AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
SpectrepocProof of concept code for the Spectre CPU exploit.
ExphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
PubVulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Ladon大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Poodle Poc🐩 Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 🐩
Mysql Unsha1Authenticate against a MySQL server without knowing the cleartext password
Airdos💣 Remotely render any nearby iPhone or iPad unusable
CryCross platform PoC ransomware written in Go
Cod Exploits☠️ Call of Duty - Vulnerabilities and proof-of-concepts
IsfISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python.
ExploitsExploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Proof Of ConceptsA little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
MtpwnPoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)
Awesome CsirtAwesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Gopoc用cel-go重现了长亭xray的poc检测功能的轮子
Poc ExploitsSelect proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Cve 2017 0781Blueborne CVE-2017-0781 Android heap overflow vulnerability
CiscoexploitCisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Clickjacking TesterA python script designed to check if the website if vulnerable of clickjacking and create a poc
Poc BankFocus on cybersecurity | collection of PoC and Exploits
Bitp0wnAlgorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
PowerladonLadon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
ProcjackPoC of injecting code into a running Linux process
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
1earn个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
K8cscanK8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
FastjsonexploitFastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)
RouterosRouterOS Security Research Tooling and Proof of Concepts
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
CmspocCMS渗透测试框架-A CMS Exploit Framework
Am I Affected By MeltdownMeltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.