metasploit-framework

This is an offensive tool for Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for discovering, exploiting, and analyzing vulnerabilities in computer systems. It is widely used by security researchers and penetration teste...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

This repository contains a collection of Perl scripts, each targeting a specific vulnerability. The vulnerabilities include: 1. CVE-2016-10033: A remote code execution vulnerability in PHPMailer before 5.2.18. 2. CVE-2016-6195: A SQL injection vulnerability in vBulletin before 4.2.2 Patch Level 5...

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.2 BUG 目前masscan存在bug，正在解决中 简介...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry points are not specified, but the environments are likely to be...

Exploit for Use After Free in Microsoft

This is a PoC Proof of Concept exploit for CVE-2019-0708, a vulnerability in Microsoft Windows Remote Desktop Services. The repository contains a scanner that can detect if a host is vulnerable to this vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS...

Vxscan

This is a Python script for a comprehensive vulnerability scanner, Vxscan. The script is designed to perform various types of scans, including: 1. Directory scanning and JavaScript leak detection 2. WAF/CDN identification 3. Port scanning 4. Fingerprinting and service identification 5. Operating...

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号，被爆出高危漏洞，该漏洞影响范围较广，windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击，该服务器漏洞利用方式是通过远程桌面端口3389，RDP协议进行攻击的...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are the docker-compose files, which define the...

POC-T

This is a Python-based penetration testing framework called POC-T. It is a concurrent framework that allows users to perform various types of attacks, including vulnerability verification, file upload, weak password cracking, and more. The framework has a modular design, with each module...

shadowbroker

This repository, ximakou9/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, as well as a file listing of the contents of the repository...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2017-11882 43b 原脚本来自于 https://github.com/embedi/CVE-2017-11882 109b 原脚本来自于 https://github.com/unamer/CVE-2017-11882/ （膜一波，现在unamer的代码已经可以执行shellcode了） CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: https://vulners.com/cve/CVE-2017-118...

Exploit for Improper Input Validation in Apple Mac_Os_X

This repository contains a collection of proof-of-concept PoC exploits for various vulnerabilities in different applications. The exploits are written in Python and target vulnerabilities in Apache ActiveMQ, Apache Solr, Apache James Server, MySQL, and other applications. The exploits are designe...

vulhub

It is an offensive tool for web application security training. The tool is a collection of pre-built vulnerable docker environments, Vulhub, which can be used to test and train web application security skills. The tool is designed to be easy to use, with a simple installation process and a...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tintin Tintin\+\+

PoC exploit for CVE-2008-0671. The target product/service is Windows SMB Server Message Block service. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the NetAPI function in the Windows SMB service. Notable dependencies/tooling include Impacket and PyCrypt...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to demonstrate various types of vulnerabilities. The probable entry points are not explicitly stated, but the environments are...

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

shadowbroker

This repository, "Cross6/shadowbroker", contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules and tools...

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to gain code execution if the configuration is vulnerable. The exploit works by setting the PATHINFO variable to an empty value,...

fuzzdb-collect

Based on the provided code and context, it appears to be a Python script designed to perform a brute-force attack on file extensions. The script is part of...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for Docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including CVE-2016-9086 and CVE-2017-1000353. The target product/service or framework is Docker, and the...

vulhub

It is an offensive tool for vulnerable environments. This repository, vulhub, is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a single exploit or tool, but rather a collection of vulnerable environments that can be used for testing and training purposes. The target product/service or framework is not explicitly stated, but the...

POC-T

This is a Python-based penetration testing framework called POC-T. It is designed to facilitate concurrent testing and provides a variety of features for vulnerability scanning and exploitation. The framework includes a range of built-in scripts for testing various vulnerabilities, including SQL...

PSKernel-Primitives

This repository, zdiskless/PSKernel-Primitives, is a collection of PowerShell primitives for exploitation. The code includes various functions for generating shellcode, allocating memory, and interacting with the Windows kernel. The functions in this repository are designed to be used in...

Exploit for Improper Input Validation in Microsoft

cve-2019-0604 SharePoint RCE exploit...

Exploit for CVE-2013-0422

K8tools 20191024 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 K8Cscan5.4 大型内网渗透扫描器内置28个功能,支持Cobalt Strike + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 +...

Exploit for CVE-2013-0422

K8tools 20191024 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 K8Cscan5.4 大型内网渗透扫描器内置28个功能,支持Cobalt Strike + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 +...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Awesome Web Security 🐶 Curated list of Web Security materials and resources. Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities. Why would this happen so often? There can be many factors involved including misconfiguration, shortage of...

Exploit for Use After Free in Microsoft

It is an exploit module for CVE-2019-0708. The target product/service or framework is Windows 10. The vulnerability class/vector is RCE Remote Code Execution via Windows Remote Desktop Service. Notable dependencies/tooling include the Windows Remote Desktop Service. The execution context is a...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...

razzer

It is an offensive tool for Linux kernel exploitation. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to exploit kernel vulnerabilities, particularly those related to race conditions. The tool, named Razzer, is a kernel fuzzer that uses a modified...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The target product/service or framework is docker and docker-compose. The vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various attacks. The probable entry...

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

Exploit for OS Command Injection in Dlink Dir-655_Firmware

This is a PoC exploit for CVE-2019-16920, a vulnerability in D-Link routers. The exploit is implemented in two Python scripts: CVE-2019-16920.py and CVE-2019-16920-MassPwn3r.py. The scripts send arbitrary input to a "PingTest" device common gateway interface, which can lead to command injection a...

Exploit for OS Command Injection in Webmin

It is an exploit module for CVE-2019-15107, a vulnerability in Webmin. The target product/service is Webmin, a web-based interface for system administration. The vulnerability class/vector is a remote command execution RCE vulnerability. The probable entry point is the "passwordchange.cgi" script...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The...

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明：目前来看，本项目会进行长期维护，有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz＜3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is used to exploit a vulnerability in the Windows SMB service, specifically the MS08-067 NetAPI vulnerability. The module is designed to run on the Metasploit Framework and can be used to test the...

vulhub

It is an offensive tool for Vulnerability Research and Training. The repository, vulhub, contains pre-built vulnerable environments based on Docker-Compose. The primary vulnerability is not explicitly stated, but the repository includes various vulnerable environments, such as Flask SSTI, Apache...

Exploit for CVE-2013-0422

K8tools 20190727 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for ActiveMQ. It is a proof-of-concept PoC exploit for CVE-2016-3088. The tool is designed to upload a shell to the ActiveMQ server and execute it, allowing for remote code execution. The tool is written in Python and uses the urlparse and urlunparse modules t...

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool. It is primarily used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, and SQL injection. T...

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framewor...

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of exploits and tools for various vulnerabilities, including CVE-2014-0160 Heartbleed, CVE-2014-6271 Shellshock, CVE-2017-5638 Apache Struts 2, and others. The repository includes Python scripts for exploiting these vulnerabilities, as well as documentation a...

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 Weblogic GetShell.py is a Python script that exploits the Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 deserialization remote command execution vulnerability. The script generates a payload using the ysoserial tool and sends it to the target server using a socket...

maltrail

This is a defensive blue-team research and threat mitigation analysis of the Maltrail repository. The repository is a malicious traffic detection system that can be used to identify and block malicious traffic. The analysis reveals that the Maltrail system uses a combination of IP address and...

exploit-database

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is a...