305 Open source projects that are alternatives of or similar to spring-boot-upload-file-lead-to-rce-tricks

一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

JAVA 漏洞靶场 (Vulnerability Environment For Java)

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

DoS PoC's for SAP products

SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

Proof of concept of VMSA-2017-0012

REST API backend for Reconmap

GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Some of my public exploits

Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer

Penelope Shell Handler

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

GitHub Action to run `npm audit`

Adobe Experience Manager Vulnerability Scanner

REST API boilerplate with Typescript, Express.js, Typeorm and Mocha.

A Python program implementing and exploiting the Minsky Turing machine considered in the paper "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine" as per CVE-2021-32471 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32471)

Traditional Mitigation in GCC to defend Memory Corruption Vulnerability

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.

Extraction of iMessage Data via XSS

Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.

Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)

WebLogic Honeypot is a low interaction honeypot to detect CVE-2017-10271 in the Oracle WebLogic Server component of Oracle Fusion Middleware. This is a Remote Code Execution vulnerability.

CVE-2020-11651: Proof of Concept

React Native client for the tus resumable upload protocol.

XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)

log4j rce test environment and poc

DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Distributed, workflow-driven integration environment

rsGen is a Reverse Shell Payload Generator for hacking.

Phantom eye——A passive business logic vulnerability auditing tool

This is a web-app created using Python, Django. By using this user can login, upload files and also can view and download files uploaded by other users.

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

Ruby library for interacting with Bugcrowd's VRT

tiny-qiniu for rc-upload or antd upload component `customRequest` property

CVE-2020-36179~82 Jackson-databind SSRF&RCE

An All-In-One Pure Python PoC for CVE-2021-44228

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

A static binary vulnerability scanner

Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance

Redis 4.x/5.x RCE

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

CVE-2020-16898 (Bad Neighbor) Microsoft Windows TCP/IP Vulnerability Detection Logic and Rule

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits

DDoor - cross platform backdoor using dns txt records

Unsigned code loader for Exynos BootROM

A command-line tool for exploiting stack-based buffer overflow vulnerabilities.

Weblogic coherence.jar RCE

🛠 Tools and scripts to manipulate Android APKs

汽车/安卓/固件/代码安全测试工具集

📜🔗 EOSfilestore, Immutable, time-proof, file storage on EOS blockchain

Test your Security Skills, and Clean Code Development as a Pythonist, Hacker & Warrior 🥷🏻