397 Open source projects that are alternatives of or similar to exploit-CVE-2015-3306

Very simple script(s) to hasten binary exploit creation

PoC exploit for CVE-2016-4622

Experiments on C/C++ Exploits

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

This powershell script has got to run in remote hacked windows host, even for pivoting

Reverse Shell as a Service

图形化漏洞利用集成工具

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

Simple program for detecting if host(s) are vulnerable to SMB exploit(MS17-010)

Powerful dork searcher and vulnerability scanner for windows platform

FTP proxy support for ProFTPD

My exploitDB.

Hide your payload into .jpg file

Advanced Web Browser Fingerprinting

Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".

A Ruby micro-framework for writing and running exploits

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Rage allows you to execute any file in a Microsoft Office document.

Exploit PollDaddy polls

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

CryptoLocker is open source files encrypt-er. Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.

Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.

NekoBot | Auto Exploiter With 500+ Exploit 2000+ Shell

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854

CTF中Pwn的快速利用模板（包含awd pwn）

RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer

Blazing fast, advanced Padding Oracle exploit

Blueborne CVE-2017-0781 Android heap overflow vulnerability

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A collection of electronic hacker magazines carefully curated over the years from multiple sources

A number of scripts POC's and problems solved as pentests move along.

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

Some of my CTF solutions

Extensible framework for analyzing publicly available information about vulnerabilities

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

Kubernetes security and vulnerability tools and utilities.

Focus on cybersecurity | collection of PoC and Exploits

An All-In-One Pure Python PoC for CVE-2021-44228

Windows MSI Installer LPE (CVE-2021-43883)

NSA Hacking Tool Recreation UnitedRake

IoT 固件漏洞复现环境

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.

Exploiting challenges in Linux and Windows

Plaintext Password harvesting from Azure Windows VMs

Redis 4.x/5.x RCE

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Some personal exploits/pocs

Vulnerable software and exploits used for OSCP/OSCE preparation

Simple script that utilities discord's flaw in detecting who blocked who.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Some of my public exploits

ARM rop chain gadget searcher

pwninit - automate starting binary exploit challenges

漏洞利用框架模块分享仓库