350 Open source projects that are alternatives of or similar to ProxyLogon

A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

Guest to host VM escape exploit for Parallels Desktop

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Focus on cybersecurity | collection of PoC and Exploits

Basic tool to automate backdooring PE files

AliGuard PHP WAF

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of my own techniques

GitLab CE/EE Preauth RCE using ExifTool

RTSPhuzz - An RTSP Fuzzer written using the Boofuzz framework

The first tool to download any Guitar Pro file, including 'Official' from Ultimate Guitar

Framework for exploiting local vulnerabilities

Python script to decrypt passwords stored by mRemoteNG

Exploit PollDaddy polls

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Python Powered Repository

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

POC code to crash Windows Event Logger Service

DoS PoC's for SAP products

Proof of concept of VMSA-2017-0012

Simple script that utilities discord's flaw in detecting who blocked who.

Unsigned code loader for Exynos BootROM

No description or website provided.

Some of my public exploits

CRAX: software CRash analysis for Automatic eXploit generation

Simple and fast discord token cracker

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

A remote administration tool for Windows, written in C#

A minimalist re-implementation of the Fusée Gelée exploit (http://memecpy.com), designed to run on embedded Linux devices. (Zero dependencies)

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

iOS gamed exploit (fixed in 15.0.2)

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Vulnerable software and exploits used for OSCP/OSCE preparation

Metasploit framework with steroids

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Hack The Printer

Windows MSI Installer LPE (CVE-2021-43883)

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

gtfo, now with the speed of golang

Proxy token to allow mitigating EOSIO Ram exploit

Webshell Jumping Edition

Exploiting challenges in Linux and Windows

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

🛠️ Tool to bypass my school's security system to get sudo privileges on MacOS

PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM

iOS 15 0-day exploit (still works in 15.0.2)

kernel-pwn and writeup collection

rsGen is a Reverse Shell Payload Generator for hacking.

Brahma - Privilege elevation exploit for Nintendo 3DS

A collection of JavaScript Codes I've made to enhance the User Experience of Discord and some other Discord related stuff

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit