jexboss

This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.7 and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...

drupwn

This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...

Gopherus

This tool is called Gopherus and it generates gopher links for exploiting Server-Side Request Forgery SSRF and gaining Remote Code Execution RCE in various servers. The tool can be used to exploit vulnerabilities in MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP servers. The tool...

Exploit for Out-of-bounds Write in Debian Debian_Linux

awesome-browser-exploit Share some useful archives about browser exploitation. I'm just starting to collect what I can found, and I'm only a starter in this area as well. Contributions are welcome. Chrome v8 Basic v8 github mirrordocs withingithub on-stack replacement in v8article // multiple...

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

easy-linux-pwn

This is a set of Linux binary exploitation tasks for beginners on various architectures. The tasks are designed to be solved using a suggested approach, even if there are other easier ways. The tasks assume a dynamically linked libc with a known binary and require the use of ROP Return-Oriented...

tpwn

tpwn cve-2015-???? poc os x 10.10.5 kernel local privilege escalation vulnerability got burned in 10.11 full writeup etason shout out @ unthreadedjb 4 hax Install NULLGuard to protect yourself against tpwn and other NULL Pointer Deference bugs...

linux-smart-enumeration

First, a couple of useful oneliners ; console wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh console curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700...

Exploit for OS Command Injection in Docker

This repository is an offensive tool for container exploitation. The primary capability of this tool is to perform a container breakout via exposed Docker daemons docker.sock, CVE-2019-5736, and privileged container breakout via enabled CAPS and SYSCALLS. It also extracts data from Linux Kernel...

Vulmap

This is an online local vulnerability scanner project called Vulmap. It is an open-source tool that can be used for defensive and offensive purposes. The tool scans the localhost to gather installed software information and checks for vulnerabilities using the Vulmon API. If vulnerabilities exist...

uptux

uptux Specialized privilege escalation checks for Linux systems. Implemented so far: - Writable systemd paths, services, timers, and socket units - Disassembles systemd unit files looking for: - References to executables that are writable - References to broken symlinks pointing to writeable...

java-sec-code

This is an offensive tool for Java web applications. It is a collection of Java web common vulnerabilities and security code, based on Spring Boot and Spring Security. The repository contains various types of vulnerabilities, including actuators to RCE, command inject, CORS, CRLF injection, CSRF,...

sudo_inject

Linux Privilege Escalation by injecting process possessing sudo tokens Inject process that have valid sudo token and activate our own sudo token Introduction We all noticed that sometimes sudo doesn't ask us for a password because he remembers us. How does he remember us and how does he identifie...

GyoiThon

This is an offensive tool for penetration testing using machine learning. It is called GyoiThon. The tool is designed to perform penetration testing using machine learning algorithms and can be used to identify vulnerabilities in web applications and services. The tool uses a variety of technique...

pentest-wiki

This repository is an online security knowledge library for pentesters/researchers, providing information on various topics related to information gathering. The repository contains documentation on how to gather whois and DNS information, as well as Linux system architecture, processes, and user...

WinPwn

This is an offensive tool for Windows. It is a PowerShell script repository, WinPwn, that automates various internal penetration test processes, including reconnaissance and exploitation. The script is designed to be used on a Windows system with no internet access, and it includes a menu-driven...

odat

This is an offensive tool for Oracle Database. The tool is called ODAT Oracle Database Attacking Tool and is designed to exploit various vulnerabilities in Oracle databases. The tool is written in Python and uses various libraries such as scapy, cxOracle, and progressbar. The tool has several...

exifcleaner

Cross-platform desktop GUI app to clean image metadata...

TIDoS-Framework

The TIDoS Framework is a comprehensive web application penetration testing framework written in Python. It has five main phases: Reconnaissance, Scanning & Enumeration, Vulnerability Analysis, Exploits Castle, and Auxiliaries. The framework is designed to automate various tasks, including...

Exploit for Deserialization of Untrusted Data in Google Android

CVE-2024-31317 Can I even use this? This was patched in https://source.android.com/docs/security/bulletin/2024-06-01 If your device runs a patch under 2024-06-01 you can use this. The "Google Play system update" date is irrevelant and you can and should update your google play. How to use the...

Exploit for Deserialization of Untrusted Data in Google Android

Exploration of CVE-2024-31317 CVE-2024-31317 provides unpriviledged access to any uid and SELinux scope available to proper Android apps. This provides access to uid 1000 system and uid 2000 shell, and can be triggered entirely from an unpriviledged app, allowing for persistence of any...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that has been modified to contain a malicious payload. The file is likely a malware dropper or a backdoor that allows remote access to the compromised system. The code is written in C and uses various techniques to eva...

pwn（好友）

No description provided...

