1458 Open source projects that are alternatives of or similar to awesome-list-of-secrets-in-environment-variables

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Misc. Public Reports of Penetration Testing and Security Audits.

Monitoring GitHub for sensitive data shared publicly

This repo will contain some basic pentest/RT commands.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

Yet Another PHP Shell - The most complete PHP reverse shell

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Dorothy is a tool to test security monitoring and detection for Okta environments

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

The Collective. A repo for a collection of red-team projects found mostly on Github.

Linux Rootkits (4.x Kernel)

The all-in-one Red Team extension for Web Pentester 🛠

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Proof of concept code for the Spectre CPU exploit.

A collection of some of my scripts

A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files

A tool for generating reverse shell payloads on the fly.

Focus on cybersecurity | collection of PoC and Exploits

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Exploit Code for CVE-2020-1472 aka Zerologon

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

An All-In-One Pure Python PoC for CVE-2021-44228

Information Security Library

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability

💣 Remotely render any nearby iPhone or iPad unusable

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

log4j rce test environment and poc

网络安全 · 攻防对抗 · 蓝队清单，中文版

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

A number of scripts POC's and problems solved as pentests move along.

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!

Stamp your code with a trackable digital copyright

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Framework for rapid development and reusable of security tools

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

SecurityExplained is a new series after the previous learning challenge series #Learn365. The aim of #SecurityExplained series is to create informational content in multiple formats and share with the community to enable knowledge creation and learning.

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.