864 Open source projects that are alternatives of or similar to Exploits

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Some personal exploits/pocs

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

A social experiment

Hacking tools

Some exploits, which I’ve created during my OSCE preparation.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

PoC materials for article https://habr.com/en/post/486856/

Security and Hacking Tools, Exploits, Proof of Concepts, Shellcodes, Scripts.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

exploit code for F5-Big-IP (CVE-2020-5902)

This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Decrypted content of eqgrp-auction-file.tar.xz

for mass exploiting

An Python Script For Generating Payloads that Bypasses All Antivirus so far .

Authenticate against a MySQL server without knowing the cleartext password

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

CVE-2020-0796 Remote Code Execution POC

A collection of android Exploits and Hacks

Advisories, proof of concept files and exploits that have been made public by @pedrib.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

No description or website provided.

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Micro-framework for rapid development of reusable security tools

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

RouterOS Security Research Tooling and Proof of Concepts

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.

hacker, ready for more of our story ! 🚀

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Notes about attacking Jenkins servers

Asynchronous Python implementation of SlowLoris DoS attack

Core to automatize whatsapp - working 11/2018

pentest framework

Exploit Discord's cache system to remote upload payloads on Discord users machines

XSHOCK Shellshock Exploit

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

prove of concept using angularjs (1.x) accessing github api

Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

Elder driver Xposed Framework. W / Snapchat Bypass

Docker security analysis & hacking tools

✔️ CTF problems and solutions solved by Qwaz

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

BruteForce Tool For both Instagram and Facebook

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file