310 Open source projects that are alternatives of or similar to Exploit Framework

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

A collection of electronic hacker magazines carefully curated over the years from multiple sources

List of real-world threats against endpoint protection software

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

#INFILTRATE20 raptor's party pack

Some of my public exploits

Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Vulners Python API wrapper

The Correlated CVE Vulnerability And Threat Intelligence Database API

A web crawler (for bug hunting) that gathers more than you can imagine.

Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

PatrowlHears - Vulnerability Intelligence Center / Exploits

PoC exploit for CVE-2016-4622

A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.

Potentially dangerous files

✨ Purpose only! The dangers of Bluetooth Low Energy（BLE）implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

Exploitation Framework for Embedded Devices

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Huorong Internet Security vulnerabilities 火绒安全软件漏洞

Vulnerability Database | huntr.dev

XVWA is intentionally designed with many security flaws and enough technical ground to upskill application security knowledge. This whole idea is to evangelize web application security issues. Do let us know your suggestions for improvement or any more vulnerability you would like to see in XVWA future releases.

Collection of resources for my preparation to take the OSEE certification.

The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

🛡️ GitHub Action for security audits

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

溯光 (TrackRay) 3 beta⚡渗透测试框架（资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap）

Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.

Wordpress Vulnerability Scanner

Reverse Shell as a Service

PoC materials for article https://habr.com/en/post/486856/

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

Safari local file reader

MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.

Test a host for susceptibility to CVE-2019-19781

使用docker快速搭建各大漏洞靶场，目前可以一键搭建17个靶场。

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

An advanced graphical search engine for Exploit-DB

Automatic SSRF fuzzer and exploitation tool

burpsuite extension for check unauthorized vulnerability

A sandbox escape based on the proof-of-concept (CVE-2018-4087) by Rani Idan (Zimperium)

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

A curated list of awesome baseband research resources

Collection of things made during my preparation to take on OSEE

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

A bootrom exploit for MediaTek devices

Find exploits in local and online databases instantly

Miscellaneous exploit code

PoC for CVE-2019-19844(https://www.djangoproject.com/weblog/2019/dec/18/security-releases/)

This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Penetration tests guide based on OWASP including test cases, resources and examples.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters