Trending repositories for topic exploit

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

List of free GPTs that doesn't require plus subscription

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Firmware patcher for Xiaomi routers

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

CTF framework and exploit development library

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

A collection of hacking / penetration testing resources to make you better!

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

A chronological and (hopefully) complete list of reentrancy attacks to date.

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

AndroRAT | Remote Administrator Tool for Android OS Hacking

-------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices

Advanced vulnerability scanning with Nmap NSE

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution

Firmware patcher for Xiaomi routers

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

Octoscan is a static vulnerability scanner for GitHub action workflows.

Nacos 综合利用工具

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

👓A collection of papers/tools/exploits for UEFI security.

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting informat...

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A curated list of exploits for ChromeOS

Android Penetration Tool [ RAT for Android ]

一款用于JNDI注入利用的工具，大量参考/引用了Rogue JNDI项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。

AndroRAT | Remote Administrator Tool for Android OS Hacking

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

List of free GPTs that doesn't require plus subscription

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Firmware patcher for Xiaomi routers

CTF framework and exploit development library

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Cyber Security ALL-IN-ONE Platform

A collection of hacking / penetration testing resources to make you better!

Gather and update all available and newest CVEs with their PoC.

CTF竞赛权威指南

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

-------> RAFEL<------ Android Rat Written in Java With WebPanel For Controlling Victims...Hack Android Devices

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution

CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.

1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI

Firmware patcher for Xiaomi routers

历史漏洞的细节以及利用方法汇总收集

the hacker sends a binary SMS to the target's phone. The SMS contains a special payload executed by the operating system of the phone's SIM card

Nacos 综合利用工具

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

FastVulnVerify is an advanced Python tool developed to quickly identify common vulnerabilities encountered during penetration testing and vulnerability verification processes.

Bypassing windows uac, however its an old approach/method but its still unpatched ¯\_(ツ)_/¯

Octoscan is a static vulnerability scanner for GitHub action workflows.

All social Media hacking with information gathering

This repository contains some resources for ethical hackers penetration tester 😊 This may contain some files, tools, books, and links that need to be used for good purposes only. Do not do any illega...

1xbet thimble minigame HackBot [Exploit] *not patched yet* 🤖

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

The best Duolingo hack ever.

MikrotikSploit is a script that searches for and exploits Mikrotik network vulnerabilities

Proof-of-Concept for CVE-2024-46538

CLI tool to scan URLs for suspicious keywords, extensions, paths, and hidden files.

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

List of free GPTs that doesn't require plus subscription

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A collection of hacking / penetration testing resources to make you better!

Cyber Security ALL-IN-ONE Platform

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

CTF framework and exploit development library

Firmware patcher for Xiaomi routers

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

一个攻防知识仓库 Red Teaming and Offensive Security

Windows Exploit Suggester - Next Generation

Proof-of-Concept for CVE-2024-46538

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Kernel Level NMI Callback Blocker

Nacos 综合利用工具

An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.

Exploiting the xmlrpc.php

This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.

1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI

Unauthenticated Remote Code Execution via Angular-Base64-Upload Library

1xbet thimble minigame HackBot [Exploit] *not patched yet* 🤖

Firmware patcher for Xiaomi routers

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

Autorun pppwn exploit PS4

the hacker sends a binary SMS to the target's phone. The SMS contains a special payload executed by the operating system of the phone's SIM card

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

This repository contains some resources for ethical hackers penetration tester 😊 This may contain some files, tools, books, and links that need to be used for good purposes only. Do not do any illega...

Octoscan is a static vulnerability scanner for GitHub action workflows.

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)

List of free GPTs that doesn't require plus subscription

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

The useful exploit finder

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有11wPOC，已校验有效性并去重）

CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

Nacos 综合利用工具

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

Octoscan is a static vulnerability scanner for GitHub action workflows.

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

Persistent Powershell backdoor tool {😈}

历史漏洞的细节以及利用方法汇总收集

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.

Xeno: An external script executor for Roblox made entirely in C++. It uses a working but detected method of overwriting the bytecode of a corescript to manage script execution

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

List of free GPTs that doesn't require plus subscription

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Uncover the true IP address of websites safeguarded by Cloudflare & Others

A collection of hacking / penetration testing resources to make you better!

CTF framework and exploit development library

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Cyber Security ALL-IN-ONE Platform

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Gather and update all available and newest CVEs with their PoC.

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

The useful exploit finder

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

一个攻防知识仓库 Red Teaming and Offensive Security

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to l...

Uncover the true IP address of websites safeguarded by Cloudflare & Others

The useful exploit finder

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out. A powerful Browser Stealer

CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH

Octoscan is a static vulnerability scanner for GitHub action workflows.

This repo contains IOC, malware and malware analysis associated with Public cloud

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

This is my EAC Bypass (Setup) Driver that offers an undetected communication and callback handler/hooking system through IOCTL.

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

历史漏洞的细节以及利用方法汇总收集

This is a exploit with the capability to control ip camera movement even without a username and password.

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to l...

PoC - Authenticated Remote Code Execution in VMware vCenter Server (Exploit)

Proof-of-Concept for CVE-2024-46538

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

Firmware patcher for Xiaomi routers

Tool for automate bug hunting process 🔍 --> 🍭

This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.

Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution