570 Open source projects that are alternatives of or similar to Struts Pwn

Vulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb

Collection of different exploits

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

A collection of android Exploits and Hacks

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

DevSec Apache Baseline - InSpec Profile

Windows Exploit Suggester - Next Generation

A number of scripts POC's and problems solved as pentests move along.

Encrypted exploit delivery for the masses

Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。

Linux local root exploit for CVE-2014-0038

Apache NLPCraft - API to convert natural language into actions.

Exploit Code for CVE-2020-1472 aka Zerologon

This is a list of Discord console scripts, bugs and exploits.

Shodanwave is a tool for exploring and obtaining information from Netwave IP Camera.

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

💣 Remotely render any nearby iPhone or iPad unusable

⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket

☠️ Call of Duty - Vulnerabilities and proof-of-concepts

MonitoFi: Health & Performance Monitor for your Apache NiFi

JSshell - JavaScript reverse/remote shell

Open Mesh OM5P-AC v2 Unlocker (U-Boot 1.1.4 based)

Bad Characters highlighter for exploit development purposes supporting multiple input formats while comparing.

CTF binary exploit code

some experience in CTFs

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Research on Anti-malware and other related security solutions

Apache Open Source Software Chat BOT

PS4 5.01 WebKit Exploit PoC

A directory listing theme for Apache

A python based tool for exploiting and managing Android devices via ADB

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

Bash script purposed for system enumeration, vulnerability identification and privilege escalation.

macOS Kernel Exploit for CVE-2019-8781. Credit for the bug goes to @LinusHenze :)

SVScanner - Scanner Vulnerability And MaSsive Exploit.

⚡A supercharged, interactive Kafka shell built on top of the existing Kafka CLI tools.

JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

Mirror of Apache Qpid JMS

CVE-2020-0688_EXP Auto trigger payload & encrypt method

An alternative to the "hive standalone" jar for connecting Java applications to Apache Hive via JDBC

A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

A semi-demi-working proof of concept for a mix of spectre and meltdown vulnerabilities

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Entropy Toolkit is a set of tools to provide Netwave and GoAhead IP webcams attacks. Entropy Toolkit is a powerful toolkit for webcams penetration testing.

log4j2 remote code execution or IP leakage exploit (with examples)

Bluetooth scanner for local devices that may be vulnerable to Blueborne exploit

🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit

M3m0 Tool ⚔️ Website Vulnerability Scanner & Auto Exploiter

Docker with Apache, MySql, PhpMyAdmin and Php

A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs

Windows MSI Installer LPE (CVE-2021-43883)

🚀 Web GUI for Kafka Cluster Management

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Easy to use, professional error pages to replace the plaintext error pages that come with any server software like Nginx or Apache

Papers, blogposts, tutorials etc for learning about Windows kernel exploitation, internals and (r|b)ootkits

htpw is a project to increase the security of your WordPress!