1492 Open source projects that are alternatives of or similar to CVE-2021-44228-PoC-log4j-bypass-words

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Cloak can backdoor any python script with some tricks.

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest

Notes about attacking Jenkins servers

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Remote exploitation framework written in Python

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Blueborne CVE-2017-0781 Android heap overflow vulnerability

Asynchronous Python implementation of SlowLoris DoS attack

cve-2019-0604 SharePoint RCE exploit

💣 Remotely render any nearby iPhone or iPad unusable

Mouse Framework is an iOS and macOS post-exploitation framework that gives you a command line session with extra functionality between you and a target machine using only a simple Mouse payload. Mouse gives you the power and convenience of uploading and downloading files, tab completion, taking pictures, location tracking, shell command execution, escalating privileges, password retrieval, and much more.

Working Python test and PoC for CVE-2018-11776, includes Docker lab

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

Exploit Code for CVE-2020-1472 aka Zerologon

pentest framework

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Metasploit Cheat Sheet 💣

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

A number of scripts POC's and problems solved as pentests move along.

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

Extraction of iMessage Data via XSS

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Hourly updated database of exploit and exploitation reports

A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.

A collection of some of my scripts

Bifrost C2. Open-source post-exploitation using Discord API

A Proof-Of-Concept for the CVE-2021-44228 vulnerability.

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability

Pentest: Subdomains enumeration tool for penetration testers.

Proof of concept code for the Spectre CPU exploit.

Purelove is a lightweight penetration testing framework, in order to better security testers testing holes with use.

Monitoring GitHub for sensitive data shared publicly

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Multi source CVE/exploit parser.

Argus Advanced Remote & Local Keylogger For macOS and Windows

🦁 Juumla is a python tool created to identify Joomla version, scan for vulnerabilities and search for config or backup files.

汽车/安卓/固件/代码安全测试工具集

Related subdomains finder

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Focus on cybersecurity | collection of PoC and Exploits

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Turn your VPS into an attack box

log4j rce test environment and poc

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

An All-In-One Pure Python PoC for CVE-2021-44228