1052 Open source projects that are alternatives of or similar to moonwalk

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

Writeup of CVE-2020-15906

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

Automation for internal Windows Penetrationtest / AD-Security

🌒 Shell command obfuscation to avoid detection systems

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Hourly updated database of exploit and exploitation reports

WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

One stop place for exploiting Jira instances in your proximity

Research on Anti-malware and other related security solutions

CVE-2019-1652 /CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Extraction of iMessage Data via XSS

Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

A Tool that Finds, Enumerates, and Exploits Reolink Cameras.

log4j2 remote code execution or IP leakage exploit (with examples)

Monitoring GitHub for sensitive data shared publicly

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

Multi source CVE/exploit parser.

Some of my public exploits

All In One Pentesting Tool For Recon & Auditing , Phone Number Lookup , Header , SSH Scan , SSL/TLS Scan & Much More.

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

Misc. Public Reports of Penetration Testing and Security Audits.

A collection of hacking / penetration testing resources to make you better!

LinkedinScraper is an another information gathering tool written in python. You can scrape employees of companies on Linkedin.com and then create these employee names, titles and emails.

Tool to help exploit XXE vulnerabilities

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Brahma - Privilege elevation exploit for Nintendo 3DS

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Some Pentesters, Security Researchers, Red Teamers which i learned from them a lot...

Little Bug Bounty & Hacking Tools⚔️

Just another useless C2 occupying space in some HDD somewhere.

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

A social experiment

Basic tool to automate backdooring PE files

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Python Powered Repository

Exploiting challenges in Linux and Windows

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Simple DLL that add a user to the local Administrators group

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Extensible framework for analyzing publicly available information about vulnerabilities

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

Python AV Evasion Tools

Feature-rich Post Exploitation Framework with Network Pivoting capabilities.

C# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.

A collection of useful links for Pentesters

Advanced Web Browser Fingerprinting