1-day current streak·5-day longest streak
-
CVE-2022-22963
CVE-2022-22963 PoC
Python ★ 115 4y agoExplain → -
hikvision
Hikvision log4j PoC
Python ★ 66 3y agoExplain → -
CVE-2024-20931
CVE-2024-20931, this is the bypass of the patch of CVE-2023-21839
★ 61 2y agoExplain → -
spring-core-rce
Spring core rce
Python ★ 59 4y agoExplain → -
leaklens
Bug bounty focused JavaScript security analysis for crawling web assets, source maps, and secret discovery
Go ★ 45 7d agoExplain → -
synackDUO ⑂
Python Duo Push API
Python ★ 41 2mo agoExplain → -
top_Hibp_passwords
Top passwords as per HaveIBeenPwned
★ 35 4mo agoExplain → -
proxyshell
A basic proxylogon scanner
Python ★ 27 5y agoExplain → -
ghleaks
Search for github leaks by combining gitleaks and git-hound capabilities with rate control and exhaustive search.
Go ★ 24 27d agoExplain → -
synack_burp
No description.
★ 17 3y agoExplain → -
burp-mcp-server
No description.
Kotlin ★ 16 11mo agoExplain → -
ghost-cve-2026-26980
CVE-2026-26980 — Ghost CMS Content API SQL Injection Lab (unauthenticated blind SQLi via slug filter ordering)
Python ★ 15 3mo agoExplain → -
CVE-2026-32710
Heap OOB write in MariaDB JSON_SCHEMA_VALID() → persistent privilege escalation (lab-assisted)
Python ★ 14 2mo agoExplain → -
CVE-protobufjs-GHSA-xq3m-2v4x-88gg
PoC for GHSA-xq3m-2v4x-88gg: Critical RCE in protobuf.js via code injection (CVSS 9.4)
JavaScript ★ 14 3mo agoExplain → -
CVE-2026-42779
CVE-2026-42779: Apache MINA AbstractIoBuffer.resolveClass() deserialization filter bypass to RCE (CVSS 9.8)
Java ★ 11 2mo agoExplain → -
citrix_cve-2023-4966
Citrix CVE-2023-4966 from assetnote modified for parallel and file handling
Python ★ 11 2y agoExplain → -
cluster-bus-takeover
Redis Cluster Bus Full Takeover — Lab & PoC
Python ★ 9 3mo agoExplain → -
drupal-sa-core-2026-004-lab
Drupal SA-CORE-2026-004 (PostgreSQL Entity Query SQLi via JSON:API filter array keys) — reproduction lab + generic detection PoC + line-by-line analysis. Patch available upstream.
Python ★ 8 1mo agoExplain → -
CVE-2026-34197
CVE-2026-34197 activemq PoC
Python ★ 8 3mo agoExplain → -
php-8.5.5-var_destroy-uaf
PHP 8.5.5 — var_destroy __destruct reentrancy UAF. Sister bug to Calif MAD Bugs finding; survives their proposed patch. ASAN-confirmed PoCs + leak primitive.
PHP ★ 8 2mo agoExplain → -
CVE-2026-44578
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
Python ★ 7 2mo agoExplain → -
apache-activemq-rce-research
Apache ActiveMQ Classic RCE research: CVE-2026-34197 / CVE-2026-42588 bypass chain + hardened-6.2.6 audit findings + Crowdfense comparison
Python ★ 7 13d agoExplain → -
pack2theroot-lab
CTF-style Docker lab for CVE-2026-41651 (Pack2TheRoot): PackageKit permissive-polkit local privilege escalation
Shell ★ 6 2mo agoExplain → -
CVE-2026-3844
CVE-2026-3844: Breeze Cache <= 2.4.4 Unauthenticated Arbitrary File Upload to RCE (CVSS 9.8)
Python ★ 5 2mo agoExplain → -
sap
Collection of SAP resources for penetration testing
★ 4 5y agoExplain → -
CVE-2024-21182
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
Java ★ 3 1mo agoExplain → -
redis-raptor
Redis security assessment with RAPTOR autonomous offensive research framework
Python ★ 3 2mo agoExplain → -
nginx-rift-poolslip-lab
No description.
