139 Open source projects that are alternatives of or similar to living-off-the-land

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

CMS渗透测试框架-A CMS Exploit Framework

collection poc use pocsuite framework 收集一些 poc with pocsuite框架

红队综合渗透框架

A Proof of Capacity proxy which supports solo and pool mining upstreams

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Working Python test and PoC for CVE-2018-11776, includes Docker lab

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

CVE-2020-0796 Local Privilege Escalation POC

Blueborne CVE-2017-0785 Android information leak vulnerability

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

hacker, ready for more of our story ! 🚀

Various proofs of concept examples using Github Actions 🤖

poc or exp of android vulnerability

PoC materials for article https://habr.com/en/post/486856/

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

poc-collection 是对 github 上公开的 PoC 进行收集的一个项目。

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A social experiment

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Slui File Handler Hijack UAC Bypass Local Privilege Escalation

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

Python3编写的CMS漏洞检测框架

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

🐩 Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 🐩

PoC for triggering buffer overflow via CVE-2020-0796

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

an RCE (remote command execution) approach of CVE-2018-7750

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Miscellaneous exploit code

DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

Exploit Code for CVE-2020-1472 aka Zerologon

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

No description or website provided.

Proof of concept code for the Spectre CPU exploit.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Exploit Discord's cache system to remote upload payloads on Discord users machines

Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

Cross platform PoC ransomware written in Go

Exploits for YARA 3.7.1 & 3.8.1

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Creates a Simulation of Fake Web Events

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5…

A number of scripts POC's and problems solved as pentests move along.

POC for my Medium article

Contact Tracing BLE sniffer PoC

ISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python.

A scavenger / conqueror wrapper for collision free multi mining of PoC coins

PoC of injecting code into a running Linux process

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

用于漏洞排查的pocsuite3验证POC代码

Proof of Concepts

PoC; terraform + kubeadm

PoC ActiveX SVG Document Execution

This project is a proof of concept to test graphQL usage in PHP.

Security-related PHP7 OPcache abuse tools and demo

PoC exploit for arbitrary file read/write in locked Samsung Android device via MTP (SVE-2017-10086)

Hacking Charles Web Debugging Proxy