699 Open source projects that are alternatives of or similar to exploits

A social experiment

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Miscellaneous exploit code

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

No description or website provided.

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

The Correlated CVE Vulnerability And Threat Intelligence Database API

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

✍️ A curated list of CVE PoCs.

for mass exploiting

PatrowlHears - Vulnerability Intelligence Center / Exploits

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

CVE-2020-0796 Remote Code Execution POC

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

鹿不在侧，鲸不予游🐋

exploit code for F5-Big-IP (CVE-2020-5902)

A collection of curated Java Deserialization Exploits

Some exploits, which I’ve created during my OSCE preparation.

RouterOS Security Research Tooling and Proof of Concepts

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Hacking tools

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

PoC materials for article https://habr.com/en/post/486856/

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Containing Self Made Perl Reproducers / PoC Codes

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Proofs-of-concept

Poc Collected for study and develop

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

漏洞研究

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Improve the quality of a denovo assembly by scaffolding and gap filling

Manifest is an investigative toolkit intended for researchers, journalists, students, and scholars interested in visualizing, analyzing, and documenting supply chains, production lines, and trade networks.

Data preprocessing scripts and preprocessed data storage for COVID-19 Scenarios project

Автоматизация поиска и исследования вакансий с сайта hh.ru (Headhunter) с помощью методов Python. Классификация данных, поиск статистических параметров.

GZip HTTP Bombing in Python for everyone

Documentation, configuration, reference material and other information around an Asterisk-based VNF

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.

A PoC on passing data through UNIX file privilege bits (RWX Triplets)

The knife of the Admin & Security auditor

Keeping track of activities around research data

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

POC de uma aplicação de domínio financeiro.

Cartridge encrypt/decrypt

CVE-2020-11651: Proof of Concept

👮 Security advisories of Nextcloud