695 Open source projects that are alternatives of or similar to Cve 2017 0065

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Vulnerability Labs for security analysis

Extensible framework for analyzing publicly available information about vulnerabilities

Extraction of iMessage Data via XSS

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

漏洞研究

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

ES File Explorer Open Port Vulnerability - CVE-2019-6447

REST API backend for Reconmap

🔪Browser logic vulnerabilities ☠️

Unsigned code loader for Exynos BootROM

Guest to host VM escape exploit for Parallels Desktop

Kubernetes security and vulnerability tools and utilities.

Advanced Web Browser Fingerprinting

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

SQL Injection Payload List

log4j2 remote code execution or IP leakage exploit (with examples)

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

Log4j Vulnerability Scanner for Windows

Apache Shiro 反序列化漏洞检测与利用工具

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

The Correlated CVE Vulnerability And Threat Intelligence Database API

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Some of my public exploits

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

IoT 固件漏洞复现环境

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

一些漏洞分析

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A collection of my public security advisories.

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

My exploitDB.

汽车/安卓/固件/代码安全测试工具集

hack tools

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

Misc. Public Reports of Penetration Testing and Security Audits.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Real world and CTFs exploiting web/binary POCs.

Proofs-of-concept

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

CVE-2018-8120 Windows LPE exploit

DoS PoC's for SAP products

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Powerful dork searcher and vulnerability scanner for windows platform

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms