Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+2961.9%)
moonwalkCover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Stars: ✭ 544 (+331.75%)
PyParser-CVEMulti source CVE/exploit parser.
Stars: ✭ 25 (-80.16%)
Infosec referenceAn Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+3203.17%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+2438.1%)
NishangNishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+4616.67%)
S3ScanScript to spider a website and find publicly open S3 buckets
Stars: ✭ 21 (-83.33%)
ExploitsA personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.
Stars: ✭ 75 (-40.48%)
CVE-2019-10149CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Stars: ✭ 15 (-88.1%)
Cve 2019 1003000 Jenkins Rce PocJenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
Stars: ✭ 270 (+114.29%)
CameradarCameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+2102.38%)
RubyfuRubyfu, where Ruby goes evil!
Stars: ✭ 228 (+80.95%)
vulristicsExtensible framework for analyzing publicly available information about vulnerabilities
Stars: ✭ 46 (-63.49%)
PocOrExp in Github聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
Stars: ✭ 544 (+331.75%)
Defaultcreds Cheat SheetOne place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1446.83%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-80.95%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+276.19%)
Traitor⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+2656.35%)
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Stars: ✭ 614 (+387.3%)
PatrowlHearsDataOpen-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds
Stars: ✭ 66 (-47.62%)
Beef Over WanBrowser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
Stars: ✭ 82 (-34.92%)
Gitlab rceRCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (-17.46%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1729.37%)
DartDART is a test documentation tool created by the Lockheed Martin Red Team to document and report on penetration tests, especially in isolated network environments.
Stars: ✭ 207 (+64.29%)
DiscoverCustom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+1922.22%)
CVE-2019-8449CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (-47.62%)
HrshellHRShell is an HTTPS/HTTP reverse shell built with flask. It is an advanced C2 server with many features & capabilities.
Stars: ✭ 193 (+53.17%)
PwnX.py🏴☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (-76.19%)
Awesome Shodan Queries🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+2088.89%)
Oscp Prepmy oscp prep collection
Stars: ✭ 105 (-16.67%)
Icg AutoexploiterbotWordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+92.06%)
pentest-reportsCollection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
Stars: ✭ 111 (-11.9%)
log4j2-rce-exploitlog4j2 remote code execution or IP leakage exploit (with examples)
Stars: ✭ 62 (-50.79%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-72.22%)
Cve 2018 8120CVE-2018-8120 Windows LPE exploit
Stars: ✭ 447 (+254.76%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+203.17%)
HtshellsSelf contained htaccess shells and attacks
Stars: ✭ 708 (+461.9%)
CrithitTakes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (+44.44%)
ADMMutateClassic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…
Stars: ✭ 69 (-45.24%)
VulmapVulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+756.35%)
H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+8194.44%)
LabsVulnerability Labs for security analysis
Stars: ✭ 1,002 (+695.24%)
Awesome Hacking ResourcesA collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+9000%)
M3m0M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 124 (-1.59%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-58.73%)
inthewilddbHourly updated database of exploit and exploitation reports
Stars: ✭ 127 (+0.79%)
github-watchmanMonitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-52.38%)
tugareconPentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+12.7%)
DcRatA simple remote tool in C#.
Stars: ✭ 709 (+462.7%)
dirtycowradare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability
Stars: ✭ 93 (-26.19%)
CVE-2021-22205GitLab CE/EE Preauth RCE using ExifTool
Stars: ✭ 165 (+30.95%)
SmogcloudFind cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (+33.33%)
Cve 2017 0065Exploiting Edge's read:// urlhandler
Stars: ✭ 15 (-88.1%)