H4ckerThis repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+34736.67%)
tryhackme-ctfTryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+366.67%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+12760%)
VulscanAdvanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+7583.33%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+1173.33%)
Umbraco-RCEUmbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (+103.33%)
YAPSYet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (+16.67%)
Penetration Testing ToolsA collection of more than 140+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
Stars: ✭ 614 (+1946.67%)
Exploit Cve 2016 9920Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container
Stars: ✭ 34 (+13.33%)
Cve 2018 18852CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.
Stars: ✭ 42 (+40%)
Thc ArchiveAll releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+1480%)
Cve 2017 0065Exploiting Edge's read:// urlhandler
Stars: ✭ 15 (-50%)
HtshellsSelf contained htaccess shells and attacks
Stars: ✭ 708 (+2260%)
Beef Over WanBrowser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
Stars: ✭ 82 (+173.33%)
CiscoexploitCisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)
Stars: ✭ 73 (+143.33%)
JscpwnPoC exploit for CVE-2016-4622
Stars: ✭ 89 (+196.67%)
SlowlorisAsynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (+70%)
ThoronThoron Framework is a Linux post-exploitation framework that exploits Linux TCP vulnerability to provide a shell-like connection. Thoron Framework has the ability to create simple payloads to provide Linux TCP attack.
Stars: ✭ 87 (+190%)
Gitlab rceRCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
Stars: ✭ 104 (+246.67%)
AnsvifA Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (+256.67%)
PubVulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Stars: ✭ 217 (+623.33%)
ExphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Stars: ✭ 3,056 (+10086.67%)
PocProofs-of-concept
Stars: ✭ 467 (+1456.67%)
YsoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+15926.67%)
HerpaderpingProcess Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Stars: ✭ 614 (+1946.67%)
dheaterD(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+373.33%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (+2723.33%)
Pwn jenkinsNotes about attacking Jenkins servers
Stars: ✭ 841 (+2703.33%)
LabsVulnerability Labs for security analysis
Stars: ✭ 1,002 (+3240%)
Hacker ezinesA collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (+140%)
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
Stars: ✭ 60 (+100%)
VulmapVulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+3496.67%)
Icg AutoexploiterbotWordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+706.67%)
rsGenrsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (+136.67%)
TokenBreakerJSON RSA to HMAC and None Algorithm Vulnerability POC
Stars: ✭ 51 (+70%)
Oscp Prepmy oscp prep collection
Stars: ✭ 105 (+250%)
Iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
Stars: ✭ 326 (+986.67%)
Spectre Meltdown PocA semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities
Stars: ✭ 127 (+323.33%)
KillshotA Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (+690%)
Awesome Hacking ResourcesA collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+38120%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (+73.33%)
M3m0M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 124 (+313.33%)
overflowA command-line tool for exploiting stack-based buffer overflow vulnerabilities.
Stars: ✭ 66 (+120%)
ADMMutateClassic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I h…
Stars: ✭ 69 (+130%)
exploitsSome of my public exploits
Stars: ✭ 50 (+66.67%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (+3.33%)
break-fast-serialA proof of concept that demonstrates asynchronous scanning for Java deserialization bugs
Stars: ✭ 53 (+76.67%)
exynos-usbdlUnsigned code loader for Exynos BootROM
Stars: ✭ 57 (+90%)
exploit-CVE-2015-3306ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
Stars: ✭ 97 (+223.33%)
VbscanOWASP VBScan is a Black Box vBulletin Vulnerability Scanner
Stars: ✭ 295 (+883.33%)
SirepratRemote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
Stars: ✭ 326 (+986.67%)
SafilerSafari local file reader
Stars: ✭ 118 (+293.33%)