Top 137 poc open source projects

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Proofs-of-concept

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Blueborne CVE-2017-0785 Android information leak vulnerability

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

hacker, ready for more of our story ! 🚀

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

poc or exp of android vulnerability

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

CVE-2020-0796 Remote Code Execution POC

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

a plenty of poc based on python

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

PoC for triggering buffer overflow via CVE-2020-0796

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

an RCE (remote command execution) approach of CVE-2018-7750

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

🦄🔒 Awesome list of secrets in environment variables 🖥️

DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

Misc. Public Reports of Penetration Testing and Security Audits.

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

A complete Grabber, sending data to a TCP server that you have to host and stocking all in a database.

No description or website provided.

Writing Spyware Made Easy - POC spyware Chrome Extension/Server

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Exploits for YARA 3.7.1 & 3.8.1

🔮🔬Front-End testing tool which can be used to create a side by side visual comparison between your live site and local site.

Creates a Simulation of Fake Web Events

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A number of scripts POC's and problems solved as pentests move along.

集漏洞验证和任务运行的一个框架

Contact Tracing BLE sniffer PoC

Juniper Junos Space (CVE-2020-1611) (PoC)

A scavenger / conqueror wrapper for collision free multi mining of PoC coins

Hamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

CVE-2020-8597 pppd buffer overflow poc

Blueborne CVE-2017-1000251 PoC for linux machines

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.

Some personal exploits/pocs

CVE-2020-0796 Pre-Auth POC

Vagrant As Automation Script

GZip HTTP Bombing in Python for everyone

POC de uma aplicação de domínio financeiro.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Pools organized for Epitech's students in 2021.

Documentation, configuration, reference material and other information around an Asterisk-based VNF

A PoC on passing data through UNIX file privilege bits (RWX Triplets)