PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-4%)
Hackinghacker, ready for more of our story ! 🚀
Stars: ✭ 413 (+1552%)
Vulscanvulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
Stars: ✭ 486 (+1844%)
YsoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+19132%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+24772%)
AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+864%)
PubVulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Stars: ✭ 217 (+768%)
Javadeserh2hcSample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Stars: ✭ 361 (+1344%)
PoccollectPoc Collected for study and develop
Stars: ✭ 15 (-40%)
ExphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Stars: ✭ 3,056 (+12124%)
CVE-2021-33766ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (+48%)
NSE-scriptsNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (+320%)
Bitp0wnAlgorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
Stars: ✭ 59 (+136%)
PocProofs-of-concept
Stars: ✭ 467 (+1768%)
dheaterD(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+468%)
PocOrExp in Github聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
Stars: ✭ 544 (+2076%)
quick-scriptsA collection of my quick and dirty scripts for vulnerability POC and detections
Stars: ✭ 73 (+192%)
CVE-2019-8449CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (+164%)
Tenable.io-SDK-for-PythonTenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.
Stars: ✭ 83 (+232%)
1earnffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 3,715 (+14760%)
turing-machineA Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)
Stars: ✭ 70 (+180%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (+24%)
financialPOC de uma aplicação de domínio financeiro.
Stars: ✭ 62 (+148%)
CVE-2020-8597CVE-2020-8597 pppd buffer overflow poc
Stars: ✭ 48 (+92%)
Pool2021Pools organized for Epitech's students in 2021.
Stars: ✭ 19 (-24%)
TIGERPython toolbox to evaluate graph vulnerability and robustness (CIKM 2021)
Stars: ✭ 103 (+312%)
cloudrasp-log4j2一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Stars: ✭ 105 (+320%)
vnf-asteriskDocumentation, configuration, reference material and other information around an Asterisk-based VNF
Stars: ✭ 38 (+52%)
foxy-minerA scavenger / conqueror wrapper for collision free multi mining of PoC coins
Stars: ✭ 17 (-32%)
juniper rocketRocket integration for Juniper, the GraphQL server library for Rust
Stars: ✭ 20 (-20%)
DNS-FenderA Proof-of-Concept tool utilizing open DNS resolvers to produce an amplification attack against web servers. Using Shodan APIs and native Linux commands, this tool is in development to cripple web servers using spoofed DNS recursive queries.
Stars: ✭ 47 (+88%)
chmod-stegoA PoC on passing data through UNIX file privilege bits (RWX Triplets)
Stars: ✭ 23 (-8%)
Android-Task-InjectionTask Hijacking in Android (somebody call it also StrandHogg vulnerability)
Stars: ✭ 52 (+108%)
autoindexPHP - Automatically add an "index.php" in all directories recursively
Stars: ✭ 25 (+0%)
topolographTopolograph.com is an online project which can visualize OSPF/ISIS topology based on single OSPF LinkState DataBase scrapping from one network device ( thanks OSPF =). Then you can not only see (and check) the shortest path from source to destination, but also see the outcome from link or node failure along the path to the destination. The exist…
Stars: ✭ 84 (+236%)
exynos-usbdlUnsigned code loader for Exynos BootROM
Stars: ✭ 57 (+128%)
hackKubernetes security and vulnerability tools and utilities.
Stars: ✭ 56 (+124%)
prl guest to hostGuest to host VM escape exploit for Parallels Desktop
Stars: ✭ 26 (+4%)
scan-cli-pluginDocker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images
Stars: ✭ 135 (+440%)
massh-enumOpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
Stars: ✭ 136 (+444%)
SmmExploitThe report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.
Stars: ✭ 98 (+292%)
nmap-log4shellNmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)
Stars: ✭ 54 (+116%)
exploitsSome personal exploits/pocs
Stars: ✭ 52 (+108%)
DirectFire ConverterDirectFire Firewall Converter - Network Security, Next-Generation Firewall Configuration Conversion, Firewall Syntax Translation and Firewall Migration Tool - supports Cisco ASA, Fortinet FortiGate (FortiOS), Juniper SRX (JunOS), SSG / Netscreen (ScreenOS) and WatchGuard (support for further devices in development). Similar to FortiConverter, Sm…
Stars: ✭ 34 (+36%)
exploitsSome of my public exploits
Stars: ✭ 50 (+100%)
TokenBreakerJSON RSA to HMAC and None Algorithm Vulnerability POC
Stars: ✭ 51 (+104%)
iota-mqtt-pocIOTA Proof of Concept, store MQTT messages on the tangle.
Stars: ✭ 40 (+60%)
rest-apiREST API backend for Reconmap
Stars: ✭ 48 (+92%)
PoC-BankFocus on cybersecurity | collection of PoC and Exploits
Stars: ✭ 83 (+232%)
HomeUniteUsWe're working with community non-profits who have a Host Home or empty bedrooms initiative to develop a workflow management tool to make the process scalable (across all providers), reduce institutional bias, and effectively capture data.
Stars: ✭ 22 (-12%)
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (+20%)