1121 Open source projects that are alternatives of or similar to pwn-pulse

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Multi source CVE/exploit parser.

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Script to spider a website and find publicly open S3 buckets

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Cameradar hacks its way into RTSP videosurveillance cameras

Rubyfu, where Ruby goes evil!

Extensible framework for analyzing publicly available information about vulnerabilities

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

🦄🔒 Awesome list of secrets in environment variables 🖥️

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Misc. Public Reports of Penetration Testing and Security Audits.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

A social experiment

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

Advanced vulnerability scanning with Nmap NSE

DART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

HRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩‍💻

my oscp prep collection

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

log4j2 remote code execution or IP leakage exploit (with examples)

Yet Another PHP Shell - The most complete PHP reverse shell

CVE-2018-8120 Windows LPE exploit

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Self contained htaccess shells and attacks

Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Vulnerability Labs for security analysis

A collection of hacking / penetration testing resources to make you better!

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Extraction of iMessage Data via XSS

Writeup of CVE-2020-15906

Hourly updated database of exploit and exploitation reports

Monitoring GitHub for sensitive data shared publicly

Pentest: Subdomains enumeration tool for penetration testers.

Leaked pentesting manuals given to Conti ransomware crooks

A simple remote tool in C#.

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

GitLab CE/EE Preauth RCE using ExifTool

Find cloud assets that no one wants exposed 🔎 ☁️

🔐 Docker Container for Penetration Testing & Security

Exploiting Edge's read:// urlhandler