Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (+23.41%)
Cve 2018 7600💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
Stars: ✭ 330 (-48.84%)
fastjsonScanfastjson漏洞burp插件,检测fastjson<1.2.68基于dnslog,fastjson<=1.2.24和1.2.33<=fatjson<=1.2.47的不出网检测和TomcatEcho,SpringEcho回显方案。
Stars: ✭ 472 (-26.82%)
Exploit-DevelopmentExploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (-86.98%)
K8toolsK8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+546.98%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-64.65%)
Drupalgeddon2Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
Stars: ✭ 464 (-28.06%)
Poc SPOC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞, 对功能进行强化以及脚本进行分类添加,自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
Stars: ✭ 285 (-55.81%)
swisscheeseExploits for YARA 3.7.1 & 3.8.1
Stars: ✭ 26 (-95.97%)
ExploitsA personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Stars: ✭ 75 (-88.37%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-43.26%)
Vulscanvulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
Stars: ✭ 486 (-24.65%)
SerializedNameGenAuto add or remove json annotation plugin, such as gson SerializedName, fastjson JSONField, jackson JsonProperty. It also support java and kotlin file.
Stars: ✭ 19 (-97.05%)
FastjsonA fast JSON parser/generator for Java.
Stars: ✭ 23,997 (+3620.47%)
CVE-2022-21907-http.sysProof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Stars: ✭ 67 (-89.61%)
JavacodeauditGetting started with java code auditing 代码审计入门的小项目
Stars: ✭ 289 (-55.19%)
jsonfilterA POJO property filter for Resful JSON output bases on fastjson and springboot.
Stars: ✭ 24 (-96.28%)
Cve 2019 1003000 Jenkins Rce PocJenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (-58.14%)
ARL-NPoC集漏洞验证和任务运行的一个框架
Stars: ✭ 73 (-88.68%)
QSHttpAndroid安卓http/https一句代码联网络框架net framework
Stars: ✭ 14 (-97.83%)
TentacleTentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
Stars: ✭ 258 (-60%)
Hackinghacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-35.97%)
CVE-2018-7750an RCE (remote command execution) approach of CVE-2018-7750
Stars: ✭ 18 (-97.21%)
Bylibrary白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
Stars: ✭ 488 (-24.34%)
NSE-scriptsNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (-83.72%)
Poc Exppoc or exp of android vulnerability
Stars: ✭ 362 (-43.88%)
DeepfakeHTTPDeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.
Stars: ✭ 373 (-42.17%)
Am I Affected By MeltdownMeltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
Stars: ✭ 549 (-14.88%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-96.28%)
Javadeserh2hcSample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Stars: ✭ 361 (-44.03%)
CVE-2021-33766ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (-94.26%)
PocProofs-of-concept
Stars: ✭ 467 (-27.6%)
CerberusA complete Grabber, sending data to a TCP server that you have to host and stocking all in a database.
Stars: ✭ 32 (-95.04%)
Cve 2019 07083389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Stars: ✭ 350 (-45.74%)
chrome-spywareWriting Spyware Made Easy - POC spyware Chrome Extension/Server
Stars: ✭ 25 (-96.12%)
Xray一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Stars: ✭ 6,218 (+864.03%)
PhirauteeA proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanently encrypts/deletes the organisation data.
Stars: ✭ 96 (-85.12%)
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (-90.54%)
FastjsonSmallest, fastest polymorphic JSON serializer
Stars: ✭ 446 (-30.85%)
front-end-visual-comparison-tool🔮🔬Front-End testing tool which can be used to create a side by side visual comparison between your live site and local site.
Stars: ✭ 16 (-97.52%)
Poccollecta plenty of poc based on python
Stars: ✭ 289 (-55.19%)
fake-web-eventsCreates a Simulation of Fake Web Events
Stars: ✭ 48 (-92.56%)
Android Zblibrary🔥Android MVP 快速开发框架,做国内 「示例最全面」「注释最详细」「使用最简单」「代码最严谨」的 Android 开源 UI 框架。 🔥An Android MVP Framework with many demos, detailed documents, simple usages and strict codes.
Stars: ✭ 5,000 (+675.19%)
Scripts-SploitsA number of scripts POC's and problems solved as pentests move along.
Stars: ✭ 37 (-94.26%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+498.14%)
Cve 2017 0785Blueborne CVE-2017-0785 Android information leak vulnerability
Stars: ✭ 428 (-33.64%)
CVE-2020-1611Juniper Junos Space (CVE-2020-1611) (PoC)
Stars: ✭ 25 (-96.12%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-58.6%)
RouterosRouterOS Security Research Tooling and Proof of Concepts
Stars: ✭ 603 (-6.51%)
CmspocCMS渗透测试框架-A CMS Exploit Framework
Stars: ✭ 557 (-13.64%)
YsoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+645.43%)