Top 70 rce open source projects

Redis 4.x/5.x RCE

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

DDoor - cross platform backdoor using dns txt records

Weblogic coherence.jar RCE

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

🛠 Tools and scripts to manipulate Android APKs

thinkphp5 rce getshell

bluekeep exploit

exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Hacking tools

A social experiment

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Miscellaneous exploit code

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Java web common vulnerabilities and security code which is base on springboot and spring security

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Notes about attacking Jenkins servers

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Top disclosed reports from HackerOne

for mass exploiting

A framework for Backdoor development!

Redis(<=5.0.5) RCE

CVE-2020-0796 Remote Code Execution POC

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Getting started with java code auditing 代码审计入门的小项目

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

SambaCry exploit and vulnerable container (CVE-2017-7494)

Another web vulnerabilities scanner, this extension works on Chrome and Opera

CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Remote command execution vulnerability scanner for Log4j.

JAVA 漏洞靶场 (Vulnerability Environment For Java)

BugBounty Tool

No description or website provided.

Hi! Agentgo is a tool for making remote command executions from server to client with golang, protocol buffers (protobuf) and grpc.

ecshop rce getshell

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

NodeJS Red-Team Cheat Sheet

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Some exploits, which I’ve created during my OSCE preparation.

Python bind shell single line code for both Unix and Windows, used to find and exploit RCE (ImageMagick, Ghostscript, ...)

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

exploit code for F5-Big-IP (CVE-2020-5902)

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

Some personal exploits/pocs

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

An All-In-One Pure Python PoC for CVE-2021-44228

Distributed, workflow-driven integration environment