402 Open source projects that are alternatives of or similar to Meltdown

Proofs-of-concept

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Nailgun attack on ARM devices.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

A collection of links related to Linux kernel security and exploitation

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.

😈 Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

Apache Shiro 反序列化漏洞检测与利用工具

A collection of android Exploits and Hacks

漏洞利用框架模块分享仓库

macOS Kernel Exploit for CVE-2019-8781. Credit for the bug goes to @LinusHenze :)

Trinity Exploit - Emulator Escape

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

An interactive multi-user web JS shell

Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors

An exploit for Apache Struts CVE-2017-5638

Webpage tracking only using CSS (and no JS)

Patch for Waterfall to improve performance during attacks and fix memory issues.

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

PHPMailer < 5.2.18 Remote Code Execution exploit and vulnerable container

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

IoT 固件漏洞复现环境

all mine papers, pwn & exploit

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

AndroRAT | Remote Administrator Tool for Android OS Hacking

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Bypassing disabled exec functions in PHP (c) CRLF

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Search gtfobins and lolbas files from your terminal

Multi-language web CGI interfaces exploits.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

SambaCry exploit and vulnerable container (CVE-2017-7494)

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Reverse Shell Cheat Sheet TooL

Various kernel exploits

SIde-Channel Analysis toolKit: embedded security evaluation tools

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

an RCE (remote command execution) approach of CVE-2018-7750

iOS 8.3 Mail.app inject kit

Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010

Repository to train/learn memory corruption on the ARM platform.

🦄🔒 Awesome list of secrets in environment variables 🖥️

A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda

Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities

Real world and CTFs exploiting web/binary POCs.

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

ItemDecoration for Android Recyclerview

An exploit for Apache Struts CVE-2018-11776

SQL Injection Payload List

This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits

linux-kernel-exploits Linux平台提权漏洞集合