Trending repositories for topic poc

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

漏洞文库 wiki.wy876.cn

✍️ A curated list of CVE PoCs.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

一个漏洞POC知识库 目前数量 1000+

Python ProxyPool for web spider

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

Stop Learning, Start Hacking

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Python ProxyPool for web spider

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

Stop Learning, Start Hacking

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

漏洞文库 wiki.wy876.cn

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

Gather and update all available and newest CVEs with their PoC.

✍️ A curated list of CVE PoCs.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...

一个漏洞POC知识库 目前数量 1000+

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

Python ProxyPool for web spider

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

一个漏洞POC知识库 目前数量 1000+

Gather and update all available and newest CVEs with their PoC.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A Security Tool for Bug Bounty, Pentest and Red Teaming.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

漏洞文库 wiki.wy876.cn

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke...

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

✍️ A curated list of CVE PoCs.

Python ProxyPool for web spider

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

This repository is a tool to create a .suo that when run by visual studio's will achieve code execution

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

漏洞文库 wiki.wy876.cn

POC: download documents from doc88.com as images and convert them to searchable PDFs

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

Stop Learning, Start Hacking

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

Functional enhancement based on nuclei

fastjson漏洞批量检测工具

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

一个漏洞POC知识库 目前数量 1000+

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Proofs-of-concept

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Python ProxyPool for web spider

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

一个漏洞POC知识库 目前数量 1000+

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

这是一个基于深度学习技术的项目，生成虚拟人物的照片，这些照片看似真实但实际上是不存在的人物。代码实现了生成对抗网络（GAN）的模型，能够创建逼真的人脸图像。

A Security Tool for Bug Bounty, Pentest and Red Teaming.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Python ProxyPool for web spider

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke...

Gather and update all available and newest CVEs with their PoC.

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

POC - CVE-2024–10914- Command Injection Vulnerability in `name` parameter for D-Link NAS

漏洞文库 wiki.wy876.cn

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

✍️ A curated list of CVE PoCs.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

POC - CVE-2024–10914- Command Injection Vulnerability in `name` parameter for D-Link NAS

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.

漏洞文库 wiki.wy876.cn

POC: download documents from doc88.com as images and convert them to searchable PDFs

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Template introduction, check out: https://www.strangebuzz.com/en/blog/introducing-the-microsymfony-application-template

Juniper Firewalls CVE-2023-36845 - RCE

A PoC exploit for CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

WIP PoC for license emulation in Oreans products

Stop Learning, Start Hacking

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Functional enhancement based on nuclei

Proof-of-Concept for CVE-2024-46538

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

漏洞文库 wiki.wy876.cn

Small & Fast Vulnerability Scanner Engine based on XRAY YAML Rule | 基于 XRAY YAML 规则的超轻量快速漏洞扫描引擎 | 基于 ANTLR 实现语法分析和完整的 XRAY YAML 规则实现 | 简单的启动参数 | 包含多种反连可用 | 可执行文件体积仅 2 MB

MIRROR of the original 32-bit PoC for CVE-2024-6387 "regreSSHion" by 7etsuo/cve-2024-6387-poc

LightApi is a lightweight API framework designed for rapid development of RESTful APIs in Python. It provides a simple and intuitive interface for defining endpoints and handling HTTP requests without...

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

这是一个基于深度学习技术的项目，生成虚拟人物的照片，这些照片看似真实但实际上是不存在的人物。代码实现了生成对抗网络（GAN）的模型，能够创建逼真的人脸图像。

CVE-2024-32640 | Automated SQLi Exploitation PoC

Go ransomware utilising ChaCha20 and ECIES encryption.

Proof-of-Concept for CVE-2024-5932

Python ProxyPool for web spider

Proof-of-Concept for CVE-2024-46538

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

POC - CVE-2024–10914- Command Injection Vulnerability in `name` parameter for D-Link NAS

CRUSH aims to crawl historical vulnerability data from major platforms and monitor daily updates.

DSE & PG bypass via BYOVD attack

Download data from the internet bypassing the firewall using process injection

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4...

一个漏洞POC知识库 目前数量 1000+

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

A Security Tool for Bug Bounty, Pentest and Red Teaming.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Gather and update all available and newest CVEs with their PoC.

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Nuclei POC，每日更新 | 自动整合全网Nuclei的漏洞POC，实时同步更新最新POC，保存已被删除的POC。通过批量克隆Github项目，获取Nuclei POC，并将POC按类别分类存放，使用Github Action实现（已有14wPOC，已校验有效性并去重）

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cm...

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchan...

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

漏洞文库 wiki.wy876.cn

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke...

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

Tool to find CVEs and Exploits.

🎭 SBSCAN是一款专注于spring框架的渗透测试工具，可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive ...

Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。

Wscan is a web security scanner that focuses on web security, dedicated to making web security accessible to everyone.

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

漏洞文库 wiki.wy876.cn

Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)

Go ransomware utilising ChaCha20 and ECIES encryption.

LightApi is a lightweight API framework designed for rapid development of RESTful APIs in Python. It provides a simple and intuitive interface for defining endpoints and handling HTTP requests without...

CRUSH aims to crawl historical vulnerability data from major platforms and monitor daily updates.

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1300多个poc/exp，长期更新。

MIRROR of the original 32-bit PoC for CVE-2024-6387 "regreSSHion" by 7etsuo/cve-2024-6387-poc

DSE & PG bypass via BYOVD attack

Proof-of-Concept for CVE-2024-46538

本项目通过大模型联动爬虫，检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目，并自动识别项目的目录结构、Readme信息后进行总结分析并分类，所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

CVE-2024-28955 Exploitation PoC

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

A Service Mesh proof of concept where we compare three prominent Cloud Native products

This is a script written in Python that allows the exploitation of the Metabase's software security flaw described in CVE-2023-38646.

渗透测试工具包 | 开源安全测试工具 | 网络安全工具

Download data from the internet bypassing the firewall using process injection

CVE-2024-32640 | Automated SQLi Exploitation PoC

Template introduction, check out: https://www.strangebuzz.com/en/blog/introducing-the-microsymfony-application-template