361 Open source projects that are alternatives of or similar to MSF-Self-Defence

A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854

Advanced Web Browser Fingerprinting

Webshell Jumping Edition

A Ruby micro-framework for writing and running exploits

Blueborne CVE-2017-0781 Android heap overflow vulnerability

Rage allows you to execute any file in a Microsoft Office document.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.

Basic tool to automate backdooring PE files

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

Some of my CTF solutions

CTF中Pwn的快速利用模板（包含awd pwn）

Windows Exploit Suggester - Next Generation

Blazing fast, advanced Padding Oracle exploit

Focus on cybersecurity | collection of PoC and Exploits

RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

Implementation of the KDD 2020 paper "Graph Structure Learning for Robust Graph Neural Networks"

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

NSA Hacking Tool Recreation UnitedRake

A number of scripts POC's and problems solved as pentests move along.

Encrypted exploit delivery for the masses

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

Plaintext Password harvesting from Azure Windows VMs

Extensible framework for analyzing publicly available information about vulnerabilities

Simple and fast discord token cracker

Kubernetes security and vulnerability tools and utilities.

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Linux local root exploit for CVE-2014-0038

Windows MSI Installer LPE (CVE-2021-43883)

Fully Featured Nintendo DS Loader for Ghidra

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS

Exploiting challenges in Linux and Windows

pentest framework

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

Exploit Code for CVE-2020-1472 aka Zerologon

Vulnerable software and exploits used for OSCP/OSCE preparation

Automated Twitter mass account creation and follow using Selenium and Tor VPN

gtfo, now with the speed of golang

Lightweight utility to fool port scanners

🔒 A curated checklist of 300+ tips for protecting digital security and privacy in 2021

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities

GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements

Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.

Demo for analyzing the structural imbalance on a signed social network.

Roblox Exploit Source Code Called IceMeme with some cmds, lua c and limited lua execution with simple ui in c#

This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…

rsGen is a Reverse Shell Payload Generator for hacking.

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

CRAX: software CRash analysis for Automatic eXploit generation

A minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

SHIELD: Fast, Practical Defense and Vaccination for Deep Learning using JPEG Compression

Hack The Printer

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Reference: http://www.secgeek.net/bookfresh-vulnerability/

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits