits, proof-of-concepts, and other resources for various vulnerabilities. The primary language used in the repository is Chinese, but some code snippets and comments are in English. The repository appears to be a collection of tools and scripts for exploiting...

Exploit for Improper Null Termination in Php

Ladon POC Moudle CVE-2019-11043 PHP-FPM + Ngnix 漏洞简介 PHP-FPM 远程代码执行漏洞CVE-2019-11043 在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。 在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。 Example 和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测 bash Ladon...

Exploit for Out-of-bounds Write in Php

It is an exploit module/toolkit targeting a remote code execution vulnerability. The target product/service or framework is php-fpm and Nginx. The vulnerability class/vector is remote code execution RCE. The probable entry point is not specified. Notable dependencies/tooling include Python and...

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

This is a Java class file, specifically the Main class from the com.axin package. The class has a single method, main, which takes an array of String arguments. The method is not implemented, as it is empty. The class has several annotations and attributes, including: LineNumberTable: This...

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版：2019年11月28日 V1.0初版编写完成 修改1：2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2：2019年12月03日 V1.1发布，新增ARP存活检测（回滚，测bug） 修改3：2019年12月04日 V1.2发布，修复漏洞脚本异常，修复weblogic脚本 修改4：2019年12月05日 V1.2修改，感谢sevck提供设计思路以及代码不规范问题 修改5：2019年12月05日 V1.2修改，修复IP数据处理异常 修改6：2019年12月19日...

metasploit-framework

This is an open-source project repository for the Metasploit Framework, a popular penetration testing tool. The repository contains various files and directories related to the project, including configuration files, test files, and documentation. The Metasploit Framework is a software platform f...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository is a proof-of-concept PoC exploit for CVE-2017-0474. The exploit targets a vulnerability in the Windows SMBv1 protocol, which allows an attacker to execute arbitrary code on a vulnerable system. The exploit is written in Python and uses the Metasploit framework to deliver the...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2020-1350, a remote code execution vulnerability in Windows DNS Server. Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019. The script is written in Bash and is designed to be run from a Linux host on a Windows Active Directory...

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable docker environments, allowing users to practice web application security testing without requiring prior knowledge of docker. The tool is designed to be easy to use, with a...

BurpSuite-collections

burp插件...

BurpSuite-collections

No description...

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

Pocsuite

This is an offensive tool for vulnerability exploitation. It is a Python-based framework for developing and executing proof-of-concept PoC exploits, primarily targeting web applications. The framework, known as Pocsuite, is designed to simplify the process of creating and executing exploits, maki...

PowerSploit

This is a PowerShell module repository called PowerSploit, which is a collection of tools for penetration testing and red teaming. The repository contains several modules, including AntivirusBypass and CodeExecution. The AntivirusBypass module is designed to help evade antivirus detection, and it...

ysoserial

This is a Java tool called ysoserial, which is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to execute arbitrary code on a Java application that performs unsafe deserialization of objects...

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

pwntools

This repository is an offensive tool for CTF Capture The Flag pwn challenges. It is a framework for writing scripts to solve CTF pwn challenges. The primary CVE ID is not explicitly stated in the provided context, but the repository is likely used for exploiting vulnerabilities in various softwar...

Exploit for CVE-2020-2551

sgysoserial Description clone ysoserial Modifications and enhancements fix | Exploit - Payload | 说明 | | :---------------------------------------- | -------------------------------------------------: | | ysoserial.exploit.IIOPRegistryExploit | Weblogic CVE-2020-2551 利用, 修改 wlfullclient.jar | |...

welpwn

This is an exploit module for a vulnerability in a binary, targeting a heap-based buffer overflow. The module is part of the PwnContext framework, which is a Python library for exploitation and reverse engineering. The module is designed to exploit a vulnerability in a binary that allows for a...

vulhub

It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...

vulhub

It is an offensive tool for Vulnerable Environments Based on Docker-Compose. The repository contains a collection of pre-built vulnerable docker environments, allowing users to easily create and test vulnerable environments without requiring prior knowledge of Docker. The tool is designed to be...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The repository contains several files, including a Gitignore file, a Python script, and a PNG image. The Python script is a tool for exploiting a vulnerability in Apache ActiveMQ, specifically the...

Exploit for CVE-2020-1938

It is an exploit module for CNVD-2020-10487 CVE-2020-1938, a file read vulnerability in Tomcat AJP. The vulnerability allows an attacker to read files on the server by sending a specially crafted AJP request. The exploit is implemented in Python 2.7 and uses the ajpy library to interact with the...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but it appears to be a collection of vulnerable environments based on Docker-Compose. The vulnerability class/vector is not specified, but it likely involves we...

Pocsuite

This project, Pocsuite, is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

powerSploit

This is an offensive tool for Windows. It is a PowerShell module called PowerSploit, which is a framework for penetration testing and red teaming. The module includes various tools for tasks such as antivirus bypass, code execution, and DLL injection. The primary vulnerability targeted by this to...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for vulnerability research and testing. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments, including Flask,...

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

KITT-Lite

This is a Python-based pentesting CLI tool. The tool is designed to extract WPS Wi-Fi Protected Setup pins from vulnerable routers. It uses various tools such as Piexiewps, Reaver, Bully, Aircrack Suite, and Wash in an automated way to achieve its goal. The tool is likely used for penetration...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

Sitadel

This is a web application security scanner called Sitadel, which is an update for WAScan making it compatible with Python 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, a...

pocsuite3-1

This is a PoC Proof of Concept framework for vulnerability testing and penetration testing, developed by the Knownsec 404 Team. The framework is called pocsuite3. The framework has a powerful proof-of-concept engine and many features for penetration testers and security researchers. It supports...

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

vulhub

It is an offensive tool for Docker environments. The tool is designed to create a vulnerable Docker environment for testing and training purposes. It provides a collection of pre-built vulnerable Docker environments, allowing users to execute two simple commands to create a vulnerable environment...

Phantom-Evasion

This is a Python antivirus evasion tool called Phantom-Evasion. It is free software, licensed under the GNU General Public License GPL version 3. The tool is designed to evade detection by antivirus software and is intended for educational or research purposes only. The tool consists of several...