137 Open source projects that are alternatives of or similar to Charles Hacking

No description or website provided.

Creates a Simulation of Fake Web Events

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Contact Tracing BLE sniffer PoC

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Some personal exploits/pocs

poc or exp of android vulnerability

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Exploits for YARA 3.7.1 & 3.8.1

CMS渗透测试框架-A CMS Exploit Framework

A number of scripts POC's and problems solved as pentests move along.

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

A scavenger / conqueror wrapper for collision free multi mining of PoC coins

Blueborne CVE-2017-0785 Android information leak vulnerability

Blueborne CVE-2017-1000251 PoC for linux machines

PoC for triggering buffer overflow via CVE-2020-0796

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

CVE-2020-0796 Pre-Auth POC

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

🦄🔒 Awesome list of secrets in environment variables 🖥️

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Misc. Public Reports of Penetration Testing and Security Audits.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

A complete Grabber, sending data to a TCP server that you have to host and stocking all in a database.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Writing Spyware Made Easy - POC spyware Chrome Extension/Server

CVE-2020-0796 Remote Code Execution POC

A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.

Proofs-of-concept

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

🔮🔬Front-End testing tool which can be used to create a side by side visual comparison between your live site and local site.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

a plenty of poc based on python

集漏洞验证和任务运行的一个框架

Juniper Junos Space (CVE-2020-1611) (PoC)

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Hamster是基于mitmproxy开发的异步被动扫描框架，基于http代理进行被动扫描，主要功能为重写数据包、签名、漏洞扫描、敏感参数收集等功能（开发中）。

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

CVE-2020-8597 pppd buffer overflow poc

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

RouterOS Security Research Tooling and Proof of Concepts

红队综合渗透框架

hacker, ready for more of our story ! 🚀

an RCE (remote command execution) approach of CVE-2018-7750