762 Open source projects that are alternatives of or similar to cve-2021-3449

Self contained htaccess shells and attacks

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Example of using revealed "Spectre" exploit (CVE-2017-5753 and CVE-2017-5715)

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Certificate Authority management suite

windows-kernel-exploits Windows平台提权漏洞集合

Certificate Manager in .NET Core for creating and using X509 certificates

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

A command-line tool for testing SSL/TLS handshake latency, written in Go.

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

A simple LD_PRELOAD library to disable SSL certificate verification. Inspired by libeatmydata.

MQTT client library for CODESYS, supporting all QoS

Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.

Research on Anti-malware and other related security solutions

Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI

基于 libcurl 的 IO 多路复用 HTTP 框架，适用于 iOS 平台，支持 HTTP/HTTPS/HTTP2/DNS(SNI)

Automated Mass Exploiter

A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).

Multiplatform reverse shell generator

lots of performance (or lots of porn, if you prefer) httpd: Easy, chrooted, fast and simple to use HTTP server for static content. Runs on Linux, BSD, Android and OSX/Darwin. It's free but if you like it, consider donating to the EFF: https://supporters.eff.org/donate

Hypervisor Memory Introspection Core Library

ssldump - (de-facto repository gathering patches around the cyberspace)

My first Android app: Launch Fusée Gelée payloads from stock Android (CVE-2018-6242)

Icinga is a monitoring system which checks the availability of your network resources, notifies users of outages, and generates performance data for reporting.

Cloak can backdoor any python script with some tricks.

Integration with OS certificate stores for rustls

Discovering vulnerabilities in firmware through concolic analysis and function clustering.

Easy PEM file parsing in Python.

linux-kernel-exploits Linux平台提权漏洞集合

http://testssl.sh/ in a tiny docker container

Kindle 5.6.5 exploitation tools.

TLS implementation in pure python, focused on interoperability testing

An exploit for Apache Struts CVE-2017-5638

Native Windows TLS stream wrapper for use with boost::asio

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

100% Open-Source Packet Capture Agent for HEP

Trinity Exploit - Emulator Escape

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A client for the MANAGESIEVE Protocol

漏洞利用框架模块分享仓库

Repository for the Lemur Certificate Manager

A collection of links related to Linux kernel security and exploitation

Builds scripts for openSSL 1.0.2h on Android

An interactive multi-user web JS shell

OpenSSL compatibility layer for the Rust SSL/TLS stack

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

A TLS Enabled Fake SMTP Server for Development

A bit safer approach to implement Thread Local Storage (TLS) for Go 1.7+.

Humane encryption

Bypass Paywalls Chrome Clean (GitLab proxy)

The PHP Simple Encryption library is designed to simplify the process of encrypting and decrypting data while ensuring best practices are followed. By default is uses a secure encryption algorithm and generates a cryptologically strong initialization vector so developers do not need to becomes experts in encryption to securely store sensitive data.

UNIX compatible, Discord and Telegram inspired, Pokémon-themed instant messaging service.

图形化漏洞利用集成工具

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

BadUSB Teensy downexec exploit support Windows & Linux / Windows Cmd & PowerShell addUser exploit

collection of verified Linux kernel exploits

PS4 5.01 WebKit Exploit PoC