136 Open source projects that are alternatives of or similar to cansecwest2017

Blueborne CVE-2017-0781 Android heap overflow vulnerability

prove of concept using angularjs (1.x) accessing github api

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Hacking tools

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

💣 Remotely render any nearby iPhone or iPad unusable

Focus on cybersecurity | collection of PoC and Exploits

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

CVE-2020-1206 Uninitialized Kernel Memory Read POC

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

Authenticate against a MySQL server without knowing the cleartext password

Krack POC

Security-related PHP7 OPcache abuse tools and demo

A python script designed to check if the website if vulnerable of clickjacking and create a poc

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Poc Collected for study and develop

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Very simplified shop sales system made in a microservices architecture using quarkus

鹿不在侧，鲸不予游🐋

Hacking Charles Web Debugging Proxy

用cel-go重现了长亭xray的poc检测功能的轮子

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

RouterOS Security Research Tooling and Proof of Concepts

🐩 Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 🐩

PoC materials for article https://habr.com/en/post/486856/

用于漏洞排查的pocsuite3验证POC代码

A social experiment

Exploit Code for CVE-2020-1472 aka Zerologon

Python3编写的CMS漏洞检测框架

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Cross platform PoC ransomware written in Go

Miscellaneous exploit code

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

ISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python.

Exploit Discord's cache system to remote upload payloads on Discord users machines

This project is a proof of concept to test graphQL usage in PHP.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

POC for my Medium article

CVE-2020-0796 Local Privilege Escalation POC

PoC of injecting code into a running Linux process

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Proof of Concepts

Proof of concept code for the Spectre CPU exploit.

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

collection poc use pocsuite framework 收集一些 poc with pocsuite框架

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

poc-collection 是对 github 上公开的 PoC 进行收集的一个项目。

Working Python test and PoC for CVE-2018-11776, includes Docker lab

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5…

A Proof of Capacity proxy which supports solo and pool mining upstreams

✍️ A curated list of CVE PoCs.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

SpectreExploit POC