Trending repositories for topic exploit

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

CTF竞赛权威指南

A collection of links related to Linux kernel security and exploitation

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

Cyber Security ALL-IN-ONE Platform

A collection of hacking / penetration testing resources to make you better!

Gather and update all available and newest CVEs with their PoC.

CTF framework and exploit development library

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Android RAT with web panel and undetectable App

A chronological and (hopefully) complete list of reentrancy attacks to date.

Tool to find CVEs and Exploits.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Cwelium is our official Discord Raider | a Discord raider with various features Its ALWAYS UpToDate 100% SAFE

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.

Firmware patcher for Xiaomi routers

Tool to find CVEs and Exploits.

Android RAT with web panel and undetectable App

Uncover the true IP address of websites safeguarded by Cloudflare & Others

DDOS Archive by RootSec (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

🔓A curated list of modern Android exploitation conference talks.

Kubernetes Attack Graph

漏洞批量验证框架

80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.

A chronological and (hopefully) complete list of reentrancy attacks to date.

A Virtual environment for Pentesting IoT Devices

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

A collection of JavaScript Codes I've made to enhance the User Experience of Discord and some other Discord related stuff

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

CTF framework and exploit development library

Cyber Security ALL-IN-ONE Platform

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

A collection of hacking / penetration testing resources to make you better!

Gather and update all available and newest CVEs with their PoC.

CTF竞赛权威指南

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

各种CMS、各种平台、各种系统、各种软件漏洞的EXP、POC ,该项目将持续更新

A collection of links related to Linux kernel security and exploitation

Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

漏洞批量验证框架

Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Cwelium is our official Discord Raider | a Discord raider with various features Its ALWAYS UpToDate 100% SAFE

CVE-2024-32640 | Automated SQLi Exploitation PoC

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

Firmware patcher for Xiaomi routers

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

exploit for cve-2023-47246 SysAid RCE (shell upload)

This repo contains IOC, malware and malware analysis associated with Public cloud

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Tool to find CVEs and Exploits.

1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI

Write-ups for various CTF

Using CVE-2023-21768 to manual map kernel mode driver

漏洞批量验证框架

Proof of Concept (PoC) CVE-2021-4034

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Android RAT with web panel and undetectable App

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )

CVE-2024-32640 | Automated SQLi Exploitation PoC

1xbet thimble minigame HackBot [Exploit] *not patched yet* 🤖

1xbet thimble minigame HackBot [Exploit] *not patched yet* 🤖

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

A collection of hacking / penetration testing resources to make you better!

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Cyber Security ALL-IN-ONE Platform

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Gather and update all available and newest CVEs with their PoC.

CTF竞赛权威指南

CTF framework and exploit development library

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

A collection of links related to Linux kernel security and exploitation

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

一个攻防知识仓库 Red Teaming and Offensive Security

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

CVE-2024-32640 | Automated SQLi Exploitation PoC

Cwelium is our official Discord Raider | a Discord raider with various features Its ALWAYS UpToDate 100% SAFE

1000+ UNRESTRICTED unblockers, games, cheats, exploits, bookmarklets, and AI

A collection of awesome GitHub repositories for hackers, pentesters & security researchers. ADDING MORE REPOs SOON.

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.

it content free resources including courses that help you to learn ethical hacking for beginners to advanced

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

XNU Image Fuzzer - iOS App for Fuzzing Images with Objective-C Code covering 12 CGCreateBitmap & CGColorSpace Functions working with Raw Data and String Injection.

Apache Tomcat exploit and Pentesting guide for penetration tester

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

All social Media hacking with information gathering

exploit for cve-2023-47246 SysAid RCE (shell upload)

Firmware patcher for Xiaomi routers

All about DDoS attacks, exploits, botnets and some proxies =)

Proof of Concept (PoC) CVE-2021-4034

Android RAT with web panel and undetectable App

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Uncover the true IP address of websites safeguarded by Cloudflare & Others

CVE-2023-38831 winrar exploit generator

The useful exploit finder

"Randar" is an exploit for Minecraft which uses LLL lattice reduction to crack the internal state of an incorrectly reused java.util.Random in the Minecraft server, then works backwards from that to l...

The Panthera(P.)uncia of Cybersecurity - Official CLI utility for Subdomain Center & Exploit Observer.

Crashes iOS 17 Devices using a really any device

🔓A curated list of modern Android exploitation conference talks.

SeaShell Framework is an iOS post-exploitation framework that enables you to access the device remotely, control it and extract sensitive information.

Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks

Microsoft SharePoint Server Elevation of Privilege Vulnerability

exploit for f5-big-ip RCE cve-2023-46747

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Docker Remote API Scanner and Exploit

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

CVE-2023-22515: Confluence Broken Access Control Exploit

An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23

Persistent Powershell backdoor tool {😈}

Bypass 403 pages

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artif...

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

A collection of hacking / penetration testing resources to make you better!

CTF framework and exploit development library

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

一个攻防知识仓库 Red Teaming and Offensive Security

Gather and update all available and newest CVEs with their PoC.

Uncover the true IP address of websites safeguarded by Cloudflare & Others

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

Cyber Security ALL-IN-ONE Platform

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

Kscan是一款纯go开发的全方位扫描器，具备端口扫描、协议检测、指纹识别，暴力破解等功能。支持协议1200+，协议指纹10000+，应用指纹20000+，暴力破解协议10余种。

A Simple android remote administration tool using sockets. It uses java on the client side and python on the server side

CVE-2023-38831 winrar exploit generator

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

The useful exploit finder

The useful exploit finder

CVE-2023-38831 winrar exploit generator

Crashes iOS 17 Devices using a really any device

Dump read-out protected STM32F1's with a Pi Pico - A Pi Pico implementation of @JohannesObermaier's, Marc Schink's and Kosma Moczek's Glitch and FPB attack to bypass RDP (read-out protection) level 1 ...

Microsoft SharePoint Server Elevation of Privilege Vulnerability

🔓A curated list of modern Android exploitation conference talks.

Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks

exploit for f5-big-ip RCE cve-2023-46747

WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target ser...

Docker Remote API Scanner and Exploit

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability research...

A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.

A modular exploitation framework extensible with Lua

历史漏洞的细节以及利用方法汇总收集

CVE-2023-22515: Confluence Broken Access Control Exploit

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

The only working securly disabler.

An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23

exploit for cve-2023-47246 SysAid RCE (shell upload)