159 Open source projects that are alternatives of or similar to Spectreexploit

Proof of concept code for the Spectre CPU exploit.

CVE-2020-10199、CVE-2020-10204漏洞一键检测工具，图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

CMS渗透测试框架-A CMS Exploit Framework

Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

RouterOS Security Research Tooling and Proof of Concepts

Exploit Discord's cache system to remote upload payloads on Discord users machines

SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)

Python3编写的CMS漏洞检测框架

Proofs-of-concept

POC for my Medium article

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Hacking tools

The popular NoScript Security Suite browser extension.

Very simplified shop sales system made in a microservices architecture using quarkus

CVE-2020-0796 Remote Code Execution POC

Miscellaneous exploit code

Hacking Charles Web Debugging Proxy

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞， 对功能进行强化以及脚本进行分类添加，自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC

Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways of attacking data protection measures on CPUs enabling attackers to read data they shouldn't be able to. This tool is originally based on Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

prove of concept using angularjs (1.x) accessing github api

红队综合渗透框架

PoC materials for article https://habr.com/en/post/486856/

vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...

Poc Collected for study and develop

Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)

Blueborne CVE-2017-0781 Android heap overflow vulnerability

Blueborne CVE-2017-0785 Android information leak vulnerability

Tools to run MacOS on HP Spectre x360 (Late-2016 / Early-2017, Kaby Lake)

hacker, ready for more of our story ! 🚀

A modern, simple & elegant theme for Hexo

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

PoC of injecting code into a running Linux process

poc or exp of android vulnerability

A python script designed to check if the website if vulnerable of clickjacking and create a poc

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

Proof of Concepts

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A social experiment

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

a plenty of poc based on python

Focus on cybersecurity | collection of PoC and Exploits

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动

Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Krack POC

Algorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.