php-saml

This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

This repository is an operational information repository regarding the vulnerability in the Log4j logging library CVE-2021-44228. It contains information on Indicators of Compromise IoCs, detection rules, and scanning software related to the vulnerability. The repository is maintained by the...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...

cassandra-mesos

This is a repository for the Cassandra-Mesos framework, which is a distributed database system that allows for the deployment of Apache Cassandra on Apache Mesos. The framework is designed to provide a scalable and fault-tolerant way to run Cassandra on Mesos, and it includes features such as...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

This is a rather flaky poc for CVE-2024-38063, a RCE in tcpip.sys patched on August 13th 2024. I didn't find and report this vuln, that would be Wei. requirements pip3 install scapy usage Modify the fields in the script: - iface tcpip!Ipv6pProcessOptions - tcpip!IppSendErrorList being hit? - Brea...

PS5-IPV6-Kernel-Exploit

This is an experimental webkit-based kernel exploit for the PS5 on firmware versions = 4.51. The exploit establishes an arbitrary read / semi-arbitrary write primitive, but it cannot achieve code execution due to the hypervisor-enforced kernel write protection and Clang-based fine-grained Control...

Exploit for Out-of-bounds Write in 7-Zip

This repository is an exploit module for CVE-2022-29072, a privilege escalation vulnerability in 7-Zip through version 21.07 on Windows. The vulnerability allows an attacker to execute commands with elevated privileges when a file with the .7z extension is dragged to the HelpContents area. The...

Exploit for Path Traversal in Microsoft

Fully Weaponized CVE-2021-40444 Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution, works with arbitrary DLL files. Update 31/05/2022 - CVE-2022-30190 - Follina Now the generator is able to generate the document required to exploit also the "Follina"...

Exploit for CVE-2021-34527

A PrintNightmare CVE-2021-34527 Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, it does not actually...

Exploit for CVE-2021-1675

CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewart | John Hammond | July 1, 2021 ---------------------------------------------------------- CVE-2021-1675 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare." Proof-of-concept exploits ha...

jaeles

This is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. The framework is called Jaeles and is designed to be highly customizable. It has a modular architecture, allowing users to easily add or remove plugins to suit their needs. T...

Awesome-Bugbounty-Writeups

This is a curated list of bug bounty writeups, specifically focusing on various types of web application vulnerabilities. The repository is organized by vulnerability type, with sections for Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Clickjacking, Local File Inclusion LFI, Subdoma...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 docx file You need to...

Exploit for CVE-2021-1675

CVE-2021-1675 / CVE-2021-34527 Impacket implementation of the PrintNightmare PoC originally created by Zhiniang Peng @edwardzpeng & Xuefeng Li @lxf02942370 Tested on a fully patched 2019 Domain Controller Execute malicious DLL's remote or locally Patch update Microsoft has released a patch to...

Exploit for Use After Free in Microsoft

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability This is a proof of concept for CVE-2021-31166 "HTTP Protocol Stack Remote Code Execution Vulnerability", a use-after-free dereference in http.sys patched by Microsoft in May 2021. According to this tweet the vulnerability has...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit is written in C and uses a heap overflow technique to gain elevated privileges. The exploit is designed to be run on a system with the vulnerable sudo version installed. The usage of the...

Exploit for CVE-2017-0143

💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell CVE-2021-44228 & CVE-2021-45046 & CVE-2021-45105. It scans recursively both on disk and inside nested Java Archive files JARs. How it works log4j-finder identifies log4j2 libraries on your filesyst...

log4jScanner

This is a tool for scanning internal subnets for vulnerable log4j web services. It sends a JNDI payload to each discovered web service on common HTTP/S ports and logs the responding host IP. The tool does not send any exploits to the vulnerable hosts and is designed to be as passive as possible...

maltrail

It is an offensive tool for network traffic analysis. The primary CVE ID is not present in the provided context, but the tool is designed to detect malicious traffic. The target product/service or framework is not explicitly stated, but it is likely a network traffic analysis system. The...

kubei

Kubei is a flexible Kubernetes runtime scanner that scans worker nodes and Kubernetes nodes' images, providing accurate vulnerability assessments. It is a vulnerability scanner and CIS Docker scanner. The repository contains various files, including .dockerignore, .families.yaml,...

Exploit for CVE-2021-1675

It Was All A Dream A CVE-2021-34527 a.k.a PrintNightmare Python Scanner. Allows you to scan entire subnets for the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, i...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Mac_Os_X

Mac&IOS HackStudy Mac&IOS安全学习资料汇总 Mac&IOS安全学习网站收集： http://samdmarshall.com https://www.exploit-db.com https://reverse.put.as http://highaltitudehacks.com/security/ http://www.dllhook.com/ http://www.securitylearn.net/archives/ http://securitycompass.github.io/iPhoneLabs/index.html...

La MaraDNS

MaraDNS is a small open-source DNS server. It is an authoritative DNS server that handles recursion using the included "Deadwood" program. The MaraDNS repository contains various files, including a README, CHANGELOG, and Dockerfile, which provide information on how to compile and run MaraDNS, as...

xss

This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

Garden

This is a repository for the Garden development tool, which automates workflows for Kubernetes application development and testing. The repository contains various configuration files, including .chglog/CHANGELOG.tpl.md, .circleci/config.yml, .circleci/continue-config.yml, and others. These files...

