227 Open source projects that are alternatives of or similar to Middleware Vulnerability Detection

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

鹿不在侧，鲸不予游🐋

A social experiment

Some personal exploits/pocs

Poc Collected for study and develop

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

✍️ A curated list of CVE PoCs.

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

No description or website provided.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

POC for my Medium article

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.

PoC of injecting code into a running Linux process

The Correlated CVE Vulnerability And Threat Intelligence Database API

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

The PHP Security Checker

Proof of Concepts

Hacking Charles Web Debugging Proxy

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

RouterOS Security Research Tooling and Proof of Concepts

The clever vulnerability dependency finder

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

prove of concept using angularjs (1.x) accessing github api

🔪Browser logic vulnerabilities ☠️

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

Python3编写的CMS漏洞检测框架

Very simplified shop sales system made in a microservices architecture using quarkus

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

PatrowlHears - Vulnerability Intelligence Center / Exploits

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Blueborne CVE-2017-0781 Android heap overflow vulnerability

Resources for Windows exploit development

Exploit Discord's cache system to remote upload payloads on Discord users machines

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Hacking tools

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

CMS渗透测试框架-A CMS Exploit Framework

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

A python script designed to check if the website if vulnerable of clickjacking and create a poc

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

A collection of curated Java Deserialization Exploits

红队综合渗透框架

Vulnerability Labs for security analysis

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Proofs-of-concept

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Writeup of CVE-2020-15906

CVE-2018-8120 Windows LPE exploit