419 Open source projects that are alternatives of or similar to Pwn2own2020

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

An overlay attack example

all mine papers, pwn & exploit

Uma lista de conteúdos para você aprender Swift

SQL Injection Payload List

Authentication bypass for outdated WoW emulation authentication servers

Multi-language web CGI interfaces exploits.

Network based protocol fuzzer

Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials.

The Arduino Create Agent

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

A collection of Destiny 2 macros built with AutoHotKey

An IDA_Wrapper for linux, shipped with an Function Identifier. It works well with Driller on static linked binaries.

SambaCry exploit and vulnerable container (CVE-2017-7494)

Framework for rapid development and reusable of security tools

Remove feed from Facebook, Twitter and Linkedin... To stay productive !

🔐 Body scroll locking that just works with everything

Body scroll locking that just works with everything 😏

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Yet Another PHP Shell - The most complete PHP reverse shell

A number of scripts POC's and problems solved as pentests move along.

Remot3d: is a simple tool created for large pentesters as well as just for the pleasure of defacers to control server by backdoors

A collection of reverse engineered Apple things, as well as a machine-readable database of Apple hardware

CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻

Extensible framework for analyzing publicly available information about vulnerabilities

An exploit for Apache Struts CVE-2018-11776

Kubernetes security and vulnerability tools and utilities.

Ladon Moudle MS17010 Exploit for PowerShell

Sync your firefox tabs with Safari on iOS

Apache Shiro 反序列化漏洞检测与利用工具

Chrome extension for controlling Xbox Cloud Gaming (Project xCloud) using a keyboard and mouse

HatVenom is a HatSploit native powerful payload generation tool that provides support for all common platforms and architectures.

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

📖 Browser extension that adds a table of contents to GitHub repos, wikis and gists.

Privacy Essentials Extension for Safari

The text editor that requires only a browser and a keyboard!

Patch for Waterfall to improve performance during attacks and fix memory issues.

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation

Python Powered Repository

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Small HTML DoS exploit kit aimed at mobile browsers that allows rapid deployment and testing

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Code examples and exercises for Safari LiveTraining course.

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

Malicious use of macho, such as dump-runtime-macho, function-hook.

Vulnerable software and exploits used for OSCP/OSCE preparation

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

One of the few malware collection

block game military grade radar

Test suites for Web platform specs — including WHATWG, W3C, and others

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits

A collection of android Exploits and Hacks

Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. Blackcat keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture system screenshot and send to ftp server in given time.

🦄🔒 Awesome list of secrets in environment variables 🖥️