1N3 / Exploits
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Stars: ✭ 154
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Exploits
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+596.75%)
Mutual labels: ctf, cve, exploits
Awesome Csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Stars: ✭ 132 (-14.29%)
Mutual labels: poc, cve, exploits
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+436.36%)
Mutual labels: cve, exploits
Routeros
RouterOS Security Research Tooling and Proof of Concepts
Stars: ✭ 603 (+291.56%)
Mutual labels: poc, exploits
Medusa
🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+416.88%)
Mutual labels: poc, cve
Kernelhub
🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file
Stars: ✭ 972 (+531.17%)
Mutual labels: cve, exploits
Spellbook
Micro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-65.58%)
Mutual labels: ctf, exploits
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-42.21%)
Mutual labels: cve, exploits
Hisilicon Dvr Telnet
PoC materials for article https://habr.com/en/post/486856/
Stars: ✭ 101 (-34.42%)
Mutual labels: poc, exploits
Java Deserialization Exploits
A collection of curated Java Deserialization Exploits
Stars: ✭ 521 (+238.31%)
Mutual labels: cve, exploits
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+2405.19%)
Mutual labels: poc, cve
Cve 2019 1003000 Jenkins Rce Poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+75.32%)
Mutual labels: poc, cve
CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
Stars: ✭ 41 (-73.38%)
Mutual labels: exploits, cve
Gitlab rce
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (-32.47%)
Mutual labels: ctf, cve
CVE-2021-44228-PoC-log4j-bypass-words
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+393.51%)
Mutual labels: poc, cve
@xer0dayz @XeroSecurity https://xerosecurity.com
A collection of exploits developed by- Vulnserver.exe GMON SEH Overflow Exploit
- FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass)
- CoolPlayer+ Portable 2.19.6 Stack Overflow (ASLR Bypass)
- HTTPoxy Exploit/PoC Scanner
- Ability FTP 2.34 Buffer Overflow Exploit
- Aruba AP-205 Buffer Overflow Denial of Service PoC
- Brainpan1 CTF Buffer Overflow Exploit
- CesarFTP 0.99g Buffer Overflow Exploit
- Apache 2.2.x Range Header Denial of Service Exploit
- GHOST Glibc Gethostbyname Buffer Overflow Exploit
- PHP Serialization Injection Remote Code Execution Exploit
- CrikeyConCTF Koala Gallery Exploit
- Webmin 1.920 Unauthenticated RCE Metasploit Exploit
Bug Bounty Profiles
Public Exploits
- https://packetstormsecurity.com/files/author/1N3/
- https://www.exploit-db.com/?author=7787
- https://vulners.com/search?query=1N3
Blogs
- https://xerosecurity.com/wordpress/blog/
- https://crowdshield.com/blog.php
- https://treadstonesecurity.blogspot.ca
Social Media
- https://twitter.com/xer0dayz
- https://twitter.com/xerosecurity
- https://twitter.com/crowdshield
- https://youtube.com/crowdshield
- https://youtube.com/xerosecurity
Websites
Public Exploits/PoC's/CVE's/Bug Bounties/CTF's
2018:
- Featured in Hackin9 Magazine - Open Source Hacking Tools edition (https://hakin9.org/download/open-source-hacking-tools/) 8/2018
- Jetty 6.1.6 Cross-Site Scripting (XSS) (https://seclists.org/fulldisclosure/2018/Aug/15) (Full Disclosure) 8/2018
- Listed on the DoD Defense Travel System HoF 6/2018
- Pre-qualified for the BugCrowd 2018 MVP research list (https://www.bugcrowd.com/bugcrowd-mvps-april-edition/) 4/2018
- CVE-2018-8917 Synology-SA-18:14 - Reflected XSS in DSM 6.1.5-15254 (https://www.synology.com/en-us/security/advisory/Synology_SA_18_14) 3/2018
- CVE-2018-6545 Ipswitch MoveIt v8.1 Stored Cross-Site Scripting (XSS) (https://www.exploit-db.com/exploits/43947) 2/2018
- Multiple Cross-Site Scripting (XSS) vulnerabilities in Illustra IP Cameras ($600 bounty) 2/2018
- Directory Traversal vulnerability in Illustra IP Cameras ($800 bounty) 2/2018
- Remote Command Execution vulnerability in Illustra IP Cameras ($900 bounty) 2/2018
- Listed on the BugCrowd 2017 MVP researcher list (https://www.bugcrowd.com/today-we-recognize-our-2017-mvp-researchers/) 1/2018
2017:
- Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
- Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
- Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
- Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
- Systemic Local File Inclusion in DEMO HomeKit Android Application ($3,000 bounty) 9/2017
- Placed 7th in ToorConCTF CTF 8/2017
- Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
- Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
- Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
- Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
- PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
- Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
- Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
- Listed on the BugCrowd 2016 MVP list 1/2017
2016:
- Placed 3rd on BugCrowd's Operation Code CTF 9/2016
- 1st place @DEFCON CMD+CTRL CTF 8/2016
- HTTPoxy Exploit Scanner Exploit/PoC 7/2016
- CVE-2016-1034 Zabbix SQL Injection 0day (www.cvedetails.com/cve/CVE-2016-10134/) 7/2016
- CVE-2016-4401 Unauthenticated Database Credential Leak in Aruba ClearPass ($1,500 bounty) (https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt) 6/2016
- Tied for 2nd place in BugCrowd Operation Code CTF 6/2016
- Made the top 10 researcher list on BugCrowd 6/2016
- Placed 2nd at CactusCon 2016 RootTheBox CTF 5/2016
- Ranked 19th on BugCrowd's Worldwide Leaderboard Bug Bounty 5/2016
- Charts 4 PHP 1.2.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135666/Charts-4-PHP-1.2.3-Cross-Site-Scripting.html) 2/2016
- Open Web Analytics 1.5.7 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135948/Open-Web-Analytics-1.5.7-Cross-Site-Scripting.html) 2/2016
- WordPress All In One SEO Pack 2.2.2 Cross Site Scripting (Full Disclosure) 2/2016
- PSV-2016-0127: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053136/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0127) 1/2016
- PSV-2016-0124: Cleartext Submission of Password In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000055105/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0124) 1/2016
- PSV-2016-0116: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0136: Unrestricted Arbitrary File Upload In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136) 1/2016
- PSV-2016-0114: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053135/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0114) 1/2016
- PSV-2016-0113: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0131: Server Side Request Forgery in NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131) 1/2016
2015:
- Made the top 10 researcher list on BugCrowd 11/2015
- Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
- Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
- Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
- Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
- Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
- HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
- Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
- WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
- Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
- CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
- Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
- Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015
2014:
- Lyris ListManagerWeb 8.95a Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html) 7/2014
- MyConnection Server (MCS) 9.7i Cross Site Scripting (Full Disclosure) (https://0day.today/exploit/description/22526) 7/2014
- AlogoSec FireFlow 6.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127001/AlogoSec-FireFlow-6.3-Cross-Site-Scripting.html) 7/2014
- Recieved Offensive Security Certified Professional (OSCP) certification 2/2014
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].