Oracle WebLogic Server could allow a remote malicious user to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Weblogic Server | 10.3.6.0.0, 12.1.3.0.0 |
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
Vulmon
msf > use exploit/multi/misc/weblogic_deserialize_asyncresponseservice
msf exploit(weblogic_deserialize_asyncresponseservice) > show targets
...targets...
msf exploit(weblogic_deserialize_asyncresponseservice) > set TARGET < target-id >
msf exploit(weblogic_deserialize_asyncresponseservice) > show options
...show and set options...
msf exploit(weblogic_deserialize_asyncresponseservice) > exploitCVE-2019-2725 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) 命令回显 1036 1213 ResultBaseExecjava 用于测试defineClass,将把恶意类从base64还原出来,执行代码,主要是比较方便(可用可不用)。 JDK7u21java 会生成weblogic-2019-2725_1213命令执行txt中的xml,请使用jdk6编译。 CVE-2019-2725py 检测命令是否会
CVE-2019-2725-pocsuite CVE-2019-2725 The exploit script Reference pocsuite
cve-2019-2725 References: Tenable - wwwtenablecom/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725 Exploit Database - wwwexploit-dbcom/exploits/46780 PaloAlto - unit42paloaltonetworkscom/muhstik-botnet-exploits-the-latest-weblogic-vulnerability-for-cryptomining-and-ddos-attacks/ SISSDEN - si
CVE-2019-2725
CVE-2019-2725 from secquanorg first launch
CVE-2019-2725 weblogic命令回显+webshell上传 免责声明:本工具仅供安全测试学习用途,禁止非法使用 weblogic命令回显+webshell上传 脚本简介: 本脚本是基于weblogic 1036和1213版本进行测试,并用python3编写。 1036使用的jdk7u21的payload 1213使用的orgslf4jextEventData类二次反序列化 py依赖的第三方库 req
CVE-2019-2725 bypass tips coded in python3,payloadhere that payload only work in jdk6 exp usage: usage:exppy 127001:8080 whoami poc after edit the iptxt,programe will check the ip in iptxt,testing if the vulnerability exist or not :
POC-EXP 本脚本针对CVE-2019-2725weblogic 反序列化RCE漏洞,使用前请修改VPS监听地址,并在运行时提交特定的URL即可完成测试 测试地址为:192168209134:49163/_async/AsyncResponseService 修改payload参数中的监听地址和端口后: #python CVE-2019-2725py 运行后输入ip:端口号/_async/AsyncResponseService
CVE-2019-2725 WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
cve-2019-2725 References: Tenable - wwwtenablecom/blog/oracle-weblogic-affected-by-unauthenticated-remote-code-execution-vulnerability-cve-2019-2725 Exploit Database - wwwexploit-dbcom/exploits/46780 PaloAlto - unit42paloaltonetworkscom/muhstik-botnet-exploits-the-latest-weblogic-vulnerability-for-cryptomining-and-ddos-attacks/ SISSDEN - si
python3运行 1检测目标放在iptxt文件下,格式:192168118:7001 2直接运行脚本,存在漏洞的结果保存在oktxt文件中
CVE-2019-2725 weblogic命令回显+webshell上传 免责声明:本工具仅供安全测试学习用途,禁止非法使用 weblogic命令回显+webshell上传 脚本简介: 本脚本是基于weblogic 1036和1213版本进行测试,并用python3编写。 1036使用的jdk7u21的payload 1213使用的orgslf4jextEventData类二次反序列化 py依赖的第三方库 req
SECTOOLS 1个人安全工具开发学习,语言不限 2主要为图形化工具 -QAQ- 1weblogic cve-2019-2725漏洞检测 2s2_045测试 3zoomeye查询,不消耗api ## 4一键子域名查询,subdomain 5源代码泄漏批量检测
CNTA-2019-0014-CVE-2019-2725 免责声明:本工具仅供安全测试学习用途,禁止非法使用 Usage:python3 weblogic_rcepy [url] [command] [is echo?] [win or linux] 具体分析请转:icematchawin/?p=1174
CNVD-C-2019-48814、CVE-2019-2725 Weblogic _async remote command execution exp The main code is based on js implementation Linux Payload uses Jason, Windows Payload is modified 10271, javalangRuntime is executed Environmental needs All versions of Windows Usage cve2019-2725_weblogic_rcebat 192168315:7001 "cat /etc/passwd" Vulnerability informat
No description, website, or topics provided.
weblogic CVE-2019-2725 CVE-2019-2729 POC 执行命令并回显 usage: 单个目标 python3 weblogic_get_webshellpy url 批量目标,将批量url放入url_listtxt python3 weblogic_get_webshellpy all
Weblogic漏洞扫描工具
CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: wwworaclecom/technetwork/security-advisory/alert-cve-2019-2725-5466295html 漏洞复现: 101020166:7001/_async/AsyncResponseService curl -i 101020166:7001/_async/faviconico CNVD-C-2019-48814 Video python CNVD-C-2019-48814py -u
sectoolset -- Github安全相关工具集合 主要内容: 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具(POC,EXP) 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河*蟹 近期
weblogic_test A utility to test Oracle WebLogic issues including CVE-2017-10217, CVE-2019-2725, and CVE-2019-2725 (bypass) Todo: Add CVE-2018-2628 usage: wlg_testpy 127001:7001
CNVD-C-2019-48814 work on linux and windows(CVE-2019-2725) WebLogic wls9-async反序列化远程命令执行漏漏洞 说明 It's does't work when weblogic patched for cve-2017-10271 10360 12130 基于jas502n的脚本修改而成 使用 python async_command_favicon_allpy 127001:7001 漏洞复现 1 Windows Server 2012 servers/AdminServer/tmp/_
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
CNVD-C-2019-48814和CNNVD-201904-961 感谢t00ls-ximcx0101提供脚本 CNVD-C-2019-48814 POC Summary 相关链接如下: 清水川崎大佬的简书: wwwjianshucom/p/c4982a845f55 安全祖师爷转发: dwzcn/2GQvbUae 由于环境的一些因素路径会存在变化: 默认上传路径为: servers/AdminServer/tmp/_WL_internal/bea_wls9_async_response/8tpkys/war
Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit tangxiaofeng7 committed 3a4df0c 3 minutes ago Update README.md Git stats 6 commits 1 branch 2 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 3 minutes ago View code README.md 绿帽子群出品 V2.0 增加批量检测漏洞功能 去除登陆密码框 V1.0 weblogic administrator 控制台路径泄漏漏洞 弱口令 WebLogic, weblogic, Oracle@123, password, system, Administrator, admin CVE-2014-4210 Weblogic SSRF漏洞: 影响版本 : 10.0.2,10.3.6 http://127.0.0.1:7001/uddiexplorer/SearchPublicRegistries.jsp CVE-2017-3506&CVE-2017-10271 XMLDecoder 反序列化漏洞: 影响版本 : 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 CVE-2018-2894 任意文件上传 影响版本:10.3.6.0,12.1.3.0,12.2.1.2,12.2.1.3 CVE-2019-2725 wls9-async反序列化漏洞 影响版本:10.3.6.0, 12.1.3.0 About No description, website, or topics provided. Resources Readme Releases 2 2.0 Latest 2 minutes ago + 1 release
some_pocsuite 本项目是用于企业内部进行漏洞排查与验证的的pocsuite验证POC代码(Pocsuite是知道创宇安全团队的开源漏洞测试框架);参考了网上的开源代码并进行了修改。 插件代码编写 使用Pocsuite 漏洞测试框架,插件编写请参考 Pocsuite 项目插件编写要求;陆续扩充中 PoC 编写规范及要求
Source Code Obfuscation And Binary Obfuscation, Multiple Languages And Multiple Platforms. Including 250+ Tools and 600+ Posts
Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We
master 2 branches 3 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit pandasec888 Update README.md … fc4b5f2 4 minutes ago Update README.md fc4b5f2 Git stats 82 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time img Add files via upload 14 days ago modules Add files via upload 14 days ago script Add files via upload 14 days ago Main.cna Add files via upload 14 days ago README.md Update README.md 4 minutes ago View code README.md 梼杌 仅供交流与学习使用,请勿用于非法用途! 适用于cobalt strike3.x与cobalt strike4.x的插件 插件里面利用到的exp均为网上搜集,不保证安全问题,请务必自主进行相关安全审查! English-version 感谢vcarus提供英文翻译支持 Thanks to vcarus for English translation support 功能简介 贡献者 vcarus 参考 https://github.com/DeEpinGh0st/Erebus https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts https://github.com/0x09AL/RdpThief https://github.com/uknowsec/sharptoolsaggressor https://github.com/lengjibo/RedTeamTools/tree/master/windows/Cobalt%20Strike 如有遗漏,请见谅。 更新3.1(2020.7.28) 1.信息收集模块增加杀软对比(对uknowsec师傅的SharpAVKB稍作修改,与Vulkey_Chen师傅的avList结合,添加了大约400个左右的AV进程检测。 2.漏洞检测模块增加CISCO ASA(CVE-2020-3452)、weblogic(CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2017-10271,CVE-2018-2628,CVE-2018-2893,CVE-2019-2725) 3.获取凭证模块增加RcoIl师傅的SharpDecryptPwd现在共有两个SharpDecryptPwd 4.权限提升模块增加dazzleUP 5.娱乐模块增加录音(扬声器、麦克风)、开启摄像头拍照功能 更新3.0(2020.7.14) 1.增加“权限提升”“横向移动”模块 2.优化部分功能的执行方式 3.增加端口转发等功能 公告 1.梼杌本身是一个原创加学习结合的项目,一开始就具备了包容的属性,感谢github具有分享精神的大佬开源了这么多优秀的代码,站在巨人的肩膀上总是能看见更大的世界。 2.为了更好的维护该项目,现邀请对此项目感兴趣的所有人共同参与维护开发,项目维护开发不限功能不限技术水平,即使只是输出一个whoami。参与维护的大佬可以直接将代码提交至github或者发送到邮箱taowuopen@protonmail.com。 3.参与维护开发的大佬请在邮件中注明自己的ID与github或是博客地址,以上内容将永久附在github项目页面以及梼杌关于模块一栏。 4.因为各种原因,在项目维护开发中会产生一些不公开的版本,后面会统一为参与维护开发的作者提供梼杌不公开版本。 About No description, website, or topics provided. Resources Readme Releases 3 梼杌3.0 Latest 14 days ago + 2 releases Languages PowerShell 100.0%
weblogic_httppy--CVE-2014-4210,CVE-2017-3506,CVE-2017-10271,CVE-2019-2725 weblogic_t3py--CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2018-2628,CVE-2018-2893
软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogic批量检测工具的小朋友举起你的爪爪!】 PS: 综上:V2*系列不是V1*
WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR
软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V22简介: 提供weblogic批量检测功能,收录几乎全部weblogic历史漏洞。 【没有遇到过weblogic批量检测工具的小朋友举起你的爪爪!】 PS: 综上:V2*系列不是V1*
WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR
WeblogicScan Weblogic一键漏洞检测工具,V13 软件作者:Tide_RabbitMask 免责声明:Pia!(o ‵-′)ノ”(ノ﹏<。) 本工具仅用于安全测试,请勿用于非法使用,要乖哦~ V 13功能介绍: 提供一键poc检测,收录几乎全部weblogic历史漏洞。 详情如下: #控制台路径泄露 Console #SSR
master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit darkcatdark Update README.md … 3aefdcd 8 minutes ago Update README.md 3aefdcd Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 8 minutes ago View code README.md Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Lateral Movement / POST Exploitation / Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner Crawler Web Exploitation Tools Windows Privilege Escalation / Audit T3 Enumeration Linux Privilege Escalation / Audit Credential harvesting Windows Specific Credential harvesting Linux Specific Data Exfiltration - DNS/ICMP/Wifi Exfiltration Git Specific Reverse Engineering / decompiler Forensics Network Attacks Specific MITM service Exploitation Sniffing / Evaluation / Filtering Scanner / Exploitation-Frameworks / Automation Default Credential Scanner Payload Generation / AV-Evasion / Malware Creation Domain Finding / Subdomain Enumeration Scanner network level Email Gathering Domain Auth + Exploitation Network service - Login Brute Force + Wordlist attacks Command & Control Frameworks Wifi Tools Raspberri PI Exploitation Social Engeneering Wordlists / Wordlist generators Obfuscation Source Code Analysis No category yet Industrial Control Systems NAC bypass JMX Exploitation And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art. STRG+F searches are helpful here. Windows Active Directory Pentest General usefull Powershell Scripts https://github.com/S3cur3Th1sSh1t/WinPwn - https://github.com/dafthack/MailSniper https://github.com/putterpanda/mimikittenz https://github.com/dafthack/DomainPasswordSpray https://github.com/mdavis332/DomainPasswordSpray - same but kerberos auth for more stealth and lockout-sleep https://github.com/jnqpblc/SharpSpray - domainpasswordspray executable with lockout-sleep https://github.com/Arvanaghi/SessionGopher https://github.com/samratashok/nishang https://github.com/PowerShellMafia/PowerSploit https://github.com/fdiskyou/PowerOPS https://github.com/giMini/PowerMemory https://github.com/Kevin-Robertson/Inveigh https://github.com/MichaelGrafnetter/DSInternals https://github.com/PowerShellEmpire/PowerTools https://github.com/FuzzySecurity/PowerShell-Suite https://github.com/hlldz/Invoke-Phant0m https://github.com/leoloobeek/LAPSToolkit https://github.com/sense-of-security/ADRecon https://github.com/Arno0x/PowerShellScripts https://github.com/S3cur3Th1sSh1t/Grouper https://github.com/l0ss/Grouper2 https://github.com/NetSPI/PowerShell https://github.com/NetSPI/PowerUpSQL https://github.com/GhostPack - Various Powersploit Tasks in C# https://github.com/Kevin-Robertson/Powermad - Adidns Attacks AMSI Bypass restriction Bypass https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell https://github.com/p3nt4/PowerShdll https://github.com/jaredhaight/PSAttack https://github.com/Cn33liz/p0wnedShell https://github.com/cobbr/InsecurePowerShell https://github.com/Mr-Un1k0d3r/PowerLessShell https://github.com/bitsadmin/nopowershell C# Powershell https://github.com/OmerYa/Invisi-Shell https://github.com/Hackplayers/Salsa-tools - Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched https://github.com/padovah4ck/PSByPassCLM - Constrained language mode bypass https://github.com/rasta-mouse/AmsiScanBufferBypass https://github.com/itm4n/VBA-RunPE - Applocker Bypass https://github.com/cfalta/PowerShellArmoury Backdoor finder https://github.com/linuz/Sticky-Keys-Slayer https://github.com/ztgrace/sticky_keys_hunter https://github.com/countercept/doublepulsar-detection-script Lateral Movement , POST Exploitation , Pivot https://github.com/0xthirteen/SharpRDP https://github.com/byt3bl33d3r/CrackMapExec https://github.com/nccgroup/WMIcmd https://github.com/byt3bl33d3r/DeathStar - Automate Getting Dom-Adm https://github.com/0x36/VPNPivot https://github.com/securesocketfunneling/ssf https://github.com/p3nt4/Invoke-SocksProxy https://github.com/sensepost/reGeorg - Webshell tunnel over socks proxy - pentesters dream https://github.com/nccgroup/ABPTTS TCP tunneling over HTTP/HTTPS for web application servers like reGeorg https://github.com/SpiderLabs/portia - automated lateral movement https://github.com/Screetsec/Vegile - backdoor / rootkit https://github.com/DanMcInerney/icebreaker - automation for various mitm attacks + vulns https://github.com/MooseDojo/apt2 - automated penetration toolkit https://github.com/hdm/nextnet - Netbios Network interface Enumeration (discovery of dual homed hosts) https://github.com/nettitude/Invoke-PowerThIEf - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived. https://github.com/trustedsec/egressbuster - check for internet access over open ports / egress filtering https://github.com/emilyanncr/Windows-Post-Exploitation https://github.com/vincentcox/bypass-firewalls-by-DNS-history https://github.com/mubix/post-exploitation https://github.com/ThunderGunExpress/BADministration - McAfee Epo or Solarwinds post exploitation https://github.com/Hackplayers/evil-winrm https://github.com/RedTeamOperations/PivotSuite https://github.com/dirkjanm/krbrelayx - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks https://github.com/Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command https://github.com/rvazarkar/GMSAPasswordReader - AD Bloodhound 3.0 Path https://github.com/fdiskyou/hunter Active Directory Audit and exploit tools https://github.com/mwrlabs/SharpGPOAbuse https://github.com/BloodHoundAD/BloodHound https://github.com/hausec/Bloodhound-Custom-Queries https://github.com/vletoux/pingcastle https://github.com/cyberark/ACLight https://github.com/canix1/ADACLScanner https://github.com/fox-it/Invoke-ACLPwn https://github.com/fox-it/aclpwn.py - same as invoke-aclpwn but in python Persistence on windows https://github.com/fireeye/SharPersist Web Application Pentest Framework Discovery https://github.com/Tuhinshubhra/CMSeeK https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner https://github.com/wpscanteam/wpscan https://github.com/Ekultek/WhatWaf Framework Scanner / Exploitation https://github.com/wpscanteam/wpscan - wordpress https://github.com/n00py/WPForce https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan https://github.com/rastating/wordpress-exploit-framework https://github.com/coldfusion39/domi-owned - lotus domino https://github.com/droope/droopescan - Drupal https://github.com/whoot/Typo-Enumerator - Typo3 https://github.com/rezasp/joomscan - Joomla Web Vulnerability Scanner / Burp Plugins https://github.com/m4ll0k/WAScan - all in one scanner https://github.com/s0md3v/XSStrike - XSS discovery https://github.com/federicodotta/Java-Deserialization-Scanner https://github.com/d3vilbug/HackBar https://github.com/gyoisamurai/GyoiThon https://github.com/snoopysecurity/awesome-burp-extensions Network- / Service-level Vulnerability Scanner https://github.com/scipag/vulscan https://github.com/zdresearch/OWASP-Nettacker File / Directory / Parameter discovery https://github.com/OJ/gobuster https://github.com/nccgroup/dirble https://github.com/maK-/parameth https://github.com/s0md3v/Arjun - https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files https://github.com/hannob/snallygaster https://github.com/maurosoria/dirsearch https://github.com/s0md3v/Breacher - Admin Panel Finder https://github.com/mazen160/server-status_PWN Crawler https://github.com/s0md3v/Photon - https://github.com/kgretzky/dcrawl Web Exploitation Tools https://github.com/OsandaMalith/LFiFreak - lfi https://github.com/enjoiz/XXEinjector - xxe https://github.com/tennc/webshell - shellz https://github.com/flozz/p0wny-shell https://github.com/epinna/tplmap - ssti https://github.com/orf/xcat - xpath injection https://github.com/almandin/fuxploider - File Uploads https://github.com/nccgroup/freddy - deserialization https://github.com/irsdl/IIS-ShortName-Scanner - IIS Short Filename Vuln. exploitation https://github.com/frohoff/ysoserial - Deserialize Java Exploitation https://github.com/pwntester/ysoserial.net - Deserialize .NET Exploitation https://github.com/internetwache/GitTools - Exploit .git Folder Existence https://github.com/cujanovic/SSRF-Testing - SSRF Tutorials https://github.com/ambionics/phpggc - PHP Unserialize Payload generator https://github.com/BuffaloWill/oxml_xxe - Malicious Office XXE payload generator https://github.com/tijme/angularjs-csti-scanner - Angularjs Csti Scanner https://github.com/0xacb/viewgen - Deserialize .NET Viewstates https://github.com/Illuminopi/RCEvil.NET - Deserialize .NET Viewstates REST API Audit https://github.com/flipkart-incubator/Astra Swagger File API Attack https://github.com/imperva/automatic-api-attack-tool Windows Privilege Escalation / Audit https://github.com/AlessandroZ/BeRoot https://github.com/rasta-mouse/Sherlock https://github.com/hfiref0x/UACME - UAC https://github.com/rootm0s/WinPwnage - UAC https://github.com/abatchy17/WindowsExploits https://github.com/dafthack/HostRecon https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack https://github.com/WindowsExploits/Exploits https://github.com/Cybereason/siofra - dll hijack scanner https://github.com/0xbadjuju/Tokenvator - admin to system https://github.com/MojtabaTajik/Robber https://github.com/411Hall/JAWS https://github.com/GhostPack/SharpUp https://github.com/GhostPack/Seatbelt https://github.com/A-mIn3/WINspect https://github.com/hausec/ADAPE-Script https://github.com/SecWiki/windows-kernel-exploits https://github.com/bitsadmin/wesng https://github.com/rasta-mouse/Watson https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32 https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation https://github.com/antonioCoco/RogueWinRM - from Service Account to System T3 Enumeration https://github.com/quentinhardy/jndiat Linux Privilege Escalation / Audit https://github.com/mzet-/linux-exploit-suggester https://github.com/rebootuser/LinEnum https://github.com/diego-treitos/linux-smart-enumeration https://github.com/CISOfy/lynis https://github.com/AlessandroZ/BeRoot https://github.com/future-architect/vuls https://github.com/ngalongc/AutoLocalPrivilegeEscalation https://github.com/b3rito/yodo https://github.com/belane/linux-soft-exploit-suggester - lookup vulnerable installed software https://github.com/sevagas/swap_digger https://github.com/NullArray/RootHelper https://github.com/NullArray/MIDA-Multitool https://github.com/initstring/dirty_sock https://github.com/jondonas/linux-exploit-suggester-2 https://github.com/sosdave/KeyTabExtract https://github.com/DominicBreuker/pspy https://github.com/itsKindred/modDetective https://github.com/nongiach/sudo_inject https://github.com/Anon-Exploiter/SUID3NUM - find suid bins and look them up under gtfobins / exploitable or not https://github.com/nccgroup/GTFOBLookup - Offline GTFOBins https://github.com/TH3xACE/SUDO_KILLER - sudo misconfiguration exploitation https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py https://github.com/inquisb/unix-privesc-check https://github.com/hc0d3r/tas - easily manipulate the tty and create fake binaries https://github.com/SecWiki/linux-kernel-exploits https://github.com/initstring/uptux https://github.com/andrew-d/static-binaries - not really privesc but helpfull Exfiltration Credential harvesting Windows Specific https://github.com/gentilkiwi/mimikatz https://github.com/GhostPack/SafetyKatz https://github.com/GhostPack/Rubeus https://github.com/Arvanaghi/SessionGopher https://github.com/peewpw/Invoke-WCMDump https://github.com/tiagorlampert/sAINT https://github.com/AlessandroZ/LaZagneForensic - remote lazagne https://github.com/eladshamir/Internal-Monologue https://github.com/djhohnstein/SharpWeb - Browser Creds gathering https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction https://github.com/0x09AL/RdpThief - extract live rdp logins LSASS Dump Without Mimikatz https://github.com/Hackndo/lsassy https://github.com/aas-n/spraykatz Credential harvesting Linux Specific https://github.com/huntergregal/mimipenguin https://github.com/n1nj4sec/mimipy https://github.com/dirtycow/dirtycow.github.io https://github.com/mthbernardes/sshLooterC - SSH Credential loot https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot https://github.com/0xmitsurugi/gimmecredz Data Exfiltration - DNS/ICMP/Wifi Exfiltration https://github.com/FortyNorthSecurity/Egress-Assess https://github.com/p3nt4/Invoke-TmpDavFS https://github.com/DhavalKapil/icmptunnel https://github.com/iagox86/dnscat2 https://github.com/Arno0x/DNSExfiltrator https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP https://github.com/sysdream/chashell Git Specific https://github.com/dxa4481/truffleHog https://github.com/zricethezav/gitleaks Windows / Linux https://github.com/AlessandroZ/LaZagne https://github.com/Dionach/PassHunt https://github.com/vulmon/Vulmap Reverse Engineering / decompiler https://github.com/mattifestation/PowerShellArsenal https://github.com/0xd4d/dnSpy - .NET Disassembler https://github.com/NationalSecurityAgency/ghidra https://github.com/icsharpcode/ILSpy Forensics https://github.com/Invoke-IR/PowerForensics https://github.com/Neo23x0/Loki https://github.com/gfoss/PSRecon Network Attacks https://github.com/bettercap/bettercap - https://github.com/SpiderLabs/Responder https://github.com/lgandx/Responder - more up to date https://github.com/evilsocket/bettercap - Deprecated but still good https://github.com/r00t-3xp10it/morpheus https://github.com/fox-it/mitm6 https://github.com/DanMcInerney/LANs.py Specific MITM service Exploitation https://github.com/jtesta/ssh-mitm - SSH https://github.com/pimps/wsuxploit - WSUS https://github.com/SySS-Research/Seth - RDP https://github.com/infobyte/evilgrade - Fake Updates for various Software https://github.com/samdenty/injectify - web application live recording, keystroke logger https://github.com/skorov/ridrelay - User Enumeration with SMB Relay Attacks https://github.com/Kevin-Robertson/Invoke-TheHash Sniffing / Evaluation / Filtering https://github.com/DanMcInerney/net-creds https://github.com/lgandx/PCredz https://github.com/Srinivas11789/PcapXray Scanner / Exploitation-Frameworks / Automation https://github.com/threat9/routersploit https://github.com/nccgroup/autopwn https://github.com/1N3/Sn1per https://github.com/byt3bl33d3r/CrackMapExec https://github.com/Cn33liz/p0wnedShell https://github.com/archerysec/archerysec https://github.com/vulnersCom/nmap-vulners https://github.com/m4ll0k/AutoNSE - automate nmap with scripting capabilities https://github.com/v3n0m-Scanner/V3n0M-Scanner https://github.com/zdresearch/OWASP-Nettacker Default Credential Scanner https://github.com/ztgrace/changeme https://github.com/FortyNorthSecurity/EyeWitness https://github.com/byt3bl33d3r/WitnessMe - screenshot for webservers Default Credential Lookup https://github.com/Viralmaniar/Passhunt Payload Generation / AV-Evasion / Malware Creation https://github.com/nccgroup/Winpayloads https://github.com/Screetsec/TheFatRat https://github.com/xillwillx/tricky.lnk https://github.com/trustedsec/unicorn https://github.com/z0noxz/powerstager https://github.com/curi0usJack/luckystrike https://github.com/enigma0x3/Generate-Macro https://github.com/Cn33liz/JSMeter https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator https://github.com/Cn33liz/StarFighters https://github.com/BorjaMerino/Pazuzu https://github.com/mwrlabs/wePWNise https://github.com/Mr-Un1k0d3r/UniByAv https://github.com/govolution/avet https://github.com/Pepitoh/VBad https://github.com/mdsecactivebreach/CACTUSTORCH https://github.com/D4Vinci/Dr0p1t-Framework https://github.com/g0tmi1k/msfpc https://github.com/bhdresh/CVE-2017-0199 - Office RCE POC https://github.com/GreatSCT/GreatSCT https://github.com/mthbernardes/rsg - reverse shell generator https://github.com/sevagas/macro_pack https://github.com/mdsecactivebreach/SharpShooter https://github.com/hlldz/SpookFlare https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads https://github.com/paranoidninja/CarbonCopy - Sign an executable for AV-Evasion https://github.com/peewpw/Invoke-PSImage https://github.com/Arvanaghi/CheckPlease - Sandbox Evasion techniques https://github.com/trustedsec/nps_payload https://github.com/stormshadow07/HackTheWorld https://github.com/r00t-3xp10it/FakeImageExploiter https://github.com/nccgroup/demiguise - Encrypted HTA Generation https://github.com/med0x2e/genxlm https://github.com/med0x2e/GadgetToJScript Android https://github.com/sensepost/kwetza External Penetration Testing Domain Finding / Subdomain Enumeration https://github.com/aboul3la/Sublist3r https://github.com/TheRook/subbrute https://github.com/michenriksen/aquatone https://github.com/darkoperator/dnsrecon https://github.com/fwaeytens/dnsenum https://github.com/s0md3v/Striker + Scanner https://github.com/leebaird/discover https://github.com/eldraco/domain_analyzer - more like an audit https://github.com/caffix/amass - https://github.com/subfinder/subfinder https://github.com/TypeError/domained https://github.com/SilverPoision/Rock-ON File Search / Metadata extraction https://github.com/dafthack/PowerMeta https://github.com/ElevenPaths/FOCA Scanner https://github.com/vesche/scanless https://github.com/1N3/Sn1per https://github.com/DanMcInerney/pentest-machine Email Gathering https://github.com/leapsecurity/InSpy https://github.com/dchrastil/ScrapedIn https://github.com/SimplySecurity/SimplyEmail https://github.com/clr2of8/GatherContacts https://github.com/s0md3v/Zen - Find Emails of Github Users https://github.com/m8r0wn/CrossLinked https://github.com/m4ll0k/Infoga Domain Auth + Exploitation https://github.com/nyxgeek/o365recon https://github.com/True-Demon/raindance - office 365 recon https://github.com/dafthack/MailSniper https://github.com/sensepost/ruler https://github.com/Greenwolf/Spray - lockout Time integrated https://github.com/nyxgeek/lyncsmash - Lync Credential Finder https://github.com/byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient https://github.com/mdsecresearch/LyncSniper - Lync Credential Finder Specific Service Scanning / Exploitation Login Brute Force + Wordlist attacks https://github.com/galkan/crowbar - Brute force non hydra compliant services - RDP, VNC, OpenVPN https://github.com/1N3/BruteX - Brute Force various services https://github.com/x90skysn3k/brutespray - https://github.com/lanjelot/patator https://github.com/dafthack/RDPSpray - RDP Password Spray - No Event Logs SNMP https://github.com/hatlord/snmpwn Open X11 https://github.com/sensepost/xrdp Printers https://github.com/RUB-NDS/PRET https://github.com/BusesCanFly/PRETty - Automation for PRET MSSQL https://github.com/quentinhardy/msdat Oracle https://github.com/quentinhardy/odat IKE https://github.com/SpiderLabs/ikeforce SMB Null Session Exploitation https://github.com/m8r0wn/nullinux Intel AMT Exploitation https://github.com/Coalfire-Research/DeathMetal SAP Exploitation https://github.com/comaeio/OPCDE https://github.com/gelim/sap_ms https://github.com/chipik/SAP_GW_RCE_exploit Weblogic Exploitation https://github.com/quentinhardy/jndiat - WEblogic Server Tests https://github.com/kingkaki/weblogic-scan https://github.com/FlyfishSec/weblogic_rce - cve-2019-2725 https://github.com/SukaraLin/CVE-2019-2890 https://github.com/1337g/CVE-2017-10271 https://github.com/LandGrey/CVE-2018-2894 Sharepoint exploitation https://github.com/sensepost/SPartan - Sharepoint Fingerprint + Exploitation https://github.com/Voulnet/desharialize Telerik UI for ASP.NET AJAX Exploit https://github.com/noperator/CVE-2019-18935 General Recon https://github.com/FortyNorthSecurity/EyeWitness Command & Control Frameworks https://github.com/n1nj4sec/pupy https://github.com/nettitude/PoshC2 https://github.com/FortyNorthSecurity/WMImplant https://github.com/quasar/QuasarRAT https://github.com/EmpireProject/Empire https://github.com/zerosum0x0/koadic https://github.com/Mr-Un1k0d3r/ThunderShell https://github.com/Ne0nd0g/merlin https://github.com/Arno0x/WebDavC2 https://github.com/malwaredllc/byob https://github.com/byt3bl33d3r/SILENTTRINITY https://github.com/Arno0x/WSC2 https://github.com/BC-SECURITY/Empire - Empire with embedded AMSI-Bypass https://github.com/cobbr/Covenant https://github.com/BishopFox/sliver Android https://github.com/AhMyth/AhMyth-Android-RAT Linux MacOSX Specific https://github.com/neoneggplant/EggShell Wifi Tools https://github.com/wifiphisher/wifiphisher https://github.com/P0cL4bs/WiFi-Pumpkin https://github.com/s0lst1c3/eaphammer https://github.com/h0nus/RogueSploit https://github.com/Tylous/SniffAir https://github.com/FluxionNetwork/fluxion https://github.com/derv82/wifite2 https://github.com/ICSec/airpwn-ng https://github.com/xdavidhu/mitmAP https://github.com/ZerBea/hcxdumptool Android / Nethunter https://github.com/faizann24/wifi-bruteforcer-fsecurify https://github.com/chrisk44/Hijacker Raspberri PI Exploitation https://github.com/secgroundzero/warberry https://github.com/samyk/poisontap https://github.com/mame82/P4wnP1 https://github.com/mame82/P4wnP1_aloa https://github.com/pi-hole/pi-hole Physical Security / HID/ETH Emulator https://github.com/carmaa/inception - PCI-based DMA https://github.com/samratashok/Kautilya https://github.com/ufrisk/pcileech - PCI based DMA https://github.com/Screetsec/Brutal - Teensy Payloads https://github.com/insecurityofthings/jackit https://github.com/BastilleResearch/mousejack Social Engeneering https://github.com/kgretzky/evilginx https://github.com/threatexpress/domainhunter https://github.com/netevert/dnsmorph - lookup valid phishing-Domains https://github.com/elceef/dnstwist - lookup valid phishing-Domains https://github.com/quickbreach/SMBetray - Change SMB Files on the fly https://github.com/SteveLTN/https-portal https://github.com/ryhanson/phishery https://github.com/Dviros/CredsLeaker https://github.com/bitsadmin/fakelogonscreen Defender Guides / Tools https://github.com/PaulSec/awesome-windows-domain-hardening https://github.com/Invoke-IR/Uproot https://github.com/danielbohannon/Revoke-Obfuscation - powershell obfuscation detection https://github.com/countercept/python-exe-unpacker - python exe decompile https://github.com/0xd4d/de4dot - .NET Revoke-Obfuscation https://github.com/securitywithoutborders/hardentools https://github.com/x0rz/phishing_catcher https://github.com/Ben0xA/PowerShellDefense https://github.com/emposha/PHP-Shell-Detector https://github.com/LordNoteworthy/al-khaser https://github.com/Security-Onion-Solutions/security-onion - ids https://github.com/ptresearch/AttackDetection https://github.com/MHaggis/hunt-detect-prevent https://github.com/JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log https://github.com/lithnet/ad-password-protection - AD Passwort Blacklisting https://github.com/R3MRUM/PSDecode - Powershell DE-Obfuscation https://github.com/matterpreter/DefenderCheck https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES Wordlists / Wordlist generators https://github.com/danielmiessler/SecLists https://github.com/berzerk0/Probable-Wordlists https://github.com/govolution/betterdefaultpasslist https://github.com/insidetrust/statistically-likely-usernames https://github.com/LandGrey/pydictor https://github.com/sc0tfree/mentalist https://github.com/skahwah/wordsmith https://github.com/1N3/IntruderPayloads https://github.com/fuzzdb-project/fuzzdb https://github.com/Bo0oM/fuzz.txt https://github.com/laconicwolf/Password-Scripts AD Lab Environment https://github.com/davidprowe/BadBlood Obfuscation https://github.com/xoreaxeaxeax/movfuscator https://github.com/danielbohannon/Invoke-DOSfuscation https://github.com/unixpickle/gobfuscate - GO Obfuscator https://github.com/javascript-obfuscator/javascript-obfuscator - Javascript Obfuscator https://github.com/danielbohannon/Invoke-Obfuscation - Powershell Obfuscator Source Code / Binary Analysis Binary Analysis https://github.com/avast/retdec https://github.com/MobSF/Mobile-Security-Framework-MobSF Source Code Analysis https://github.com/mre/awesome-static-analysis https://github.com/eslint/eslint - Javascript https://github.com/dpnishant/jsprime - Javascript https://github.com/phpstan/phpstan - PHP MISC https://github.com/pentestmonkey/gateway-finder https://github.com/Cybellum/DoubleAgent https://github.com/ytisf/theZoo https://github.com/kbandla/APTnotes https://github.com/WindowsLies/BlockWindows https://github.com/secrary/InjectProc https://github.com/AlsidOfficial/WSUSpendu https://github.com/SigPloiter/SigPloit https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist https://github.com/PowerShell/PowerShell https://github.com/landhb/HideProcess https://github.com/meliht/Mr.SIP https://github.com/XiphosResearch/exploits https://github.com/jas502n/CVE-2019-13272 https://github.com/fox-it/cve-2019-1040-scanner https://github.com/worawit/MS17-010 https://github.com/DiabloHorn/yara4pentesters https://github.com/D4Vinci/Cr3dOv3r https://github.com/a2u/CVE-2018-7600 - Drupal Exploit https://github.com/joxeankoret/CVE-2017-7494 - SAMBA Exploit https://github.com/D4Vinci/One-Lin3r - Reverse Shell Oneliner / Payload Generation https://github.com/0x00-0x00/ShellPop - Reverse/Bind Shell Generator https://github.com/Acceis/crypto_identifier https://github.com/sensepost/UserEnum - check if a user is valid in a domain https://github.com/LOLBAS-Project/LOLBAS - Living of the Land Binaries https://github.com/peewpw/Invoke-BSOD - Windows Denial of Service Exploit https://github.com/mtivadar/windows10_ntfs_crash_dos - Windows Denial of Service Exploit https://github.com/deepzec/Bad-Pdf PDF Steal NTLMv2 Hash Exploit - CVE-2018-4993 https://github.com/SecureAuthCorp/impacket - https://github.com/blacknbunny/libSSH-Authentication-Bypass - LibSSH Authentication Bypass vuln. https://github.com/OneLogicalMyth/zeroday-powershell - windows Privesc Exploit https://github.com/smicallef/spiderfoot - OSINT https://github.com/ShawnDEvans/smbmap https://github.com/Coalfire-Research/java-deserialization-exploits - Deserialisation Exploits https://github.com/RhinoSecurityLabs/GCPBucketBrute - S3 bucket tester https://github.com/khast3x/h8mail https://github.com/dirkjanm/adidnsdump - Zone transfer like for internal assessment https://github.com/gquere/pwn_jenkins https://github.com/JavelinNetworks/IR-Tools - Get-ShellContent.ps1 get the typed content for all open shells https://github.com/taviso/ctftool - windows CTF Exploitation https://github.com/jedisct1/dsvpn https://github.com/GoSecure/dtd-finder https://github.com/tyranid/DotNetToJScript https://github.com/cfreal/exploits - Apache Privilege Escalation https://github.com/adamdriscoll/snek - Execute python from powershell https://github.com/g0tmi1k/exe2hex Azure Cloud Tools https://github.com/hausec/PowerZure https://github.com/NetSPI/MicroBurst Anonymous / Tor Projects https://github.com/realgam3/pymultitor https://github.com/Und3rf10w/kali-anonsurf https://github.com/GouveaHeitor/nipe https://github.com/cryptolok/GhostInTheNet https://github.com/DanMcInerney/elite-proxy-finder Exploit Search https://github.com/vulnersCom/getsploit https://github.com/1N3/Findsploit Industrial Control Systems https://github.com/dark-lbp/isf https://github.com/klsecservices/s7scan https://github.com/w3h/isf Network access control bypass https://github.com/scipag/nac_bypass JMX Exploitation https://github.com/mogwailabs/mjet https://github.com/siberas/sjet Citrix Netscaler Pwn https://github.com/trustedsec/cve-2019-19781 Red Team infrastructure setup https://github.com/obscuritylabs/RAI https://github.com/Coalfire-Research/Red-Baron - terraform cloud c2 redirector setup https://github.com/shr3ddersec/Shr3dKit https://github.com/t94j0/satellite Redis Exploitation https://github.com/Ridter/redis-rce SSRF Exploitation https://github.com/swisskyrepo/SSRFmap LFI exploitation https://github.com/mzfr/liffy MondoDB Redis Couchdb Exploitation https://github.com/torque59/Nosql-Exploitation-Framework Elasticsearch / Kibana Exploitation https://github.com/0xbug/Biu-framework RMI attacks https://github.com/NickstaDB/BaRMIe JSON Web Token Analysis / Exploitation https://github.com/ticarpi/jwt_tool Docker Exploitation https://github.com/AbsoZed/DockerPwn.py - automation of Docker TCP socket abuse https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/CVE%20Exploits/Docker%20API%20RCE.py - Docker API exposed RCE PHP exploits https://github.com/neex/phuip-fpizdam - nginx + php misconfiguration Cloud attack tools https://github.com/mdsecactivebreach/o365-attack-toolkit Bluetooth / low energy https://github.com/ojasookert/CVE-2017-0785 https://github.com/evilsocket/bleah https://github.com/virtualabs/btlejack Wireless / Radio Exploitation https://github.com/mame82/LOGITacker APT / Malware Emulation / Defense Check https://github.com/TryCatchHCF/DumpsterFire https://github.com/NextronSystems/APTSimulator https://github.com/redhuntlabs/RedHunt-OS https://github.com/guardicore/monkey Hash Crack / Lookup https://github.com/k4m4/dcipher-cli https://github.com/s0md3v/Hash-Buster https://github.com/initstring/passphrase-wordlist OSCP Lists / tools / help https://github.com/sailay1996/expl-bin https://github.com/CyDefUnicorn/OSCP-Archives ASPX Webshells https://github.com/antonioCoco/SharPyShell PHP Webshells https://github.com/flozz/p0wny-shell JSP WebShells https://github.com/SecurityRiskAdvisors/cmd.jsp Other Tool-Lists / Cheat Sheets https://github.com/Hack-with-Github/Awesome-Hacking https://github.com/enaqx/awesome-pentest https://github.com/HarmJ0y/CheatSheets https://github.com/vysecurity/RedTips https://github.com/toolswatch/blackhat-arsenal-tools https://github.com/jivoi/awesome-osint https://github.com/qazbnm456/awesome-cve-poc https://github.com/swisskyrepo/PayloadsAllTheThings https://github.com/dsasmblr/hacking-online-games https://github.com/meirwah/awesome-incident-response https://github.com/carpedm20/awesome-hacking https://github.com/rshipp/awesome-malware-analysis https://github.com/thibmaek/awesome-raspberry-pi https://github.com/vitalysim/Awesome-Hacking-Resources https://github.com/mre/awesome-static-analysis https://github.com/coreb1t/awesome-pentest-cheat-sheets https://github.com/infosecn1nja/Red-Teaming-Toolkit https://github.com/rmusser01/Infosec_Reference https://github.com/trimstray/the-book-of-secret-knowledge https://github.com/qazbnm456/awesome-web-security https://github.com/chryzsh/awesome-windows-security https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE https://github.com/We5ter/Scanners-Box https://github.com/smgorelik/Windows-RCE-exploits https://github.com/trustedsec/physical-docs https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques https://github.com/netbiosX/Checklists https://github.com/adon90/pentest_compilation About No description, website, or topics provided. Resources Readme Releases No releases published
WeblogicScan 增强版WeblogicScan 从rabbitmask大佬的WeblogicScan V12 版本修改而来。 修改前源项目地址:githubcom/rabbitmask/WeblogicScan DEFF 支持Python3 修复漏洞检测误报,漏洞检测结果更精确 添加CVE-2019-2729, CVE-2019-2618漏洞检测 插件化漏洞扫描组件 添加彩色打印 INSTALL pip3 install -r requirementstxt
抓取 Weblogic 等 Oracle 组件的历史漏洞信息
红方人员作战执行手册
红方人员作战执行手册
Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Objective-C Objective-C++ Others PHP PLpgSQL Pascal Perl PostScri
项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 address | introduce | -|-|- 名字 | 介绍 | 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome
项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr
Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without
平常看到好的各种工具的集合
Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Mr-xn committed 0feda91 yesterday update reademe Git stats 537 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BlueKeep add add bluekeep-CVE-2019-0708-python 8 months ago CVE-2018-6389 add CVE-2018-6389 10 months ago CVE-2019-0211-apache add CVE-2019-0211-apache 9 months ago CVE-2019-0803 add CVE-2019-0803 Win32k漏洞提权工具 9 months ago CVE-2019-11043 add CVE-2019-11043-PHP远程代码执行漏 9 months ago CVE-2019-11510 add CVE-2019-11510 11 months ago CVE-2019-13051 add ThinkCMF漏洞全集和 9 months ago CVE-2019-15107 uplaod 11 months ago CVE-2019-16097 add Harbor remote add admin user 10 months ago CVE-2019-6977-imagecolormatch add CVE-2019-6977-imagecolormatch 9 months ago CVE-2019-8451 add CVE-2019-8451 10 months ago IIS/CVE-2017-7269-Echo-PoC upload img md rb file 11 months ago POC_Details add D-Link Devices - Unauthenticated Remote Command Execution in ssdp… 5 months ago Struts2_045-Poc upload 12 months ago WeblogicScanLot upload about Weblogic 10 months ago books add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell) 3 days ago discuz-ml-rce update README.md 12 months ago img add 绕过ASM执行powershell脚本 7 days ago jboss_CVE-2017-12149 add jboss_CVE-2017-12149 10 months ago macOS-Kernel-Exploit add macOS-Kernel-Exploit 10 months ago redis-rogue-server upload Redis(<=5.0.5) RCE 10 months ago tools add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 3 days ago tp5-getshell add tp3-5getshell&构建ASMX绕过限制WAF达到命令执行 9 months ago zentao-getshell add zentao-getshell 禅道8.2 - 9.2.1前台Getshell 10 months ago Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md update 12 months ago Apache Solr RCE via Velocity Template Injection.md add some cve and poc 6 months ago CVE-2019-0708-msf快速搭建.md Update CVE-2019-0708-msf快速搭建.md 10 months ago CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md Update CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md 11 months ago CVE-2019-15107 Webmin 1.920 远程命令执行漏洞.md add CVE-2019-15107 Webmin 1.920 远程命令执行漏洞 44139-mysql-udf-exploitation… 9 months ago CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md add CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md 10 months ago CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞.md add CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 10 months ago CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd.md add CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd 9 months ago CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞.md add CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 10 months ago CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md add CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 10 months ago CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell.md add indexhibit cms v2.1.5 直接编辑php文件getshell 10 months ago CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md 10 months ago CVE-2019-16920-D-Link-rce.md add CVE-2019-16920-D-Link-rce 9 months ago CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md add CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux… 9 months ago CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass.md add CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass 9 months ago CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞.md add CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞 9 months ago CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行.md add CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 8 months ago CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行.md add CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 9 months ago CVE-2020-0554:phpMyAdmin后台SQL注入.md add CVE-2020-0554:phpMyAdmin后台SQL注入 4 months ago CVE-2020-0796检测与修复.md update CVE-2020-0796检测与修复.md 4 months ago CVE-2020-8794-OpenSMTPD 远程命令执行漏洞.md add CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 4 months ago CVE-2020-8813 - Cacti v1.2.8 RCE.md add CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析 5 months ago CVE-2020-9374.md add CVE-2020-9374-TP LINK TL-WR849N - RCE 4 months ago Cobub Razor 0.7.2存在跨站请求伪造漏洞.md update 12 months ago Cobub Razor 0.7.2越权增加管理员账户.md update 12 months ago Cobub Razor 0.8.0存在SQL注入漏洞.md Update Cobub Razor 0.8.0存在SQL注入漏洞.md 12 months ago Cobub Razor 0.8.0存在物理路径泄露漏洞.md update 12 months ago Couch through 2.0存在路径泄露漏洞.md upload 12 months ago DomainMod的XSS集合.md update 12 months ago Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH).md add Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 9 months ago FineCMS_v5.0.8两处getshell.md upload 12 months ago Finecms_v5.4存在CSRF漏洞可修改管理员账户密码.md update 12 months ago GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户.md update 12 months ago Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号.md update 12 months ago Joomla-3.4.6-RCE.md update Joomla-3.4.6-RCE 9 months ago LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户.md update 12 months ago LICENSE Update LICENSE 5 months ago MetInfoCMS 5.X版本GETSHELL漏洞合集.md upload discuz-ml-rce 12 months ago Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞.md update 12 months ago MiniCMS 1.10存在CSRF漏洞可增加管理员账户.md update 12 months ago PAM劫持SSH密码.md add PAM劫持SSH密码 2 months ago README.md update reademe yesterday S-CMS PHP v3.0存在SQL注入漏洞.md update 12 months ago S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号.md update 12 months ago ThinkCMF漏洞全集和.md add ThinkCMF漏洞全集和 9 months ago WDJACMS1.5.2模板注入漏洞.md add WDJACMS1.5.2模板注入漏洞.md 6 months ago YzmCMS 3.6存在XSS漏洞.md update 12 months ago Z-Blog 1.5.1.1740存在XSS漏洞.md update 12 months ago ZZCMS201910 SQL Injections.md add zzcms201910 sql注入 6 months ago adduser添加用户.md add adduser添加用户 6 months ago cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC.md add cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC 8 months ago freeFTP1.0.8-'PASS'远程缓冲区溢出.md freeFTP1.0.8-PASS远程缓冲区溢出 9 months ago indexhibit cms v2.1.5 直接编辑php文件getshell.md update 12 months ago joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户.md update 12 months ago maccms_v10存在CSRF漏洞可增加任意账号.md update 12 months ago rConfig v3.9.2 RCE漏洞.md add rConfig v3.9.2 RCE漏洞 8 months ago showdoc的api_page存在任意文件上传getshell.md add showdoc的api_page存在任意文件上传getshell&xss-demo-超级简单版本的XSS练习demo&xFTP6密码解密 2 months ago solr_rce.md add solre_rce 8 months ago thinkphp5命令执行.md upload 12 months ago thinkphp5框架缺陷导致远程代码执行.md upload 12 months ago typecho反序列化漏洞.md upload 12 months ago yii2-statemachine v2.x.x存在XSS漏洞.md update 12 months ago 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户.md update 12 months ago 华为WS331a产品管理页面存在CSRF漏洞.md upload 12 months ago 天翼创维awifi路由器存在多处未授权访问漏洞.md upload 12 months ago 快速判断sql注入点是否支持load_file.md add 79款 Netgear 路由器遭远程接管0day&代码审计之DTCMS_V5.0后台漏洞两枚&快速判断sql注入点是否支持load… 20 days ago 构建ASMX绕过限制WAF达到命令执行.md Update 构建ASMX绕过限制WAF达到命令执行.md 9 months ago 泛微 e-cology OA 前台SQL注入漏洞.md add 泛微 e-cology OA 前台SQL注入漏洞 9 months ago 泛微OA管理系统RCE漏洞利用脚本.md 泛微OA管理系统RCE漏洞利用脚本.md 10 months ago 泛微e-mobile ognl注入.md add 泛微e-mobile ognl注入&表达式注入.pdf 4 months ago 致远OA_A8_getshell_0day.md upload 12 months ago 通达OA前台任意用户伪造登录漏洞批量检测.md add 通达OA前台任意用户伪造登录漏洞批量检测 3 months ago 通过phpinfo获取cookie突破httponly.md add 通过phpinfo获取cookie突破httponly.md 3 months ago View code README.md Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 D-Link路由器RCE漏洞 CVE-2019-13051-Pi-Hole路由端去广告软件的命令注入&权限提升 D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621) Huawei HG255 Directory Traversal[目录穿越]|本地备份文件 D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)CVE-2019-20215(Metasploit) 从 Interfaces.d 到 RCE:Mozilla WebThings IoT 网关漏洞挖掘 小米系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371) Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload-未经验证即可替换固件) cve-2020-8634&cve-2020-8635|Wing FTP Server 6.2.3权限提升漏洞发现分析复现过程|Wing FTP Server 6.2.5权限提升 CVE-2020-9374-TP LINK TL-WR849N - RCE CVE-2020-12753-LG 智能手机任意代码执行漏洞 CVE-2020-12695-UPnP 安全漏洞 79款 Netgear 路由器遭远程接管0day Web APP 致远OA_A8_getshell_0day Couch through 2.0存在路径泄露漏洞 Cobub Razor 0.7.2存在跨站请求伪造漏洞 joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户 MiniCMS 1.10存在CSRF漏洞可增加管理员账户 Z-Blog 1.5.1.1740存在XSS漏洞 YzmCMS 3.6存在XSS漏洞 Cobub Razor 0.7.2越权增加管理员账户 Cobub Razor 0.8.0存在SQL注入漏洞 Cobub Razor 0.8.0存在物理路径泄露漏洞 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户 DomainMod的XSS集合 GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户 yii2-statemachine v2.x.x存在XSS漏洞 maccms_v10存在CSRF漏洞可增加任意账号 LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户 Finecms_v5.4存在CSRF漏洞可修改管理员账户密码 Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞 Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞 Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号 indexhibit cms v2.1.5 直接编辑php文件getshell S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号 S-CMS PHP v3.0存在SQL注入漏洞 MetInfoCMS 5.X版本GETSHELL漏洞合集 discuz ml RCE 漏洞检测工具 thinkphp5框架缺陷导致远程代码执行 FineCMS_v5.0.8两处getshell Struts2_045漏洞批量检测|搜索引擎采集扫描 thinkphp5命令执行 typecho反序列化漏洞 CVE-2019-10173 Xstream 1.4.10版本远程代码执行 IIS/CVE-2017-7269-Echo-PoC CVE-2019-15107 Webmin RCE thinkphp5 rce漏洞检测工具 thinkphp5_RCE合集 thinkphp3.X-thinkphp5.x 关于ThinkPHP框架的历史漏洞分析集合 CVE-2019-11510 Redis(<=5.0.5) RCE Redis 4.x/5.x RCE(主从复制导致RCE) 生成Redis恶意模块so文件配合主从复制RCE达到命令执行|相关文章 RedisWriteFile-通过 Redis 主从写出无损文件,可用于 Windows 平台下写出无损的 EXE、DLL、 LNK 和 Linux 下的 OS 等二进制文件 WeblogicScanLot系列,Weblogic漏洞批量检测工具 jboss_CVE-2017-12149 Wordpress的拒绝服务(DoS)-CVE-2018-6389 Webmin Remote Code Execution (authenticated)-CVE-2019-15642 CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞 CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell 泛微OA管理系统RCE漏洞利用脚本 CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit zentao-getshell 禅道8.2 - 9.2.1前台Getshell 泛微 e-cology OA 前台SQL注入漏洞 Joomla-3.4.6-RCE Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境) CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd CVE-2019-11043-PHP远程代码执行漏 ThinkCMF漏洞全集和 CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 ecologyExp.jar-泛微ecology OA系统数据库配置文件读取 freeFTP1.0.8-'PASS'远程缓冲区溢出 rConfig v3.9.2 RCE漏洞 apache_solr_rce CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 Apache Flink任意Jar包上传导致远程代码执行 用于检测JSON接口令牌安全性测试 cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC CVE-2019-12409_Apache_Solr RCE Shiro RCE (Padding Oracle Attack) CVE-2019-19634-class.upload.php <= 2.0.4任意文件上传 Apache Solr RCE via Velocity Template Injection CVE-2019-10758-mongo-express before 0.54.0 is vulnerable to Remote Code Execution CVE-2019-2107-Android播放视频-RCE-POC(Android 7.0版本,7.1.1版本,7.1.2版本,8.0版本,8.1版本,9.0版本) CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11) CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞,影响: 4.0.0版本至4.6.0版本) ZZCMS201910 SQL Injections WDJACMS1.5.2模板注入漏洞 CVE-2019-19781-Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781.nse---use Nmap check Citrix ADC Remote Code Execution Mysql Client 任意文件读取攻击链拓展 CVE-2020-5504-phpMyAdmin注入(需要登录) CVE-2020-5509-Car Rental Project 1.0版本中存在远程代码执行漏洞 CryptoAPI PoC CVE-2020-0601|另一个PoC for CVE-2020-0601 New Weblogic RCE (CVE-2020-2546、CVE-2020-2551) CVE-2020-2546|WebLogic WLS核心组件RCE分析(CVE-2020-2551)|CVE-2020-2551-Weblogic IIOP 反序列化EXP CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC PHPOK v5.3&v5.4getshell | phpok V5.4.137前台getshell分析 | PHPOK 4.7从注入到getshell thinkphp6 session 任意文件创建漏洞复现 含POC --- 原文在漏洞推送公众号上 ThinkPHP 6.x反序列化POP链(一)|原文链接 ThinkPHP 6.x反序列化POP链(二)|原文链接 ThinkPHP 6.x反序列化POP链(三)|原文链接 WordPress InfiniteWP - Client Authentication Bypass (Metasploit) 【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC CVE-2019-17564 : Apache Dubbo反序列化漏洞 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) YzmCMS 5.4 后台getshell 关于Ghostcat(幽灵猫CVE-2020-1938漏洞):CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc|Java版本POC|Tomcat-Ajp协议文件读取漏洞|又一个python版本CVE-2020-1938漏洞检测|CVE-2020-1938-漏洞复现环境及EXP CVE-2020-8840:Jackson-databind远程命令执行漏洞(或影响fastjson) CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析(需要认证/或开启访客即可不需要登录)(一款Linux是基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具)|EXP|CVE-2020-8813MSF利用脚本 CVE-2020-7246-PHP项目管理系统qdPM< 9.1 RCE CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞 CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞 Apache ActiveMQ 5.11.1目录遍历/ Shell上传 CVE-2020-2555:WebLogic RCE漏洞POC|CVE-2020-2555-Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE CVE-2020-1947-Apache ShardingSphere UI YAML解析远程代码执行漏洞 CVE-2020-0554:phpMyAdmin后台SQL注入 泛微E-Mobile Ognl 表达式注入|表达式注入.pdf 通达OA RCE漏洞 CVE-2020-10673-jackson-databind JNDI注入导致远程代码执行 CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面(Sonatype Nexus <3.21.1) CVE-2020-2555-Oracle Coherence 反序列化漏洞|分析文章 cve-2020-5260-Git凭证泄露漏洞 通达OA前台任意用户伪造登录漏洞批量检测 CVE-2020-11890 JoomlaRCE <3.9.17 远程命令执行漏洞(需要有效的账号密码) CVE-2020-10238【JoomlaRCE <= 3.9.15 远程命令执行漏洞(需要有效的账号密码)】&CVE-2020-10239【JoomlaRCE 3.7.0 to 3.9.15 远程命令执行漏洞(需要有效的账号密码)】 CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3|CVE-2020-2883-Weblogic coherence.jar RCE tongda_oa_rce-通达oa 越权登录+文件上传getshell CVE-2020-11651-SaltStack Proof of Concept【认证绕过RCE漏洞】|CVE-2020-11651&&CVE-2020-11652 EXP showdoc的api_page存在任意文件上传getshell Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法 SpringBoot_Actuator_RCE jizhicms(极致CMS)v1.7.1代码审计-任意文件上传getshell+sql注入+反射XSS CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞|CVE-2020-9484:Apache Tomcat 反序列化RCE漏洞的分析和利用 PHPOK 最新版漏洞组合拳 GETSHELL Apache Kylin 3.0.1命令注入漏洞 weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory CVE-2020-5410 Spring Cloud Config目录穿越漏洞 NewZhan CMS 全版本 SQL注入(0day) 盲注 or 联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day) 从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过 CVE-2020-1948 : Apache Dubbo 远程代码执行漏洞 CVE-2020-5902-F5 BIG-IP 远程代代码执行(RCE)&任意文件包含读取 提权辅助相关 windows-kernel-exploits Windows平台提权漏洞集合 windows 溢出提权小记/本地保存了一份+Linux&Windows提取脑图 Windows常见持久控制脑图 CVE-2019-0803 Win32k漏洞提权工具 脏牛Linux提权漏洞 远控免杀从入门到实践之白名单(113个)|远控免杀从入门到实践之白名单(113个)总结篇.pdf Linux提权-CVE-2019-13272 A linux kernel Local Root Privilege Escalation vulnerability with PTRACE_TRACEME Linux权限提升辅助一键检测工具 将powershell脚本直接注入到进程中执行来绕过对powershell.exe的限制 CVE-2020-2696 – Local privilege escalation via CDE dtsession CVE-2020-0683-利用Windows MSI “Installer service”提权 Linux sudo提权辅助工具—查找sudo权限配置漏洞 Windows提权-CVE-2020-0668:Windows Service Tracing本地提权漏洞 Linux提取-Linux kernel XFRM UAF poc (3.x - 5.x kernels)2020年1月前没打补丁可测试 linux-kernel-exploits Linux平台提权漏洞集合 Linux提权辅助检测Perl脚本|Linux提权辅助检测bash脚本 CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost|【Windows提取】Windows SMBv3 LPE exploit 已编译版.exe|SMBGhost_RCE_PoC-远程代码执行EXP|Windows_SMBv3_RCE_CVE-2020-0796漏洞复现 getAV---windows杀软进程对比工具单文件版 【Windows提权工具】Windows 7 to Windows 10 / Server 2019|搭配CS的修改版可上线system权限的session 【Windows提权工具】SweetPotato修改版,用于webshell下执行命令|本地编译好的版本|点击下载或右键另存为|SweetPotato_webshell下执行命令版.pdf 【bypass UAC】Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe" 【Windows提权】CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 【Windows提权 Windows 10&Server 2019】PrintSpoofer-Abusing Impersonation Privileges on Windows 10 and Server 2019|配合文章食用-pipePotato复现|Windows 权限提升 BadPotato-已经在Windows 2012-2019 8-10 全补丁测试成功 【Windows提权】Windows 下的提权大合集 【Windows提权】-CVE-2020-1048 | PrintDemon本地提权漏洞-漏洞影响自1996年以来发布(Windows NT 4)的所有Windows版本 【Windows bypass UAC】UACME-一种集成了60多种Bypass UAC的方法 CVE-2020–1088: Windows wersvc.dll 任意文件删除本地提权漏洞分析 【Windows提权】CVE-2019-0863-Windows中错误报告机制导致的提权-EXP 【Windows提权】CVE-2020-1066-EXP 【Windows提权】CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-适用于Windows所有版本的提权EXP 【Windows提权】CVE-2020-1054-Win32k提权漏洞Poc 【Linux提权】对Linux提权的简单总结 【Windows提权】wesng-Windows提权辅助脚本 PC 微软RDP远程代码执行漏洞(CVE-2019-0708) CVE-2019-0708-python版 MS17-010-微软永恒之蓝漏洞 macOS-Kernel-Exploit CVE-2019-1388 UAC提权 (nt authority\system) CVE-2019-1405和CVE-2019-1322:通过组合漏洞进行权限提升 Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation CVE-2019-11708 Telegram(macOS v4.9.155353) 代码执行漏洞 Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610 Microsoft SharePoint - Deserialization Remote Code Execution CVE-2020-0728-Windows Modules Installer Service 信息泄露漏洞 CVE-2020-0618: 微软 SQL Server Reporting Services远程代码执行(RCE)漏洞|GitHub验证POC(其实前文的分析文章也有) CVE-2020-0767Microsoft ChakraCore脚本引擎【Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分】安全漏洞 CVE-2020-0688:微软EXCHANGE服务的远程代码执行漏洞|CVE-2020-0688_EXP---另一个漏洞检测利用脚本|又一个cve-2020-0688利用脚本|Exploit and detect tools for CVE-2020-0688 CVE-2020-0674: Internet Explorer远程代码执行漏洞检测 CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 Linux平台-CVE-2020-8597: PPPD 远程代码执行漏洞 Windows-CVE-2020-0796:疑似微软SMBv3协议“蠕虫级”漏洞|相关讨论|CVE-2020–0796检测与修复|又一个CVE-2020-0796的检测工具-可导致目标系统崩溃重启 SMBGhost_RCE_PoC(CVE-2020-0796) WinRAR 代码执行漏洞 (CVE-2018-20250)-POC|相关文章|全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250) windows10相关漏洞EXP&POC shiro rce 反序列 命令执行 一键工具 CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】 CVE-2019-1253-Windows权限提升漏洞-AppXSvc任意文件安全描述符覆盖EoP的另一种poc|CVE-2019-1253 BypassAV【免杀】Cobalt Strike插件,用于快速生成免杀的可执行文件 CVE-2020-0674:Internet Explorer UAF 漏洞exp【在64位的win7测试了IE 8, 9, 10, and 11】 SMBGhost_AutomateExploitation-SMBGhost (CVE-2020-0796) Automate Exploitation and Detection MS Windows OLE 远程代码执行漏洞(CVE-2020-1281) tools-小工具集合 java环境下任意文件下载情况自动化读取源码的小工具 Linux登录日志清除/伪造 python2的socks代理 dede_burp_admin_path-dedecms后台路径爆破(Windows环境) PHP 7.1-7.3 disable_functions bypass 一个各种方式突破Disable_functions达到命令执行的shell 【PHP】bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail) 另一个bypass PHP的disable_functions cmd下查询3389远程桌面端口 伪装成企业微信名片的钓鱼代码 vbulletin5-rce利用工具(批量检测/getshell)/保存了一份源码:vbulletin5-rce.py CVE-2017-12615 通过Shodan和favicon icon发现真实IP地址 Cobalt_Strike扩展插件 Windows命令行cmd的空格替换 绕过disable_function汇总 WAF Bypass 命令注入总结 隐藏wifi-ssid获取 · theKingOfNight's Blog crt.sh证书/域名收集 TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993 Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993 sqlmap_bypass_D盾_tamper sqlmap_bypass_安全狗_tamper sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper sqlmap_bypass_云锁_tamper masscan+nmap扫描脚本 PHP解密扩展 linux信息收集/应急响应/常见后门检测脚本 RdpThief-从远程桌面客户端提取明文凭据辅助工具 使用powershell或CMD直接运行命令反弹shell FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令检测 GitHack-.git泄露利用脚本 GitHacker---比GitHack更好用的git泄露利用脚本 SVN源代码泄露全版本Dump源码 多进程批量网站备份文件扫描 Empire|相关文章:后渗透测试神器Empire详解 FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera Zoomeye Tools-一款利用Zoomeye 获取有关当前网页IP地址的各种信息(需要登录) 360 0Kee-Team 的 crawlergo动态爬虫 结合 长亭XRAY扫描器的被动扫描功能 内网神器Xerosploit-娱乐性质(端口扫描|DoS攻击|HTML代码注入|JavaScript代码注入|下载拦截和替换|嗅探攻击|DNS欺骗|图片替换|Web页面篡改|Drifnet) 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo 内网常见渗透工具包 从内存中加载 SHELLCODE bypass AV查杀|twitter示例 流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具 内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】|adduser使用方法 pypykatz-通过python3实现完整的Mimikatz功能(python3.6+) 【windows】Bypassing AV via in-memory PE execution-通过在内存中加载多次XOR后的payload来bypass杀软|作者自建gitlab地址 wafw00f-帮助你快速识别web应用是否使用何种WAF(扫描之前很有用) Linux提取其他用户密码的工具(需要root权限) apache2_BackdoorMod-apache后门模块 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp) 一个简单探测jboss漏洞的工具 一款lcx在golang下的实现-适合内网代理流量到公网,比如阿里云的机器代理到你的公网机器 Cobalt Strike Aggressor 插件包 Erebus-Cobalt Strike后渗透测试插件,包括了信息收集、权限获取、密码获取、痕迹清除等等常见的脚本插件 IP/IP段资产扫描-->扫描开放端口识别运行服务部署网站-->自动化整理扫描结果-->输出可视化报表+整理结果 A script to scan for unsecured Laravel .env files Struts2漏洞扫描Golang版-【特点:单文件、全平台支持、可在webshell下使用】 Shiro<=1.2.4反序列化,一键检测工具|Apache shiro <= 1.2.4 rememberMe 反序列化漏洞利用工具 完整weblogic 漏洞扫描工具修复版 GitHub敏感信息泄露监控 Java安全相关的漏洞和技术demo 在线扫描-网站基础信息获取|旁站|端口扫描|信息泄露 bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统 内网渗透中常用的c#程序整合成cs脚本,直接内存加载 【漏洞库】又一个各种漏洞poc、Exp的收集或编写 内网渗透代理转发利器reGeorg|相关文章:配置reGeorg+Proxifier渗透内网|reGeorg+Proxifier实现内网sock5代理|内网渗透之reGeorg+Proxifier|reGeorg+Proxifier使用 Neo-reGeorg重构的reGeorg get_Team_Pass-获取目标机器上的teamviewerID和密码(你需要具有有效的目标机器账号密码且目标机器445端口可以被访问(开放445端口)) chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK|SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history|ChromePasswords-开源获取chrome密码/cookies工具 java-jdwp远程调试利用|相关文章:jdwp远程调试与安全 社会工程学密码生成器,是一个利用个人信息生成密码的工具 云业CMS(yunyecms)的多处SQL注入审计分析|原文地址|官网下载地址|sqlmap_yunyecms_front_sqli_tamp.py www.flash.cn 的钓鱼页,中文+英文 织梦dedecms全版本漏洞扫描 CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15 Dirble -快速目录扫描和爬取工具【比dirsearch和dirb更快】 RedRabbit - Red Team PowerShell脚本 Pentest Tools Framework - 渗透测试工具集-适用于Linux系统 白鹿社工字典生成器,灵活与易用兼顾。 NodeJsScan-一款转为Nodejs进行静态代码扫描开发的工具 一款国人根据poison ivy重写的远控 NoXss-可配合burpsuite批量检测XSS fofa 采集脚本 java web 压缩文件 安全 漏洞 可以自定义规则的密码字典生成器,支持图形界面 dump lass 工具(绕过/干掉卡巴斯基)|loader.zip下载 GO语言版本的mimikatz-编译后免杀 CVE-2019-0708-批量检测扫描工具 dump lsass的工具|又一个dump lsass的工具 Cobalt Strike插件 - RDP日志取证&清除 xencrypt-一款利用powershell来加密并采用Gzip/DEFLATE来绕过杀软的工具 SessionGopher-一款采用powershell来解密Windows机器上保存的session文件,例如: WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop,支持远程加载和本地加载使用 CVE-2020-0796 Local Privilege Escalation POC-python版本|CVE-2020-0796 Remote Code Execution POC Windows杀软在线对比辅助 递归式寻找域名和api mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户 【Android脱壳】之一键提取APP敏感信息 Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本 通过phpinfo获取cookie突破httponly phpstudy RCE 利用工具 windows GUI版本 WebAliveScan-根据端口快速扫描存活的WEB 扫描可写目录.aspx PC客户端(C-S架构)渗透测试 wsltools-web扫描辅助python库 struts2_check-用于识别目标网站是否采用Struts2框架开发的工具 sharpmimi.exe-免杀版mimikatz thinkPHP代码执行批量检测工具 pypykatz-用纯Python实现的Mimikatz Flux-Keylogger-具有Web面板的现代Javascript键盘记录器 JSINFO-SCAN-递归式寻找域名和api FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架 SRC资产信息聚合网站 Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测 JNDI 注入利用工具【Fastjson、Jackson 等相关漏洞】 各种反弹shell的语句集合页面 解密weblogic AES或DES加密方法 使用 sshLooterC 抓取 SSH 密码|相关文章|本地版本 redis-rogue-server-Redis 4.x/5.x RCE ew-内网穿透(跨平台) xray-weblisten-ui-一款基于GO语言写的Xray 被动扫描管理 SQLEXP-SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据 SRC资产在线管理系统 - Shots luject:可以将动态库静态注入到指定应用程序包的工具,目前支持Android/iPhonsOS/Windows/macOS/Linux|相关文章 CursedChrome:Chrome扩展植入程序,可将受害Chrome浏览器转变为功能齐全的HTTP代理,使你能够以受害人身份浏览网站 pivotnacci:通过HTTP隧道进行Socks连接 PHPFuck-一款适用于php7以上版本的代码混淆|[PHPFuck在线版本 冰蝎 bypass open_basedir 的马 goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理 自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用 xFTP6密码解密 Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具 Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具 BadDNS 是一款使用 Rust 开发的使用公共 DNS 服务器进行多层子域名探测的极速工具 【Android脱壳】XServer是一个用于对方法进行分析的Xposed插件|相关文章:Xposed+XServer无需脱壳抓取加密包|使用xserver对某应用进行不脱壳抓加密包 masscan_to_nmap-基于masscan和nmap的快速端口扫描和指纹识别工具 Evilreg -使用Windows注册表文件的反向Shell (.Reg) Shecodject工具使用python注入shellcode bypass 火絨,360,windows defender Malleable-C2-Profiles-Cobalt Strike的C2隐藏配置文件相关|渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗 AutoRemove-自动卸载360 ligolo:用于渗透时反向隧道连接工具 RMIScout: Java RMI爆破工具 【Android脱壳】FRIDA-DEXDump-【使用Frida来进行Android脱壳】 Donut-Shellcode生成工具 JSP-Webshells集合【2020最新bypass某云检测可用】 one-scan-多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息 ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。 域渗透-Windows hash dump之secretsdump.py|相关文章 WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】 基于实战沉淀下的各种弱口令字典 SpoofWeb:一键部署HTTPS钓鱼站 VpsEnvInstall:一键部署VPS渗透环境 tangalanga:Zoom会议扫描工具 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC Taie-RedTeam-OS-泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统 naiveproxy-一款用C语言编写类似于trojan的代理工具 BrowserGhost-一个抓取浏览器密码的工具,后续会添加更多功能 GatherInfo-渗透测试信息搜集/内网渗透信息搜集 EvilPDF:一款把恶意文件嵌入在 PDF 中的工具 SatanSword-红队综合渗透框架,支持web指纹识别、漏洞PoC检测、批量web信息和端口信息查询、路径扫描、批量JS查找子域名、使用google headless、协程支持、完整的日志回溯 Get-WeChat-DB-获取目标机器的微信数据库和密钥 ThinkphpRCE-支持代理IP池的批量检测Thinkphp漏洞或者日志泄露的py3脚本 fakelogonscreen-伪造(Windows)系统登录页面,截获密码 WMIHACKER-仅135端口免杀横向移动|使用方法以及介绍|横向移动工具WMIHACKER|原文链接 cloud-ranges-部分公有云IP地址范围 sqltools_ch-sqltools2.0汉化增强版 railgun-poc_1.0.1.7-多功能端口扫描/爆破/漏洞利用/编码转换等 dede_funcookie.php-DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 文章/书籍/教程相关 windwos权限维持系列12篇PDF Linux 权限维持之进程注入(需要关闭ptrace) | 在不使用ptrace的情况下,将共享库(即任意代码)注入实时Linux进程中。(不需要关闭ptrace) 44139-mysql-udf-exploitation emlog CMS的代码审计_越权到后台getshell PHPOK 5.3 最新版前台注入 PHPOK 5.3 最新版前台无限制注入(二) Thinkphp5 RCE总结 rConfig v3.9.2 RCE漏洞分析 weiphp5.0 cms审计之exp表达式注入 zzzphp1.7.4&1.7.5到处都是sql注入 FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor zzcms 2019 版本代码审计 利用SQLmap 结合 OOB 技术实现音速盲注 特权提升技术总结之Windows文件服务内核篇(主要是在webshell命令行执行各种命令搜集信息)|(项目留存PDF版本) WellCMS 2.0 Beta3 后台任意文件上传 国外详细的CTF分析总结文章(2014-2017年) 这是一篇“不一样”的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码|原文地址 表达式注入.pdf WordPress ThemeREX Addons 插件安全漏洞深度分析 通达OA文件包含&文件上传漏洞分析 高级SQL注入:混淆和绕过 权限维持及后门持久化技巧总结 Windows常见的持久化后门汇总 Linux常见的持久化后门汇总 CobaltStrike4.0用户手册_中文翻译_3 Cobaltstrike 4.0之 我自己给我自己颁发license.pdf Cobalt Strike 4.0 更新内容介绍 Cobal_Strike_自定义OneLiner cobalt strike 快速上手 [ 一 ] Cobalt strike3.0使用手册 Cobalt_Strike_Spear_Phish_CS邮件钓鱼制作 Remote NTLM relaying through CS 渗透测试神器Cobalt Strike使用教程 Cobalt Strike的teamserver在Windows上快速启动脚本 ThinkPHP v6.0.0_6.0.1 任意文件操作漏洞分析 Django_CVE-2020-9402_Geo_SQL注入分析 CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行 安全狗SQL注入WAF绕过 通过将JavaScript隐藏在PNG图片中,绕过CSP 通达OA任意文件上传_文件包含GetShell 文件上传Bypass安全狗4.0 SQL注入Bypass安全狗4.0 通过正则类SQL注入防御的绕过技巧 MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得 bypass云锁注入测试 360webscan.php_bypass think3.2.3_sql注入分析 UEditor SSRF DNS Rebinding PHP代码审计分段讲解 京东SRC小课堂系列文章 windows权限提升的多种方式|Privilege_Escalation_in_Windows_for_OSCP bypass CSP|Content-Security-Policy(CSP)Bypass_Techniques 个人维护的安全知识框架,内容偏向于web PAM劫持SSH密码 零组资料文库-(需要邀请注册) redis未授权个人总结-Mature NTLM中继攻击的新方法 PbootCMS审计 De1CTF2020系列文章 xss-demo-超级简单版本的XSS练习demo 空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透 入门KKCMS代码审计 SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist 文件上传突破waf总结 极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞|原文地址 代码审计之DTCMS_V5.0后台漏洞两枚 快速判断sql注入点是否支持load_file 文件上传内容检测绕过 Fastjson_=1.2.47反序列化远程代码执行漏洞复现 【Android脱壳】_腾讯加固动态脱壳(上篇) 【Android脱壳】腾讯加固动态脱壳(下篇) 【Android脱壳】记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务 【Android抓包】记一次APP测试的爬坑经历.pdf 完整的内网域渗透-暗月培训之项目六 Android APP渗透测试方法大全 App安全检测指南-V1.0 借github上韩国师傅的一个源码实例再次理解.htaccess的功效 Pentest_Note-渗透Tips,总结了渗透测试常用的工具方法 红蓝对抗之Windows内网渗透-腾讯SRC出品 远程提取Windows中的系统凭证 绕过AMSI执行powershell脚本|AmsiScanBufferBypass-相关项目 踩坑记录-Redis(Windows)的getshell Cobal_Strike踩坑记录-DNS Beacon windows下隐藏webshell的方法 [DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./books/DEDECMS伪随机漏洞分析 (三) 碰撞点.pdf) 说明 此项目所有文章、代码部分来源于互联网,版权归原作者所有,此项目仅供学习参考使用,严禁用于任何非法行为!使用即代表你同意自负责任! About No description, website, or topics provided. Resources Readme License Apache-2.0 License Releases No releases published Languages PowerShell 49.3% Java 33.0% Python 12.7% C 2.2% HTML 0.7% PHP 0.6% Other 1.5%
master 1 branch 1 tag Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit engn33r Add table of CVEs … 935822a 5 hours ago Add table of CVEs 935822a Git stats 3 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time Java-deserialization-CVEs-quantity-by-year.png Add graphs 5 hours ago Java-deserialization-CVEs-risk-by-year.png Add graphs 5 hours ago README.md Add table of CVEs 5 hours ago View code README.md Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization. Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries. If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/3.1 risk CVSS 2 risk CVE-2004-2540 2004 5 CVE-2005-0223 2005 5 CVE-2005-3583 2005 7.8 CVE-2006-6745 2006 9.3 CVE-2008-1013 2008 6.8 CVE-2008-5353 2008 10 CVE-2009-1094 2009 10 CVE-2009-1103 2009 6.4 CVE-2009-1190 2009 5 CVE-2009-2723 2009 10 CVE-2010-0094 2010 7.5 CVE-2010-3568 2010 10 CVE-2010-3569 2010 10 CVE-2011-0865 2011 2.6 CVE-2011-2894 2011 6.8 CVE-2011-3521 2011 10 CVE-2012-0505 2012 7.5 CVE-2012-4858 2012 9.3 CVE-2013-0433 2013 5 CVE-2013-0441 2013 10 CVE-2013-1768 2013 7.5 CVE-2013-1777 2013 10 CVE-2013-2165 2013 7.5 CVE-2013-2185 2013 7.5 CVE-2013-2186 2013 7.5 CVE-2013-2417 2013 5 CVE-2013-2450 2013 5 CVE-2013-2456 2013 5 CVE-2013-4271 2013 7.5 CVE-2013-4444 2013 6.8 CVE-2013-5456 2013 9.3 CVE-2013-6288 2013 10 CVE-2014-0416 2014 5 CVE-2014-1972 2014 7.8 CVE-2014-7911 2014 7.2 CVE-2014-9515 2014 9.8 7.5 CVE-2014-9757 2014 9.8 7.5 CVE-2015-1920 2015 10 CVE-2015-2828 2015 9 CVE-2015-3253 2015 9.8 7.5 CVE-2015-3837 2015 9.3 CVE-2015-4805 2015 10 CVE-2015-4852 2015 7.5 CVE-2015-5254 2015 9.8 7.5 CVE-2015-5344 2015 9.8 7.5 CVE-2015-5348 2015 8.1 6.8 CVE-2015-6420 2015 7.5 CVE-2015-6554 2015 7.5 CVE-2015-6555 2015 8.5 CVE-2015-6576 2015 8.8 6.5 CVE-2015-6934 2015 7.3 7.5 CVE-2015-7253 2015 10 CVE-2015-7450 2015 9.8 10 CVE-2015-7501 2015 9.8 10 CVE-2015-8103 2015 7.5 CVE-2015-8360 2015 9.8 7.5 CVE-2015-8765 2015 8.3 7.5 CVE-2016-0276 2016 6.3 6.5 CVE-2016-0360 2016 9.8 7.5 CVE-2016-0376 2016 8.1 5.1 CVE-2016-0686 2016 9.6 10 CVE-2016-0714 2016 8.8 6.5 CVE-2016-0750 2016 8.8 6.5 CVE-2016-0779 2016 9.8 7.5 CVE-2016-0788 2016 9.8 10 CVE-2016-0958 2016 7.5 7.8 CVE-2016-1000027 2016 9.8 7.5 CVE-2016-1000031 2016 9.8 7.5 CVE-2016-10304 2016 6.5 4 CVE-2016-10750 2016 8.1 6.8 CVE-2016-1114 2016 9.8 7.5 CVE-2016-1291 2016 9.8 9.3 CVE-2016-1487 2016 8.8 6.8 CVE-2016-1985 2016 10 10 CVE-2016-1986 2016 9.8 7.5 CVE-2016-1997 2016 9.8 10 CVE-2016-1998 2016 9.8 10 CVE-2016-1999 2016 9.8 10 CVE-2016-2000 2016 9.8 7.5 CVE-2016-2003 2016 9.8 7.5 CVE-2016-2009 2016 8.8 6.5 CVE-2016-2170 2016 9.8 7.5 CVE-2016-2173 2016 9.8 7.5 CVE-2016-2397 2016 9.8 10 CVE-2016-2510 2016 8.1 6.8 CVE-2016-3415 2016 9.1 6.4 CVE-2016-3427 2016 9 10 CVE-2016-3461 2016 7.2 4.3 CVE-2016-3642 2016 9.8 10 CVE-2016-4000 2016 9.8 7.5 CVE-2016-4368 2016 9.8 7.5 CVE-2016-4369 2016 8.8 6.5 CVE-2016-4372 2016 9.8 7.5 CVE-2016-4373 2016 9.8 7.5 CVE-2016-4385 2016 7.3 7.5 CVE-2016-4398 2016 8.8 6.5 CVE-2016-4405 2016 8.8 6.5 CVE-2016-4974 2016 7.5 6 CVE-2016-4978 2016 7.2 6 CVE-2016-5003 2016 9.8 7.5 CVE-2016-5004 2016 6.5 4.3 CVE-2016-5019 2016 9.8 7.5 CVE-2016-5229 2016 9.8 7.5 CVE-2016-5983 2016 7.5 6.5 CVE-2016-6199 2016 9.8 7.5 CVE-2016-6496 2016 9.8 7.5 CVE-2016-6500 2016 8.1 6.8 CVE-2016-6501 2016 9.8 7.5 CVE-2016-6793 2016 9.1 6.4 CVE-2016-6809 2016 9.8 7.5 CVE-2016-6814 2016 9.8 7.5 CVE-2016-7065 2016 8.8 6.5 CVE-2016-7462 2016 8.5 7.5 CVE-2016-8511 2016 9.8 7.5 CVE-2016-8648 2016 7.2 6.5 CVE-2016-8735 2016 9.8 7.5 CVE-2016-8736 2016 9.8 7.5 CVE-2016-8744 2016 8.8 9 CVE-2016-8749 2016 9.8 7.5 CVE-2016-9299 2016 9.8 7.5 