929 Open source projects that are alternatives of or similar to PwnX.py

This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Advanced vulnerability scanning with Nmap NSE

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

Yet Another PHP Shell - The most complete PHP reverse shell

DoS PoC's for SAP products

A collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.

Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

All releases of the security research group (a.k.a. hackers) The Hacker's Choice

hack tools

Exploiting Edge's read:// urlhandler

Self contained htaccess shells and attacks

Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

A social experiment

PoC exploit for CVE-2016-4622

Asynchronous Python implementation of SlowLoris DoS attack

Thoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Proofs-of-concept

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

Notes about attacking Jenkins servers

Vulnerability Labs for security analysis

IoT 固件漏洞复现环境

A collection of electronic hacker magazines carefully curated over the years from multiple sources

Here you can get full exploit for SAP NetWeaver AS JAVA

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Reverse Shell as a Service

Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥

rsGen is a Reverse Shell Payload Generator for hacking.

JSON RSA to HMAC and None Algorithm Vulnerability POC

my oscp prep collection

iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner

A collection of hacking / penetration testing resources to make you better!

Extraction of iMessage Data via XSS

Proof of concept of VMSA-2017-0012

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…

Some of my public exploits

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Unsigned code loader for Exynos BootROM

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container

OWASP VBScan is a Black Box vBulletin Vulnerability Scanner

Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)

Safari local file reader