Python ★ 3 28d agoExplain → -
autoswagger-ng
No description.
Python ★ 3 4mo agoExplain → -
proftpd-CVE-2026-42167-analysis
Independent reproduction, code-level root-cause analysis, and realistic-exposure write-up for CVE-2026-42167 (ProFTPD mod_sql is_escaped_text() bypass).
Python ★ 2 2mo agoExplain → -
claude-recall
Verbatim, local, cross-project search over your Claude Code memory notes (ripgrep + SQLite FTS5). No cloud, no daemon.
Python ★ 2 9d agoExplain → -
limesurvey-7.0.1-security-audit
No description.
Python ★ 2 29d agoExplain → -
netscaler-startwebview
Netscaler simple python exploit for mass checks
Python ★ 2 2y agoExplain → -
ysoserial.net-docker ⑂
ysoserial.net docker image
★ 2 2y agoExplain → -
kubei ⑂
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
★ 2 6y agoExplain → -
wp2shell-lab
Non-destructive detector + Docker lab for wp2shell (CVE-2026-63030 REST /batch/v1 route confusion + CVE-2026-60137 author__not_in SQLi) in WordPress core 6.9.0-6.9.4 / 7.0.0-7.0.1
Python ★ 1 55m agoExplain → -
cve-2026-42945-nginx32-lab
CVE-2026-42945 nginx 32-bit exploit lab ASLR enabled
Python ★ 1 2mo agoExplain → -
TencentDB-Agent-Memory ⑂
TencentDB Agent Memory delivers fully local long-term memory for AI Agents via a 4-tier progressive pipeline, with zero external API dependencies.
★ 1 2mo agoExplain → -
benigncertain
Simple exploit test for benigncertain (Equation Group's BENIGNCERTAIN tool - a remote exploit to extract Cisco VPN private keys)
Python ★ 1 4y agoExplain → -
soxy ⑂
A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.
★ 1 5mo agoExplain → -
go_snmp_scanner
Ultra fast snmp scanner on go
Go ★ 1 1y agoExplain → -
maigret ⑂
🕵️♂️ Collect a dossier on a person by username from thousands of sites
★ 1 2y agoExplain → -
jolokia-exploitation-toolkit ⑂
jolokia-exploitation-toolkit
★ 1 4y agoExplain → -
weblogic
Weblogic exploits
Python ★ 1 3y agoExplain → -
get_subdomains
Simple script to get subdomain information given a domain name using securitytrails API
Python ★ 1 4y agoExplain → -
SSRF-Testing ⑂
SSRF (Server Side Request Forgery) testing resources
★ 1 4y agoExplain → -
SpoolFool ⑂
Exploit for CVE-2022–22718 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)
★ 1 4y agoExplain → -
memcached-security-2026
Two memcached heap buffer overflows — default-config LRU-crawler metadump + proxy backend-response length truncation (→ RCE). Responsibly disclosed and fixed in memcached 1.6.44. PoCs, ASAN evidence, reproduction & fix-validation.
Python ★ 0 10d agoExplain → -
raptor ⑂
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
★ 0 11d agoExplain → -
CVE-2025-13673
CVE-2025-13673: Tutor LMS SQL Injection PoC + Docker lab
Python ★ 0 1mo agoExplain → -
CVE-2026-33453
Apache Camel 4.18.0 — CVE Security Assessment: 3 critical vulnerabilities with working PoC exploits (CVE-2026-33453, CVE-2026-40473, CVE-2026-40858)
Python ★ 0 2mo agoExplain → -
cve-2026-6379
Lab kit for CVE-2026-6379 — WP Photo Album Plus < 9.1.11.001 unauthenticated SQL injection. Docker lab + time-based blind PoC. For authorized security research and education.
Python ★ 0 2mo agoExplain → -
cve-2019-13132-lab
CVE-2019-13132 — libzmq CURVE INITIATE stack overflow → RCE. Working exploit + Docker lab.
Python ★ 0 2mo agoExplain → -
cve-2019-6250-lab
End-to-end pre-auth RCE lab for CVE-2019-6250 (libzmq <= 4.3.0, ZMTP/2.0 wire-protocol)
Shell ★ 0 2mo agoExplain → -
claude-howto ⑂
A visual, example-driven guide to Claude Code — from basic concepts to advanced agents, with copy-paste templates that bring immediate value.
★ 0 3mo agoExplain → -
xnldorker
No description.
Python ★ 0 6mo agoExplain → -
jmet ⑂
Java Message Exploitation Tool
★ 0 4y agoExplain → -
MS17-010 ⑂
MS17-010
★ 0 3y agoExplain → -
DllShimmer ⑂
Weaponize DLL hijacking easily. Backdoor any function in any DLL.
★ 0 10mo agoExplain → -
GraphSpy ⑂
Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI
★ 0 1y agoExplain → -
AutoRMM ⑂
AutoRMM is a collection of scripts and instructions we are organizing, to test delivery mechanisms for RMM and screen sharing tools, along with post exploitation strategies for blue and red teams wanting to more realistically simulate adversary capabilities using these strategies.
★ 0 11mo agoExplain → -
CVE-2025-48799 ⑂
No description.
★ 0 1y agoExplain → -
TangledWinExec ⑂
PoCs and tools for investigation of Windows process execution techniques
★ 0 1y agoExplain → -
cvs_recon
Open CVS clone for pentest / bugbounty process
Python ★ 0 1y agoExplain → -
stealer-parser ⑂
Information stealer logs parser
★ 0 2y agoExplain → -
IngressNightmare-POCs ⑂
CVE-2025-1974
★ 0 1y agoExplain → -
elasticdump
Elasticsearch access control validation
Python ★ 0 1y agoExplain → -
Ingram ⑂
网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
★ 0 1y agoExplain → -
nfs-security-tooling ⑂
No description.
★ 0 1y agoExplain → -
POCs ⑂
My POCs for CVEs & stuff
★ 0 1y agoExplain → -
CVE-2024-21733 ⑂
一个验证对CVE-2024-21733
★ 0 1y agoExplain → -
Awesome_GPT_Super_Prompting ⑂
ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.
★ 0 1y agoExplain → -
PatchaPalooza2 ⑂
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.
Python ★ 0 1y agoExplain → -
BOAZ_beta ⑂
Multilayered AV/EDR Evasion Framework
★ 0 1y agoExplain → -
gocheck ⑂
Because AV evasion should be easy.
★ 0 1y agoExplain → -
Hallucination-Attack ⑂
Attack to induce LLMs within hallucinations
★ 0 2y agoExplain → -
ZigStrike ⑂
ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.
★ 0 1y agoExplain → -
traitor ⑂
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
★ 0 2y agoExplain → -
mBot ⑂
A Go-Based Synack Mission Bot
★ 0 4y agoExplain → -
RustSoliloquy ⑂
A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.
★ 0 1y agoExplain → -
cofounder ⑂
ai-generated apps , full stack + generative UI
★ 0 1y agoExplain → -
WLExploit ⑂
Weblogic exploit
★ 0 3y agoExplain → -
SAP_exploit ⑂
Here you can get full exploit for SAP NetWeaver AS JAVA
★ 0 8y agoExplain → -
WeblogicScan-go ⑂
WeblogicScan一键检测
★ 0 2y agoExplain → -
CVE-2022-22536 ⑂
SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536.
★ 0 4y agoExplain → -
CVE-2021-2109
CVE-2021-2109 basic scanner
Python ★ 0 5y agoExplain → -
2024-PocLib ⑂
此项目的POC来源为2024年以来各大威胁情报的高危漏洞复现,POC已通过nuclei或xray武器化,本项目旨在为网络安全爱好者们提供一点参考资料,可供个人研究使用,共勉
★ 0 1y agoExplain → -
CVE-2024-21006_jar ⑂
CVE-2024-21006 exp
★ 0 1y agoExplain → -
hacktricks ⑂
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
★ 0 4y agoExplain → -
SeeYouCM-Thief ⑂
No description.
★ 0 3y agoExplain → -
JNDIExploit ⑂
对原版https://github.com/feihong-cs/JNDIExploit 进行了实用化修改
★ 0 3y agoExplain → -
ExecIT ⑂
Execute shellcode files with rundll32
★ 0 2y agoExplain → -
Khepri ⑂
🚀🚀🚀Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
★ 0 4y agoExplain → -
BypassAV ⑂
This map lists the essential techniques to bypass anti-virus and EDR
★ 0 2y agoExplain → -
RichFaces ⑂
A collection of exploits created or modified by me
★ 0 3y agoExplain → -
avred ⑂
Analyse your malware to surgically obfuscate it
★ 0 2y agoExplain → -
CVE-2023-46604 ⑂
No description.
★ 0 2y agoExplain → -
JNDI-Injection-LDAP-Deserialization ⑂
No description.
★ 0 3y agoExplain → -
Caro-Kann ⑂
Encrypted shellcode Injection to avoid Kernel triggered memory scans
★ 0 2y agoExplain → -
cs2br-bof ⑂
No description.
★ 0 3y agoExplain → -
awesome-industrial-protocols ⑂
Security-oriented list of resources about industrial network protocols.
★ 0 3y agoExplain → -
redis_get
Get redis keys from open redis, or by using a password. This is to create a proof of concept to be used later in reports.
Python ★ 0 3y agoExplain → -
LOLDrivers_finder ⑂
No description.
★ 0 3y agoExplain → -
Weblogic-1 ⑂
WebLogic vulnerability exploration from beginner to expert.
★ 0 3y agoExplain → -
DonPAPI ⑂
Dumping DPAPI credz remotely
★ 0 3y agoExplain → -
nanodump ⑂
The swiss army knife of LSASS dumping
★ 0 3y agoExplain → -
CVE-2022-36537 ⑂
POC of CVE-2022-36537
★ 0 3y agoExplain → -
JNDI-Injection-Exploit-Plus ⑂
60+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
★ 0 3y agoExplain → -
DumpThatLSASS ⑂
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
★ 0 3y agoExplain → -
KubeStalk ⑂
KubeStalk discovers Kubernetes and related infrastructure based attack surface from a black-box perspective.
★ 0 3y agoExplain → -
certi ⑂
ADCS abuser
★ 0 3y agoExplain → -
WeblogicEnvironment
WeblogicEnvironment docker setup for research
Shell ★ 0 3y agoExplain → -
pentest ⑂
:no_entry: offsec batteries included
★ 0 4y agoExplain → -
dp_crypto ⑂
Base64-based encryption oracle exploit for CVE-2017-9248 (Telerik UI for ASP.NET AJAX dialog handler)
★ 0 5y agoExplain → -
Offensive-C-Sharp ⑂
No description.
★ 0 3y agoExplain → -
CVE-2022-33679 ⑂
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
★ 0 3y agoExplain → -
Threat_Model_Examples ⑂
Collection of Threat Models
★ 0 4y agoExplain → -
w13scan_synack
w13scan custom
HTML ★ 0 3y agoExplain → -
CVE-2022-41040-metasploit-ProxyNotShell ⑂
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
★ 0 3y agoExplain → -
CVE-2021-2394 ⑂
POC of CVE-2021-2394
★ 0 4y agoExplain → -
Pentesting-notes
Pentesting notes
★ 0 3y agoExplain → -
MySQLByPassForSafeDog ⑂
MySQL注入绕安全狗Tamper / Code By:Tas9er
★ 0 3y agoExplain → -
redis-rogue-server ⑂
Redis(<=5.0.5) RCE
★ 0 3y agoExplain → -
weblogicScanner ⑂
weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
★ 0 4y agoExplain → -
w13scan_orig ⑂
Passive Security Scanner
★ 0 4y agoExplain → -
HPDeviceManagerExploit ⑂
Repo for proof of concept exploits and tools.
★ 0 3y agoExplain → -
ExploitRemotingService_Compiled ⑂
No description.
★ 0 5y agoExplain → -
syntoken
A quick way to retrieve your token whilst working and too lazy to fetch your phone
Python ★ 0 4y agoExplain → -
log4j-bypass ⑂
No description.
★ 0 4y agoExplain → -
WinPwnage ⑂
UAC bypass, Elevate, Persistence methods
★ 0 4y agoExplain → -
attackRmi ⑂
attackRmi
★ 0 5y agoExplain → -
CVE-2021-26855-SSRF-Proxylogon ⑂
This script helps to identify CVE-2021-26855 ssrf Poc
★ 0 5y agoExplain → -
Anti-Virus-Evading-Payloads ⑂
During the exploitation phase of a pen test or ethical hacking engagement, you will ultimately need to try to cause code to run on target system computers. Whether accomplished by phishing emails, delivering a payload through an exploit, or social engineering, running code on target computers is part of most penetration tests. That means that you will need to be able to bypass antivirus software or other host-based protection for successful exploitation. The most effective way to avoid antivirus detection on your target's computers is to create your own customized backdoor. Here is a simple way to evade anti-virus software when creating backdoors!
★ 0 4y agoExplain → -
awesome-api-security ⑂
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
★ 0 4y agoExplain → -
Penetration-Testing-Tools ⑂
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I have developed over years for Red Teaming/Pentesting/IT Security audits purposes. Most of them came handy on at least one of my real-world engagements.
★ 0 4y agoExplain → -
Java-Deserialization-Cheat-Sheet ⑂
The cheat sheet about Java Deserialization vulnerabilities
★ 0 4y agoExplain → -
Nimcrypt2 ⑂
.NET, PE, & Raw Shellcode Packer/Loader Written in Nim
★ 0 4y agoExplain → -
Chrome-Android-and-Windows-0day-RCE-SBX ⑂
Chrome Android and Windows 0day RCE+SBX.. DPRK
★ 0 4y agoExplain → -
PHP-binary-bugs ⑂
PHP binary bugs advisory
★ 0 4y agoExplain → -
ssl-kill-switch2 ⑂
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
★ 0 5y agoExplain → -
iDrac ⑂
No description.
★ 0 4y agoExplain → -
CVE-2021-22204-exiftool ⑂
Python exploit for the CVE-2021-22204 vulnerability in Exiftool
★ 0 5y agoExplain → -
graudit ⑂
grep rough audit - source code auditing tool
★ 0 4y agoExplain → -
API-Security-Checklist ⑂
Checklist of the most important security countermeasures when designing, testing, and releasing your API
★ 0 4y agoExplain → -
deepdarkCTI ⑂
Collection of Cyber Threat Intelligence sources from the deep and dark web
★ 0 4y agoExplain → -
vulhub ⑂
Pre-Built Vulnerable Environments Based on Docker-Compose
★ 0 4y agoExplain → -
JavaUnserializeExploits ⑂
No description.
★ 0 10y agoExplain → -
Vulnerable-OAuth-2.0-Applications ⑂
vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
★ 0 7y agoExplain → -
Awesome-Exploit ⑂
Poc
★ 0 4y agoExplain → -
OAUTHScan ⑂
Burp Suite Extension useful to verify OAUTHv2 and OpenID security
★ 0 4y agoExplain → -
Shhhloader ⑂
SysWhispers Shellcode Loader (Work in Progress)
★ 0 4y agoExplain → -
CVE-2020-2551 ⑂
Weblogic IIOP CVE-2020-2551
★ 0 6y agoExplain → -
ysoserial ⑂
forked from frohoff/ysoserial and added my own payloads.
★ 0 6y agoExplain → -
Advanced-SQL-Injection-Cheatsheet ⑂
A cheat sheet that contains advanced queries for SQL Injection of all types.
★ 0 4y agoExplain → -
Exploits-1 ⑂
self-written exploits for all Nday vulnerabilities
★ 0 4y agoExplain → -
CVE-2019-0708 ⑂
CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7
★ 0 4y agoExplain → -
JNDI-Exploit-Kit ⑂
Proper JNDI
★ 0 4y agoExplain → -
sonic-utilities ⑂
Command line utilities for the SONiC project
★ 0 4y agoExplain → -
CVE-2022-21883 ⑂
No description.
★ 0 4y agoExplain → -
Penetration_Testing_POC-1 ⑂
No description.
★ 0 5y agoExplain → -
jamf-log4j ⑂
No description.
★ 0 4y agoExplain → -
iker ⑂
An ike-scan wrapper to simplify penetration testing IKE and encourage stronger IKE implementations.
★ 0 4y agoExplain → -
Bug-Bounty-Wordlists ⑂
A repository that includes all the important wordlists used while bug hunting.
★ 0 4y agoExplain → -
Red-Teaming-Toolkit ⑂
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
★ 0 4y agoExplain → -
CVE-2022-21882 ⑂
win32k LPE
★ 0 4y agoExplain → -
expbox ⑂
Vulnerability Exploitation Code Collection Repository
★ 0 4y agoExplain → -
CVE-2021-44228-Log4j-Payloads ⑂
No description.
★ 0 4y agoExplain → -
ysoserial-modified ⑂
That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
★ 0 7y agoExplain → -
goby_poc ⑂
goby poc or exp,分享goby最新网络安全漏洞检测或利用代码
★ 0 4y agoExplain → -
phpggc ⑂
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
★ 0 4y agoExplain → -
exphub ⑂
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
★ 0 5y agoExplain → -
K8tools ⑂
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
★ 0 4y agoExplain → -
CVE-Exploits ⑂
PoC exploits for software vulnerabilities
★ 0 4y agoExplain → -
beanshooter ⑂
JMX enumeration and attacking tool.
★ 0 5y agoExplain → -
Penetration_Testing_POC ⑂
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
★ 0 4y agoExplain → -
CVE-2020-6308-PoC ⑂
PoC CVE-2020-6308
★ 0 5y agoExplain → -
Vulnerability ⑂
此项目将不定期从棱角社区对外进行公布一些最新漏洞。
★ 0 5y agoExplain → -
Poc-1 ⑂
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus
★ 0 5y agoExplain → -
CVE-2021-21975 ⑂
No description.
★ 0 5y agoExplain → -
vcenter_fileread_exploit ⑂
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read
★ 0 4y agoExplain → -
Zeratool ⑂
Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems
★ 0 4y agoExplain → -
CVE-2019-11043 ⑂
(PoC) Python version of CVE-2019-11043 exploit by neex
★ 0 6y agoExplain → -
Proxy-Attackchain ⑂
proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool
★ 0 4y agoExplain → -
Log4j2-CVE-2021-44228 ⑂
Remote Code Injection In Log4j
★ 0 4y agoExplain → -
apache_log4j_poc ⑂
apache log4j poc—— base Maven
★ 0 4y agoExplain → -
log4j-rce ⑂
No description.
★ 0 4y agoExplain → -
web-app-hacker-s-handbook-notes ⑂
My nots from Web application Hacker's Handbook
★ 0 4y agoExplain → -
exploits ⑂
exploits and proof-of-concept vulnerability demonstration files from the team at Hacker House
★ 0 4y agoExplain → -
SONiC ⑂
Landing page for Software for Open Networking in the Cloud (SONiC) - http://azure.github.io/SONiC/
★ 0 4y agoExplain → -
CVE-2021-2395 ⑂
No description.
★ 0 5y agoExplain → -
rsacrack ⑂
A toolbox for extracting RSA private keys from public keys.
★ 0 4y agoExplain → -
albatar ⑂
Albatar is a SQLi exploitation framework in Python
★ 0 5y agoExplain → -
RsaCtfTool ⑂
RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
★ 0 4y agoExplain → -
shad0w ⑂
A post exploitation framework designed to operate covertly on heavily monitored environments
★ 0 4y agoExplain → -
Limelighter ⑂
A tool for generating fake code signing certificates or signing real ones
★ 0 5y agoExplain → -
ghostinthepdf ⑂
No description.
★ 0 4y agoExplain → -
Covenant ⑂
Covenant is a collaborative .NET C2 framework for red teamers.
★ 0 4y agoExplain → -
citrix_adc_netscaler_lfi ⑂
This Metasploit-Framework module can be use to help companies to check the last Citrix vulnerability CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 (disclosed July 08, 2020).
★ 0 6y agoExplain → -
SerializedPayloadGenerator ⑂
No description.
★ 0 5y agoExplain → -
Mind-Maps ⑂
Mind-Maps of Several Things
★ 0 4y agoExplain →
No repos match these filters.