1492 Open source projects that are alternatives of or similar to CVE-2021-44228-PoC-log4j-bypass-words

HTTP fuzzer engine security oriented

Windows MSI Installer LPE (CVE-2021-43883)

We're working with community non-profits who have a Host Home or empty bedrooms initiative to develop a workflow management tool to make the process scalable (across all providers), reduce institutional bias, and effectively capture data.

Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

A multi-layered and multi-tiered Machine Learning security solution, it supports always on detection system, Django REST framework used, equipped with a web-browser extension that uses a REST API call.

Framework for exploiting local vulnerabilities

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

BugBounty_CheatSheet

BloodHound Docker Ready to Use

Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.

Script that automates the installation of the main tools used for web application penetration testing and Bug Bounty.

PoC script showing that MacOS leaves the wireless key in NVRAM, in plaintext and accessible to anyone.

Formal verification of Elastic-Agent and more using BDD

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

My python3 implementation of a Forward Shell

Unrestricted Lua Execution

AliGuard PHP WAF

大学生信息管理系统——初学路上自己摸索实践的项目

This document proposes a way of standardising the structure, language, and grammar used in security policies.

Fast and customizable vulnerability scanner For JIRA written in Python

sub domain wild card filtering tool

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

Exploit PollDaddy polls

Astra is a tool to find URLs and secrets inside a webpage/files

Hacking Tools Z0172CK

Just another useless C2 occupying space in some HDD somewhere.

Subcert is an subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Send a Telegram message when your scripts fire an exception or when they finish their execution.

a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.

Additional Resources For Securing The Stack Tutorials

Advanced Web Browser Fingerprinting

Hacking, pen-testing, and cyber-security related tools built with Python.

Domain availbility checker

Creates a Simulation of Fake Web Events

Signatures for jaeles scanner by @j3ssie

Send notifications on different channels such as Slack, Telegram, Discord etc.

The principal objectives and outputs of this project are the creation and dissemination of an extension to the VERIS schema incorporating ATT&CK mappings and associated usage documentation.

A collection of my public security advisories.

A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! 🍻

A tool that automates the process of enumeration

ThePhish: an automated phishing email analysis tool

A collaborative platform for creating, editing and sharing JSON objects.

Python Powered Repository

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

SIKE for Java is a software library that implements experimental supersingular isogeny cryptographic schemes that aim to provide protection against attackers running a large-scale quantum computer.

Pentester's Promiscuous Notebook

📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server

A Python obfuscator using HTTP Requests and Hastebin.

Provides various Windows Server Active Directory (AD) security-focused reports.

An Extended, Modulair, Host Discovery Framework

Automated Deployment of Lab Environments System (ADLES)

Kubernetes Scanner

Exploiting challenges in Linux and Windows

Behavioural driven development UI automation framework using selenium, cucumber-java, testng, maven, phantomjs

adversarial examples, adversarial malware examples, adversarial malware detection, adversarial deep ensemble, Android malware variants