187 Open source projects that are alternatives of or similar to Java Deserialization Exploits

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

The Correlated CVE Vulnerability And Threat Intelligence Database API

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

PatrowlHears - Vulnerability Intelligence Center / Exploits

Containing Self Made Perl Reproducers / PoC Codes

Some personal exploits/pocs

Botnet targeting Windows machines written entirely in Python & open source security project.

Just some exploits :P

BootStomp: a bootloader vulnerability finder

Decrypted content of eqgrp-auction-file.tar.xz

Cybersecurity stuff for both the blue team and the red team, mostly red though.

Exploits and Security Tools Framework 2.0.1

异步漏洞利用框架

automation framework for kenzerdb

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

No description or website provided.

An advanced command-line search engine for Exploit-DB

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Advisories, proof of concept files and exploits that have been made public by @pedrib.

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Public Disclosures

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Check linux sources dump for known CVEs.

快速搭建各种漏洞环境(Various vulnerability environment)

log4j2 remote code execution or IP leakage exploit (with examples)

CVE Alerting Platform

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

A collection of android Exploits and Hacks

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Experiments on C/C++ Exploits

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Advisories and Proofs of Concept by BlackArrow

for mass exploiting

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Tracking CVEs for the linux Kernel

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

A PHP version scanner for reporting possible vulnerabilities

CTF programs and writeups

NVD/CVE as JSON files

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Some Generic Browser Exploits (For Educational Purposes Only)

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

WebMap-Nmap Web Dashboard and Reporting

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Powerful Shodan API client using RxJava and Retrofit

Collection of different exploits

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A handy collection of my public exploits, all in one place.