397 Open source projects that are alternatives of or similar to exploit-CVE-2015-3306

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

SambaCry exploit and vulnerable container (CVE-2017-7494)

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

A social experiment

DoS PoC's for SAP products

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Notes about attacking Jenkins servers

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Simple and fast discord token cracker

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

A remote administration tool for Windows, written in C#

Framework for exploiting local vulnerabilities

Self defense post module for metasploit

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

AliGuard PHP WAF

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

log4j rce test environment and poc

Distributed, workflow-driven integration environment

Focus on cybersecurity | collection of PoC and Exploits

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Penelope Shell Handler

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

FTP proxy support for ProFTPD

Exploit PollDaddy polls

RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer

An All-In-One Pure Python PoC for CVE-2021-44228

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

Metasploit framework with steroids

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Hack The Printer

Python script to decrypt passwords stored by mRemoteNG

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

CRAX: software CRash analysis for Automatic eXploit generation

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

GitLab CE/EE Preauth RCE using ExifTool

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

POC code to crash Windows Event Logger Service

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar

Proxy token to allow mitigating EOSIO Ram exploit

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Unsigned code loader for Exynos BootROM

Proof of concept of VMSA-2017-0012

Webshell Jumping Edition

gtfo, now with the speed of golang