1458 Open source projects that are alternatives of or similar to awesome-list-of-secrets-in-environment-variables

Responsive Command and Control System

🔐 Docker Container for Penetration Testing & Security

Python library and CLI for the Bug Bounty Recon API

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability

Focus on cybersecurity | collection of PoC and Exploits

Information Security Library

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

The Robot Security Framework (RSF), Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics.

This is my OSCP cheat sheet made by combining a lot of different resources online with a little bit of tweaking. I used this cheat sheet during my exam (Fri, 13 Sep 2019) and during the labs. I can proudly say it helped me pass so I hope it can help you as well ! Good Luck and Try Harder

A backdoor with a multitude of features.

A tool that scans archives to check for vulnerable log4j versions

easy-to-use payload hosting

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Extract API keys from file or url using by magic of python and regex.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Focus on cybersecurity | collection of PoC and Exploits

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

A social experiment

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Reverse Shell as a Service

my oscp prep collection

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

Exploit Code for CVE-2020-1472 aka Zerologon

💣 Remotely render any nearby iPhone or iPad unusable

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

A collection of some of my scripts

Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint.

A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

网络安全 · 攻防对抗 · 蓝队清单，中文版

Stamp your code with a trackable digital copyright

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

log4j rce test environment and poc

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A number of scripts POC's and problems solved as pentests move along.

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

《HackLog4j-永恒之恶龙》致敬全宇宙最无敌的Java日志库！Tribute to the most invincible Java logging library in the universe!

Do some quick reconnaissance on a domain-based web-application

Framework for rapid development and reusable of security tools

An All-In-One Pure Python PoC for CVE-2021-44228

Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Tips and Tutorials for Bug Bounty and also Penetration Tests.

Attack Surface Management Platform | Sn1perSecurity LLC

Working Python test and PoC for CVE-2018-11776, includes Docker lab