187 Open source projects that are alternatives of or similar to Java Deserialization Exploits

快速搭建各种漏洞环境(Various vulnerability environment)

#INFILTRATE20 raptor's party pack

log4j2 remote code execution or IP leakage exploit (with examples)

iOS 10.1.1 Project 0 Exploit Compatible with All arm64 devices for Jailbreak Development

CVE Alerting Platform

Exploiting challenges in Linux and Windows

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Vulnerability (CVE) scanner for Nix/NixOS.

A collection of android Exploits and Hacks

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

The knife of the Admin & Security auditor

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Experiments on C/C++ Exploits

REST API backend for Reconmap

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

#INFILTRATE19 raptor's party pack

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

Advisories and Proofs of Concept by BlackArrow

汽车/安卓/固件/代码安全测试工具集

for mass exploiting

台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

Hourly updated database of exploit and exploitation reports

Tracking CVEs for the linux Kernel

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

NVD/CVE as JSON files

Extraction of iMessage Data via XSS

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.

Some Generic Browser Exploits (For Educational Purposes Only)

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

Original Automated CVE Checking Tool

Collection of different exploits

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Challenges and vulnerabilities exploitation.

Exploits developed by me.

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

A handy collection of my public exploits, all in one place.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

漏洞研究

A simple framework for sending test payloads for known web CVEs.

Some exploits, which I’ve created during my OSCE preparation.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice