308 Open source projects that are alternatives of or similar to ARL-NPoC

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

红队综合渗透框架

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Vagrant As Automation Script

Python Script to help/automate the WiFi hacking exercises.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

PoC; terraform + kubeadm

a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust

GZip HTTP Bombing in Python for everyone

Various proofs of concept examples using Github Actions 🤖

IOTA Proof of Concept, store MQTT messages on the tangle.

Some personal exploits/pocs

We're working with community non-profits who have a Host Home or empty bedrooms initiative to develop a workflow management tool to make the process scalable (across all providers), reduce institutional bias, and effectively capture data.

Formal verification of Elastic-Agent and more using BDD

A Python obfuscator using HTTP Requests and Hastebin.

wifi attacks suite

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Juniper Junos Space (CVE-2020-1611) (PoC)

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5…

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.

CVE-2020-8597 pppd buffer overflow poc

Documentation, configuration, reference material and other information around an Asterisk-based VNF

generates weak passwords based on current date

Automated Pentest Tools Designed For Parrot Linux

Tool to communicate with RPC services and check misconfigurations on NFS shares

PeekABoo tool can be used during internal penetration testing when a user needs to enable Remote Desktop on the targeted machine. It uses PowerShell remoting to perform this task. Note: Remote desktop is disabled by default on all Windows operating systems.

Hamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。

Focus on cybersecurity | collection of PoC and Exploits

CVE-2020-0796 Pre-Auth POC

🌒 Shell command obfuscation to avoid detection systems

This project is a proof of concept to test graphQL usage in PHP.

A tool for generating reverse shell payloads on the fly.

Go library for credentials recovery

Fileless attack with persistence

🔑 Hash type identifier (CLI & lib)

Multi source CVE/exploit parser.

A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life

PoC ActiveX SVG Document Execution

Dumain Bruteforcer - a fast and flexible domain bruteforcer

No description or website provided.

POC de uma aplicação de domínio financeiro.

Quick SQL Scanner, Dorker, Webshell injector PHP

The U.S. Army Research Laboratory (ARL) Software Release Process for Unrestricted Public Release

Rustcat(rcat) - The modern Port listener and Reverse shell

Pools organized for Epitech's students in 2021.

Credentials Checking Framework

A scavenger / conqueror wrapper for collision free multi mining of PoC coins

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

A PoC on passing data through UNIX file privilege bits (RWX Triplets)

Blueborne CVE-2017-1000251 PoC for linux machines

A Proof of Capacity proxy which supports solo and pool mining upstreams

CVE-2020-11651: Proof of Concept

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

整理一些内网常用渗透小工具

Task Hijacking in Android (somebody call it also StrandHogg vulnerability)

Bifrost C2. Open-source post-exploitation using Discord API

Contact Tracing BLE sniffer PoC