AryAry 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (-96.12%)
ExphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
Stars: ✭ 3,056 (-50.85%)
Medusa🐈Medusa是一个红队武器库平台,目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能,持续开发中 http://medusa.ascotbe.com
Stars: ✭ 796 (-87.2%)
litewafLightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-99.49%)
NSE-scriptsNSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (-98.31%)
Bitp0wnAlgorithms to re-compute a private key, to fake signatures and some other funny things with Bitcoin.
Stars: ✭ 59 (-99.05%)
ArissploitArissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-98.17%)
PentestingMisc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-99.61%)
YsoserialA proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (-22.68%)
Hackinghacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-93.36%)
cve-2016-1764Extraction of iMessage Data via XSS
Stars: ✭ 52 (-99.16%)
SecExampleJAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (-96.33%)
Penetration testing poc渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (-37.95%)
Gopoc用cel-go重现了长亭xray的poc检测功能的轮子
Stars: ✭ 124 (-98.01%)
V3n0m ScannerPopular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns
Stars: ✭ 847 (-86.38%)
PoccollectPoc Collected for study and develop
Stars: ✭ 15 (-99.76%)
PubVulnerability Notes, PoC Exploits and Write-Ups for security issues disclosed by tintinweb
Stars: ✭ 217 (-96.51%)
Javadeserh2hcSample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Stars: ✭ 361 (-94.19%)
safelog4jSafelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Stars: ✭ 38 (-99.39%)
CVE-2021-33766ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (-99.4%)
APSoft-Web-Scanner-v2Powerful dork searcher and vulnerability scanner for windows platform
Stars: ✭ 96 (-98.46%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (-95.71%)
Commodity Injection SignaturesCommodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-95.71%)
Vulscanvulscan 扫描系统:最新的poc&exp漏洞扫描,redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
Stars: ✭ 486 (-92.18%)
CVE-2020-1611Juniper Junos Space (CVE-2020-1611) (PoC)
Stars: ✭ 25 (-99.6%)
dheaterD(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (-97.72%)
PastebinMarkdownXSSXSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-98.65%)
cdCloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-99.47%)
XSS-CheatsheetXSS Cheatsheet - A collection of XSS attack vectors https://xss.devwerks.net/
Stars: ✭ 26 (-99.58%)
SQL-XSSA few SQL and XSS attack tools
Stars: ✭ 29 (-99.53%)
Cve 2020 10199 cve 2020 10204CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面。CVE-2020-10199 and CVE-2020-10204 Vul Tool with GUI.
Stars: ✭ 20 (-99.68%)
Uxss Db🔪Browser logic vulnerabilities ☠️
Stars: ✭ 565 (-90.91%)
BlackwidowA Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (-85.73%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+96.94%)
GodnslogAn exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (-97.23%)
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-97.65%)
KillshotA Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
Stars: ✭ 237 (-96.19%)
GowaptGo Web Application Penetration Test
Stars: ✭ 300 (-95.18%)
PocProofs-of-concept
Stars: ✭ 467 (-92.49%)
Anti Xss㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
Stars: ✭ 403 (-93.52%)
Drupalgeddon2Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
Stars: ✭ 464 (-92.54%)
ProtectProactively protect your Node.js web services
Stars: ✭ 394 (-93.66%)
A2svAuto Scanning to SSL Vulnerability
Stars: ✭ 524 (-91.57%)
TracyA tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
Stars: ✭ 464 (-92.54%)
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-93.74%)
A Red Teamer DiariesRedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-93.86%)
XsserFrom XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
Stars: ✭ 381 (-93.87%)
SqlmapAutomatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+252.32%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+429.25%)
0d1nTool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
Stars: ✭ 506 (-91.86%)
LadongoLadon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-94.11%)
Cwe checkercwe_checker finds vulnerable patterns in binary executables
Stars: ✭ 372 (-94.02%)