CVE-2016-9498 2016 9.8 10 CVE-2016-9606 2016 8.1 6.8 CVE-2017-1000034 2017 8.1 9.3 CVE-2017-1000353 2017 9.8 7.5 CVE-2017-1000355 2017 6.5 4 CVE-2017-10108 2017 5.3 5 CVE-2017-10109 2017 5.3 5 CVE-2017-10271 2017 7.5 5 CVE-2017-10281 2017 5.3 5 CVE-2017-10345 2017 3.1 2.6 CVE-2017-10347 2017 5.3 5 CVE-2017-10357 2017 5.3 5 CVE-2017-10932 2017 9.8 10 CVE-2017-10934 2017 9.8 7.5 CVE-2017-10992 2017 9.8 10 CVE-2017-11283 2017 9.8 7.5 CVE-2017-11284 2017 9.8 7.5 CVE-2017-12149 2017 9.8 7.5 CVE-2017-12557 2017 9.8 10 CVE-2017-12628 2017 7.8 7.2 CVE-2017-12633 2017 9.8 7.5 CVE-2017-12634 2017 9.8 7.5 CVE-2017-13286 2017 7.8 7.2 CVE-2017-15089 2017 8.8 6.5 CVE-2017-15095 2017 9.8 7.5 CVE-2017-15692 2017 9.8 7.5 CVE-2017-15693 2017 7.5 6 CVE-2017-15703 2017 5 3.5 CVE-2017-15708 2017 9.8 7.5 CVE-2017-17485 2017 9.8 7.5 CVE-2017-2608 2017 8.8 6.5 CVE-2017-3066 2017 9.8 10 CVE-2017-3159 2017 9.8 7.5 CVE-2017-3199 2017 8.1 6.8 CVE-2017-3200 2017 8.1 6.8 CVE-2017-3201 2017 8.1 6.8 CVE-2017-3202 2017 9.8 7.5 CVE-2017-3203 2017 8.1 6.8 CVE-2017-3206 2017 9.8 7.5 CVE-2017-3207 2017 9.8 7.5 CVE-2017-3208 2017 9.8 7.5 CVE-2017-3241 2017 9 6.8 CVE-2017-3248 2017 9.8 7.5 CVE-2017-3506 2017 7.4 5.8 CVE-2017-3523 2017 8.5 6 CVE-2017-4995 2017 8.1 6.8 CVE-2017-5586 2017 9.8 7.5 CVE-2017-5636 2017 9.8 7.5 CVE-2017-5641 2017 9.8 7.5 CVE-2017-5645 2017 9.8 7.5 CVE-2017-5792 2017 9.8 7.5 CVE-2017-5878 2017 9.8 7.5 CVE-2017-5929 2017 9.8 7.5 CVE-2017-5983 2017 9.8 7.5 CVE-2017-7504 2017 9.8 7.5 CVE-2017-7525 2017 9.8 7.5 CVE-2017-8012 2017 7.4 5.8 CVE-2017-9363 2017 9.8 7.5 CVE-2017-9805 2017 8.1 6.8 CVE-2017-9830 2017 9.8 7.5 CVE-2017-9844 2017 9.8 7.5 CVE-2018-0147 2018 9.8 10 CVE-2018-1000058 2018 8.8 6.5 CVE-2018-1000613 2018 9.8 7.5 CVE-2018-1000861 2018 9.8 10 CVE-2018-1000873 2018 6.5 4.3 CVE-2018-10237 2018 5.9 4.3 CVE-2018-10654 2018 8.1 6.8 CVE-2018-11247 2018 9.8 7.5 CVE-2018-11779 2018 9.8 7.5 CVE-2018-12532 2018 9.8 7.5 CVE-2018-12539 2018 7.8 4.6 CVE-2018-1295 2018 9.8 7.5 CVE-2018-1297 2018 9.8 7.5 CVE-2018-1310 2018 7.5 5 CVE-2018-14667 2018 9.8 7.5 CVE-2018-14718 2018 9.8 7.5 CVE-2018-14719 2018 9.8 7.5 CVE-2018-14720 2018 9.8 7.5 CVE-2018-14721 2018 10 7.5 CVE-2018-15381 2018 9.8 10 CVE-2018-1567 2018 9.8 7.5 CVE-2018-15890 2018 9.8 10 CVE-2018-17200 2018 9.8 7.5 CVE-2018-18013 2018 7.8 7.2 CVE-2018-18628 2018 9.8 10 CVE-2018-1904 2018 9.8 7.5 CVE-2018-19276 2018 9.8 10 CVE-2018-19360 2018 9.8 7.5 CVE-2018-19361 2018 9.8 7.5 CVE-2018-19362 2018 9.8 7.5 CVE-2018-1999042 2018 5.3 5 CVE-2018-20732 2018 9.8 7.5 CVE-2018-2628 2018 9.8 7.5 CVE-2018-2657 2018 5.3 5 CVE-2018-2677 2018 4.3 4.3 CVE-2018-2815 2018 5.3 5 CVE-2018-2893 2018 9.8 7.5 CVE-2018-3004 2018 5.3 3.5 CVE-2018-3191 2018 9.8 7.5 CVE-2018-3245 2018 9.8 7.5 CVE-2018-3252 2018 9.8 7.5 CVE-2018-4939 2018 9.8 10 CVE-2018-5393 2018 9.8 10 CVE-2018-5968 2018 8.1 5.1 CVE-2018-6331 2018 9.8 7.5 CVE-2018-7489 2018 9.8 7.5 CVE-2018-8013 2018 9.8 7.5 CVE-2018-8016 2018 9.8 7.5 CVE-2018-8018 2018 9.8 7.5 CVE-2018-9522 2018 7.8 7.2 CVE-2018-9523 2018 7.8 7.2 CVE-2019-0187 2019 9.8 7.5 CVE-2019-0189 2019 9.8 7.5 CVE-2019-0192 2019 9.8 7.5 CVE-2019-0195 2019 9.8 7.5 CVE-2019-0305 2019 4.3 4.3 CVE-2019-0344 2019 9.8 7.5 CVE-2019-10086 2019 7.3 7.5 CVE-2019-10202 2019 9.8 7.5 CVE-2019-12384 2019 5.9 4.3 CVE-2019-12630 2019 9.8 7.5 CVE-2019-13116 2019 9.8 7.5 CVE-2019-14224 2019 7.2 9 CVE-2019-14540 2019 9.8 7.5 CVE-2019-14892 2019 9.8 7.5 CVE-2019-14893 2019 9.8 7.5 CVE-2019-16112 2019 8.8 6.5 CVE-2019-16891 2019 8.8 6.5 CVE-2019-17556 2019 9.8 10 CVE-2019-17564 2019 9.8 6.8 CVE-2019-17570 2019 9.8 7.5 CVE-2019-17571 2019 9.8 7.5 CVE-2019-18364 2019 9.8 7.5 CVE-2019-18580 2019 10 10 CVE-2019-18956 2019 9.8 7.5 CVE-2019-2725 2019 9.8 7.5 CVE-2019-2983 2019 3.7 4.3 CVE-2019-5326 2019 7.2 6.5 CVE-2019-6503 2019 9.8 7.5 CVE-2019-7727 2019 9.8 7.5 CVE-2019-7839 2019 9.8 10 CVE-2019-8352 2019 9.8 7.5 CVE-2019-9212 2019 9.8 7.5 CVE-2020-0082 2020 7.8 7.2 CVE-2020-10189 2020 9.8 10 CVE-2020-10644 2020 7.5 5 CVE-2020-10672 2020 8.8 6.8 CVE-2020-10673 2020 8.8 6.8 CVE-2020-10969 2020 8.8 6.8 CVE-2020-11111 2020 8.8 6.8 CVE-2020-11112 2020 8.8 6.8 CVE-2020-11113 2020 8.8 6.8 CVE-2020-11620 2020 9.8 6.8 CVE-2020-11972 2020 9.8 7.5 CVE-2020-11973 2020 9.8 7.5 CVE-2020-12000 2020 7.5 5 CVE-2020-12133 2020 9.8 10 CVE-2020-12760 2020 8.8 6.5 CVE-2020-12835 2020 9.8 7.5 CVE-2020-1714 2020 8.8 6.5 CVE-2020-1947 2020 9.8 7.5 CVE-2020-2551 2020 9.8 7.5 CVE-2020-2555 2020 9.8 7.5 CVE-2020-2583 2020 3.7 4.3 CVE-2020-2604 2020 8.1 6.8 CVE-2020-2756 2020 3.7 4.3 CVE-2020-2757 2020 3.7 4.3 CVE-2020-2883 2020 9.8 7.5 CVE-2020-2950 2020 9.8 7.5 CVE-2020-3280 2020 9.8 10 CVE-2020-4448 2020 9.8 10 CVE-2020-4449 2020 7.5 5 CVE-2020-4450 2020 9.8 10 CVE-2020-5327 2020 9.8 9.3 CVE-2020-7961 2020 9.8 7.5 CVE-2020-8840 2020 9.8 7.5 CVE-2020-9484 2020 7 4.4 CVE-2020-9546 2020 9.8 6.8 CVE-2020-9547 2020 9.8 6.8 CVE-2020-9548 2020 9.8 6.8 About No description, website, or topics provided. Resources Readme Releases 1 Initial release Latest 5 hours ago
CVE-Arh1v3
No description, website, or topics provided.
Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote code execution flaw, CVE-2020-2883, that can be exploited by unauthenticated attackers to take over unpatched systems...
Over the past two week, we have seen an increase in warnings from law enforcement agencies stating that healthcare organizations need to be on high alert for attacks by ransomware operators and other attackers who are looking to capitalize on the Coronavirus pandemic.
In addition, we continue to see new variants released from the common ransomware families such as STOP, Dharma, and others.
Finally, the Wall Street Journal broke the news this week that Travelex paid a $2.3 million ran...
At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in May 2018, right after Israeli security agencies announced that Hamas had installed spyware on the smartphones of Israeli soldiers, and we released a private report on our Threat Intelligence Portal. We believe the mal...
The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloads and targeting.
While considered unsophisticated, researchers warn that the threat group has a wide reach and has attacked organizations in banking, healthcare, transportation and IT services...
Emergency security fix emitted for remote code exec hole exploited in the wild
Oracle has issued an emergency critical update to address a remote code execution vulnerability in its WebLogic Server component for Fusion Middleware – a flaw miscreants are exploiting in the wild to hijack systems.
The programming blunder, designated CVE-2019-2729, is present in WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability itself is caused by a deserialization bug in the XMLDecoder for WebLogic Server Web Services.
When exploited, a remote at...
Oracle said that a critical remote code execution flaw in its WebLogic Server is being actively exploited in the wild.
The remote code execution flaw (CVE-2019-2729) impacts a number of versions of Oracle’s WebLogic Server, used for building and deploying enterprise applications. The vulnerability has a CVSS score of 9.8 out of 10. Part of its seriousness is because it is remotely exploitable without authentication.
“Due to the severity of this vulnerability, Oracle strongly reco...
Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks.
The issue is now tracked CVE-2019-2729 and it is deserialization via XMLDecoder in Oracle WebLogic Server Web Services. This is the same as CVE-2019-2725, patched in April, leveraged in past attacks to deliver Sodinokibi ransomware and cryptocurrency miners. It is also ...
The GandCrab ransomware group is shutting down, according to posts on the Dark Web.
Researchers David Montenegro and Damian spotted the announcements over the weekend.
Noting that “all good things come to an end,” GandCrab’s operators in a posting on the exploit[.]in underground market claim the malware has raked in nearly $2 billion since the ransomware launched in January of last year. That encompasses ransomware-as-a-service (RaaS) earnings as well as $150 million for...
Malicious activity exploiting the recently disclosed Oracle WebLogic critical deserialization vulnerability (CVE-2019-2725) is surging. Even though there’s a patch, tens of thousands of vulnerable machines represent an irresistible target for hackers, according to Unit 42 researchers at Palo Alto Networks – especially since the bug is “trivial” to exploit.
Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. Oracle r...
UPDATE
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhs...
Big Red rushes out software patch as ransomware scumbags move in
IT admins overseeing Oracle's WebLogic Server installations need to get patching immediately: miscreants are exploiting what was a zero-day vulnerability in the software to pump ransomware into networks.
The Cisco Talos security team said one its customers discovered it had been infected via the bug on April 25, though the exploit is believed to have been kicking around the web since April 17. The programming blunder at the heart of the matter is a deserialization vulnerability that can be...
A recently-disclosed critical vulnerability in Oracle WebLogic is being actively exploited in a slew of attacks, which are distributing a never-before-seen ransomware variant.
The recently-patched flaw exists in Oracle’s WebLogic server, used for building and deploying enterprise applications. The deserialization vulnerability (CVE-2019-2725) is being exploited to spread what researchers with Cisco Talos in a Tuesday analysis dubbed the “Sodinokibi” ransomware.
“This is th...
Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
Earlier this month, a deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a l...
Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world.
Since the infamous GandCrab group called it quits in mid-2019, the ransomware landscape changed drastically. The ...