1429 Open source projects that are alternatives of or similar to Poc

Kubernetes security and vulnerability tools and utilities.

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

Misc. Public Reports of Penetration Testing and Security Audits.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Real world and CTFs exploiting web/binary POCs.

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

This repository contains several applications, demonstrating the Meltdown bug.

CVE-2020-11651: Proof of Concept

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Guest to host VM escape exploit for Parallels Desktop

Blueborne CVE-2017-0785 Android information leak vulnerability

A number of scripts POC's and problems solved as pentests move along.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Advanced Web Browser Fingerprinting

My exploitDB.

Powerful dork searcher and vulnerability scanner for windows platform

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

🦄🔒 Awesome list of secrets in environment variables 🖥️

Xbox One Symbolic Link Exploit: Access restricted/encrypted volumes using the Xbox File Explorer.

Unsigned code loader for Exynos BootROM

Some of my public exploits

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

IOTA Proof of Concept, store MQTT messages on the tangle.

Some personal exploits/pocs

POC de uma aplicação de domínio financeiro.

Apache Solr Injection Research

Focus on cybersecurity | collection of PoC and Exploits

漏洞研究

Juniper Junos Space (CVE-2020-1611) (PoC)

Extensible framework for analyzing publicly available information about vulnerabilities

项目是根据LandGrey/SpringBootVulExploit清单编写，目的hvv期间快速利用漏洞、降低漏洞利用门槛。

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

hacker, ready for more of our story ! 🚀

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

an RCE (remote command execution) approach of CVE-2018-7750

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

This is a minified exploit for mikrotik routers. It does not require any aditional modules to run.

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Apache Shiro 反序列化漏洞检测与利用工具

SQL Injection Payload List

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

IoT 固件漏洞复现环境

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

DoS PoC's for SAP products

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs