Trending repositories for topic exploit
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
List of free GPTs that doesn't require plus subscription
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
A collection of hacking / penetration testing resources to make you better!
Kscan是一款纯go开发的全方位扫描器,具备端口扫描、协议检测、指纹识别,暴力破解等功能。支持协议1200+,协议指纹10000+,应用指纹20000+,暴力破解协议10余种。
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
👓A collection of papers/tools/exploits for UEFI security.
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
👓A collection of papers/tools/exploits for UEFI security.
1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
List of free GPTs that doesn't require plus subscription
Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture...
SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
List of free GPTs that doesn't require plus subscription
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
Roblox Synapse Executor is a top-tier script execution tool for Roblox, valued for its advanced features and stability, enabling seamless Lua scripting for game modifications and customization.
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
A collection of hacking / penetration testing resources to make you better!
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Roblox Synapse Executor is a top-tier script execution tool for Roblox, valued for its advanced features and stability, enabling seamless Lua scripting for game modifications and customization.
ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achie...
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
👓A collection of papers/tools/exploits for UEFI security.
This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.
Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
This is a list of Discord console scripts, bugs and exploits.
vMass Bot :hook: Vulnerability Scanner & Auto Exploiter Tool Written in Perl.
SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.
Roblox Synapse Executor is a top-tier script execution tool for Roblox, valued for its advanced features and stability, enabling seamless Lua scripting for game modifications and customization.
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
List of free GPTs that doesn't require plus subscription
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
A collection of hacking / penetration testing resources to make you better!
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke...
Roblox Synapse Executor is a top-tier script execution tool for Roblox, valued for its advanced features and stability, enabling seamless Lua scripting for game modifications and customization.
ChainReactor is a research project that leverages AI planning to discover exploitation chains for privilege escalation on Unix systems. The project models the problem as a sequence of actions to achie...
Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution
HACK ANY Windows, Linux , Android, iOS, Unix, device EASILY WITH THIS PRIVATE SILENT JPG EXPLOIT.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
AttackMate is an attack orchestration tool that executes full attack-chains based on playbooks.
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
mapAccountHijack is a tool designed to carry out a MAP Account hijack attack, which exploits the Message Access Profile (MAP) in Bluetooth Classic, enables the theft of MFA and OTPs leading to the suc...
1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI
👓A collection of papers/tools/exploits for UEFI security.
CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.
This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer
Octoscan is a static vulnerability scanner for GitHub action workflows.
CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4
Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...
This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
List of free GPTs that doesn't require plus subscription
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
A collection of hacking / penetration testing resources to make you better!
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side
Uncover the true IP address of websites safeguarded by Cloudflare & Others
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现(已有14wPOC,已校验有效性并去重)
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...
"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to l...
BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...
This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer
Octoscan is a static vulnerability scanner for GitHub action workflows.
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...
This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.
"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to l...
PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)
CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4
PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)
HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
the hacker sends a binary SMS to the target's phone. The SMS contains a special payload executed by the operating system of the phone's SIM card