74 Open source projects that are alternatives of or similar to ecshop-getshell

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Hacking tools

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

bluekeep exploit

log4j rce test environment and poc

Miscellaneous exploit code

Some personal exploits/pocs

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

Top disclosed reports from HackerOne

CVE-2020-0796 Remote Code Execution POC

🛠 Tools and scripts to manipulate Android APKs

RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

Java web common vulnerabilities and security code which is base on springboot and spring security

Python bind shell single line code for both Unix and Windows, used to find and exploit RCE (ImageMagick, Ghostscript, ...)

Notes about attacking Jenkins servers

Redis 4.x/5.x RCE

A framework for Backdoor development!

An All-In-One Pure Python PoC for CVE-2021-44228

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Getting started with java code auditing 代码审计入门的小项目

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

thinkphp5 rce getshell

ECShop 微信小程序商城非官方版，基于3.6版本 appserver 接口。

exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python

Some exploits, which I’ve created during my OSCE preparation.

A social experiment

Penelope Shell Handler

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

DoS PoC's for SAP products

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

NodeJS Red-Team Cheat Sheet

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

CVE-2020-36179~82 Jackson-databind SSRF&RCE

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

for mass exploiting

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

Redis(<=5.0.5) RCE

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Distributed, workflow-driven integration environment

DDoor - cross platform backdoor using dns txt records

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

exploit code for F5-Big-IP (CVE-2020-5902)

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce

Weblogic coherence.jar RCE