Exploit for Use After Free in Microsoft

PoC exploit for CVE-2019-0708, a RCE vulnerability in Windows systems, including Windows 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. The vulnerability occurs during pre-authorization and allows an attacker to run arbitrary malicious code in the NT...

php-saml

This is a PHP library for implementing SAML Security Assertion Markup Language authentication and authorization. It is a toolkit for adding SAML support to PHP software. The library is compatible with PHP 5.3.2 and later versions, and it uses the xmlseclibs library for XML encryption and...

Vuls

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vulsen ---- Abstract For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. ...

ruby-dragonfly

This repository is an offensive tool for Ruby. It is a highly customizable gem for handling images and other attachments, and is already in use on thousands of websites. The tool is designed to generate image thumbnails in Rails and to manage attachments in web applications. It provides a range o...

cve

这里的洞大部分是当时测TaintScaner的时候水的，没有什么含金量，建议移步TaintScaner，学习如何利用污点分析快速的寻找这类从Source到Sink的php漏洞 https://github.com/Fushuling/TaintScaner...

data-cve-poc

data-cve-poc 这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 安装 go install github.com/XiaomingX/data-cve-poc@latest 从源码编译 git clone --depth 1 github.com/XiaomingX/data-cve-poc.git cd cvemapping; go install 使用方法 cvemapping 的使用说明： -github-token string GitHub 的访问令牌，用于身份验证 -page string 要获取的页面号，或者输入 'all' 获取所有 默认...

Exploit for OS Command Injection in Openbsd Openssh

No description provided...

Findsploit

It is an offensive tool for searching exploit databases. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool searches for exploits in local and online databases, suggesting it is a general-purpose exploit finder...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

This is a PoC exploit for CVE-2019-19781, a vulnerability in Citrix ADC NetScaler that allows for unauthenticated remote code execution. The tool, called Citrixmash, was published by TrustedSec due to other researchers releasing their code first. The exploit exploits a directory traversal bug in...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

PrivEsc

PrivEsc by 1N3@CrowdShield http://crowdshield.com ABOUT: A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. LINKS: For pre-compiled local linux exploits, check out https://www.kernel-exploits.com. DONATIONS: Donations are welcome. - x BTC...

firejail

This repository is an open-source Linux sandboxing platform called Firejail. It is a Linux namespaces and seccomp-bpf sandbox that allows users to run applications in a secure environment, isolating them from the rest of the system. The repository contains a variety of tools and scripts for...

Exploit for CVE-2023-1234

It is an offensive tool for SSH exploitation. The repository contains a proof of concept PoC exploit for CVE-2023-1234, which targets vulnerable proxycommand configurations on SSH clients. The target product/service is OpenBSD's SSH, and the vulnerability class/vector is remote command execution...

Exploit for CVE-2020-11989

使用说明 首页 所见即所得，点击对应的按钮会跳转到相应的模块 渗透测试 网站扫描 网站扫描功能缝了afrog项目地址，基本就是差不多把该扫描器的功能UI化，且内置反连无需再配置ceye或jndi已将jndi有关poc全部替换成反连地址，主动探测的漏洞或者指纹会写入到report目录下的html文件中，并没有将afrog命令的输出进行删除（所以你在go run main.go运行工具时，依然能看到命令行存在afrog的输出内容） 目标格式支持 URL 或者 IP:PORT 仅指纹扫描/指纹POC扫描/主动指纹探测 - 仅指纹扫描：只对当前网页发送两个数据包进行探测指纹 - 主动指纹探测：...

k-rail

This is a Kubernetes security tool for policy enforcement, specifically designed for workload policy enforcement. It is a deprecated project that will receive no new features or bugfixes except in the case of critical security vulnerabilities. The tool is intended to help secure a multi-tenant...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

pocsuite3 Legal Disclaimer Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only 法律免责声明 未经事先双方同意，使用 pocsuite3 攻击目标是非法的。 pocsuite3 仅用于安全测试目的 Overview pocsuite3 is an open-sourced remote vulnerability testing and...

Exploit for Out-of-bounds Write in Cypress Cyw20735_Firmware

This repository is an offensive tool for firmware emulation and fuzzing. It provides a virtual environment to fuzz wireless firmwares, allowing for the extraction of their current state and re-execution in a virtual environment for fuzzing. The tool is currently optimized for the CYW20735 Bluetoo...

BeRoot

BeRoot Project BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege. \ It has been added to the pupy project as a post exploitation module so it will be executed in memory without touching the disk. This tool does not realize any...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

internalblue

This is an offensive tool for Bluetooth experimentation and patching firmware. It is a Bluetooth experimentation framework for Broadcom and Cypress chips, which enables various features that would otherwise only be possible with a full-stack software-defined radio implementation, such as injectin...

commix

This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...

网络安全

Based on the provided context, I will analyze the repository and create a concise paragraph of 5-7 sentences. This repository appears to be a Burp Suite extension for fast JSON scanning, version 2.2.2, built for JDK 1.8. The extension is designed to scan JSON data in Burp's proxy history and...

漏洞扫描工具

This is a vulnerability scanning tool, which combines multiple network security techniques to automate vulnerability detection. The tool includes four core scanning technologies: SQL injection detection, XSS detection, path traversal detection, and sensitive information disclosure detection. It...