139 Open source projects that are alternatives of or similar to living-off-the-land

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

A python script designed to check if the website if vulnerable of clickjacking and create a poc

Authenticate against a MySQL server without knowing the cleartext password

用cel-go重现了长亭xray的poc检测功能的轮子

Poc Collected for study and develop

鹿不在侧，鲸不予游🐋

Krack POC

Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

CVE-2020-1206 Uninitialized Kernel Memory Read POC

Very simplified shop sales system made in a microservices architecture using quarkus

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

SpectreExploit POC

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Hacking tools

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Blueborne CVE-2017-0781 Android heap overflow vulnerability

No description or website provided.

Focus on cybersecurity | collection of PoC and Exploits

💣 Remotely render any nearby iPhone or iPad unusable

prove of concept using angularjs (1.x) accessing github api

✍️ A curated list of CVE PoCs.

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Proof of Concepts

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

collection poc use pocsuite framework 收集一些 poc with pocsuite框架

A Proof of Capacity proxy which supports solo and pool mining upstreams

Working Python test and PoC for CVE-2018-11776, includes Docker lab

CVE-2020-0796 Local Privilege Escalation POC

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

Various proofs of concept examples using Github Actions 🤖

PoC materials for article https://habr.com/en/post/486856/

poc-collection 是对 github 上公开的 PoC 进行收集的一个项目。

A social experiment

Slui File Handler Hijack UAC Bypass Local Privilege Escalation

Python3编写的CMS漏洞检测框架

🐩 Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 🐩

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Miscellaneous exploit code

Exploit Code for CVE-2020-1472 aka Zerologon

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

Proof of concept code for the Spectre CPU exploit.

Exploit Discord's cache system to remote upload payloads on Discord users machines

Cross platform PoC ransomware written in Go

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5…

POC for my Medium article

ISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python.

PoC of injecting code into a running Linux process

用于漏洞排查的pocsuite3验证POC代码

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.

PoC; terraform + kubeadm

PoC ActiveX SVG Document Execution

This project is a proof of concept to test graphQL usage in PHP.

Security-related PHP7 OPcache abuse tools and demo

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)