Exploit for Cleartext Transmission of Sensitive Information in Paloaltonetworks Cortex_Xdr_Agent

Nuclei2Snort 📖 项目介绍 Nuclei2Snort 是一个高效的自动化工具，用于将 Nuclei POC（Proof of Concept）模板批量转换为 Snort IDS/IPS 规则。该工具帮助安全研究人员和运维团队快速将 Nuclei 的漏洞检测模板转换为可部署的网络入侵检测规则。 ✨ 主要特性 - 🚀 批量转换: 支持单文件和目录批量转换 - 🌐 智能翻译: 集成腾讯云翻译API，自动将英文漏洞描述翻译为中文 - 🔧 自动分类: 智能识别漏洞类型并映射到相应的Snort分类 - ⚡ 并发处理: 支持多线程并发转换，提高处理效率 - 🛡️ 安全配置:...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Pot A honeypot for the Log4Shell vulnerability CVE-2021-44228. License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Detect exploitation in request line and headers. Download exploit payloads recursively. Log to file and Azure blob storage. Usage 1. Install Poetry: cur...

Exploit for Use After Free in Google Android

This is a PoC Proof of Concept application demonstrating the power of an Android kernel arbitrary R/W, targeting CVE-2019-2215. The application is designed to exploit this vulnerability, which allows for arbitrary read and write access to the kernel. The exploit is implemented in the native/poc.c...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...

Exploit for Improper Authentication in Microsoft

Exploit and detect tools for CVE-2020-0688Microsoft Exchange default MachineKeySection deserialize vulnerability build csc ExchangeCmd.cs csc ExchangeDetect.cs usage ExchangeDetect ExchangeCmd sub commands: exec args exec command arch get remote process architecturefor shellcode shellcode run...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Remote Code Execution POC c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes Remote Code Execution POC for CVE-2020-0796 / "SMBGhost" Expected outcome: Reverse shell with system access. Intended only for educational and testing in corporate environments. ZecOps...

50M_CTF_Writeup

It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...

Exploit for CVE-2016-2434

About This is where I will post analysis of Public Exploits, or some of my 1day exploits. Public exploit analysis - Personally I think the best way to learn a public exploit is by understanding it line-by-line until I can understand the exploit to the fullest. I will post some of these...

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

Shr3dKit

This is a Red Team Tool Kit repository, specifically designed for penetration testing and red teaming activities. The tool kit is influenced by infosecn1nja's kit and includes a wide range of tools for reconnaissance, weaponization, and delivery. The repository contains a total size of 2.5+Gb and...

SharPyShell

SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C web applications that runs on .NET Framework = 2.0VB is not supported atm. Usage python3 SharPyShell.py genera...

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

Pentest-and-Development-Tips

Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本，但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用，可通过nc简单判断 eg. 对于8001端口，nc连接上去，随便输入一个字符串，得到了以下结果： $ nc -vv localhost 8001...

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码：a6ob 漏洞利用 下载jar包，然后使用marshalsec起一个恶意的RMI服务，本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

jenkins-rce

No description provided...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...

kconfig-safety-check

This is a tool for checking the security hardening options of the Linux kernel. It is a Python script that can be used to analyze the configuration of a Linux kernel and identify potential security vulnerabilities. The tool is designed to support various architectures, including X8664, X8632,...

graphql-playground

This is a repository for the GraphQL Playground, a development environment for building and testing GraphQL APIs. The repository contains several packages, including GraphQL Playground HTML, GraphQL Playground Express Middleware, GraphQL Playground Koa Middleware, and GraphQL Playground Hapi...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

CVE-2019-19781 Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash CVE-2019-19781.sh XX.XX.XX.XX 'cat /etc/passwd' Reference :...

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版：2019年11月28日 V1.0初版编写完成 修改1：2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2：2019年12月03日 V1.1发布，新增ARP存活检测（回滚，测bug） 修改3：2019年12月04日 V1.2发布，修复漏洞脚本异常，修复weblogic脚本 修改4：2019年12月05日 V1.2修改，感谢sevck提供设计思路以及代码不规范问题 修改5：2019年12月05日 V1.2修改，修复IP数据处理异常 修改6：2019年12月19日...

Exploit for CVE-2018-2636

This is a low-interaction honeypot designed to detect the CVE-2018-2636 directory traversal vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications MICROS. The honeypot simulates a MICROS server and allows attackers to use the vulnerability to "steal files" a...

Exploit for CVE-2019-1322

COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo https://vimeo.com/373051209 Usage Compile or Download from Release https://github.com/apt69/COMahawk/releases 1. Run COMahawk.exe 2. ??? 3. Hopefully profit or 1. COMahawk.exe "custom command to run" ie...

PoC

PoC PoC of CVE/Exploit...

easysploit

This is an exploit module/toolkit targeting various platforms, including Windows, Android, Linux, MacOS, and Web applications. The primary vulnerability targeted is ms17010, specifically EternalBlue, which is a remote code execution vulnerability in Windows systems. The toolkit also includes...

Exploit-Writeups

This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...

Exploit for Use After Free in Google Chrome

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe. host iframe.html on one site an...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

PoC misc PoC - Internet of InSecurity Things Well worth to read about these crappy insecurity things: https://ipvm.com/reports/security-exploits Hikvision CVE-2021-36260 --- 2021-10-19 All credit to WatchfulIP https://watchfulip.github.io/ https://github.com/mcw0/PoC/blob/master/CVE-2021-36260.py...