359 Open source projects that are alternatives of or similar to CVE-2020-1611

Misc. Public Reports of Penetration Testing and Security Audits.

hacker, ready for more of our story ! 🚀

CVE-2020-11651: Proof of Concept

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Poc Collected for study and develop

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Proofs-of-concept

Security-related PHP7 OPcache abuse tools and demo

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

A collection of my quick and dirty scripts for vulnerability POC and detections

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

My solutions to the 2020 NSA Codebreaker Challenge

A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

POC de uma aplicação de domínio financeiro.

CVE-2020-8597 pppd buffer overflow poc

Pools organized for Epitech's students in 2021.

Python toolbox to evaluate graph vulnerability and robustness (CIKM 2021)

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

Blueborne CVE-2017-1000251 PoC for linux machines

Documentation, configuration, reference material and other information around an Asterisk-based VNF

A scavenger / conqueror wrapper for collision free multi mining of PoC coins

Rocket integration for Juniper, the GraphQL server library for Rust

Current home of rubysec.com

#INFILTRATE20 raptor's party pack

A Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.

A PoC on passing data through UNIX file privilege bits (RWX Triplets)

Task Hijacking in Android (somebody call it also StrandHogg vulnerability)

PHP - Automatically add an "index.php" in all directories recursively

Topolograph.com is an online project which can visualize OSPF/ISIS topology based on single OSPF LinkState DataBase scrapping from one network device ( thanks OSPF =). Then you can not only see (and check) the shortest path from source to destination, but also see the outcome from link or node failure along the path to the destination. The exist…

Unsigned code loader for Exynos BootROM

Kubernetes security and vulnerability tools and utilities.

Guest to host VM escape exploit for Parallels Desktop

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

Some personal exploits/pocs

DirectFire Firewall Converter - Network Security, Next-Generation Firewall Configuration Conversion, Firewall Syntax Translation and Firewall Migration Tool - supports Cisco ASA, Fortinet FortiGate (FortiOS), Juniper SRX (JunOS), SSG / Netscreen (ScreenOS) and WatchGuard (support for further devices in development). Similar to FortiConverter, Sm…

Some of my public exploits

JSON RSA to HMAC and None Algorithm Vulnerability POC

一些漏洞分析

IOTA Proof of Concept, store MQTT messages on the tangle.

REST API backend for Reconmap

CVE-2021-43798:Grafana 任意文件读取漏洞

Focus on cybersecurity | collection of PoC and Exploits

We're working with community non-profits who have a Host Home or empty bedrooms initiative to develop a workflow management tool to make the process scalable (across all providers), reduce institutional bias, and effectively capture data.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit