Published: 14/01/2020 Updated: 17/01/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows Remote Desktop Gateway (RD Gateway) is a Windows Server component that provides access to Remote Desktop services without requiring the client system to be present on the same network as the target system. Originally launched as Terminal Services Gateway (TS Gateway) with Windows Server 2008, RD Gateway is a recommended way to provide Remote Desktop connectivity to cloud-based systems. For example, guidance has been provided for using RD Gateway with AWS, and also with Azure. The use of RD Gateway is recommended to reduce the attack surface of Windows-based hosts.Microsoft RD Gateway in Windows Server 2012 and later contain two vulnerabilities that can allow an unauthenticated remote malicious user to execute arbitrary code with SYSTEM privileges. It is reported by Kryptos Logic that the flaws lie in handling of fragmentation. This vulnerability is exploitable by connecting to the RD Gateway service listening on UDP/3391.

Vulnerability Trend

Github Repositories

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit jekil committed 6fcf8d9 14 hours ago Added more tools Git stats 387 commits 2 branches 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CTF Tools Updated submodules 2 months ago Code Auditing/Static Analysis Added more tools 2 months ago Cryptography Added more tools 4 years ago Docker Removed submodule not working 2 months ago Forensics Added more tools 6 days ago Hardware Hacking/Computer Added more tools 12 months ago Intelligence Added more tools 6 months ago Library Added more tools 7 days ago Live CD - Distributions Added more tools 4 years ago Malware Added more tools 4 days ago Network Removed dismissed project, dripcap 2 months ago Penetration Testing Added more tools 3 days ago Reverse Engineering Added more tools 7 days ago Security Added more tools 14 hours ago Social Engineering Added more tools 2 months ago _pages Added more tools 14 hours ago .gitignore Added basic gitignore 4 years ago .gitmodules Added more tools 14 hours ago .travis.yml Only python 3.6 is supported by travis 15 months ago Makefile Dumb, it's not a cat 15 months ago Readme.rst Added github index 4 years ago requirements.txt Updated requirements 15 months ago View code Readme.rst Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers. Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command. This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can download all the tools with the following command: git clone --recursive https://github.com/jekil/awesome-hacking.git To update it run the following command: git pull Every kind of contribution is really appreciated! Follow the contribute. If you enjoy this work, please keep it alive contributing or just sharing it! - @jekil Table of Contents CTF Tools Code Auditing Static Analysis Cryptography Docker Forensics File Forensics Incident Response Live Analysis Memory Forensics Misc Mobile Network Forensics Hardware Hacking Computer Intelligence Library C Go Java Python Ruby Live CD - Distributions Malware Dynamic Analysis Honeypot Intelligence Ops Source Code Static Analysis Network Analysis Fake Services Packet Manipulation Sniffer Penetration Testing DoS Exploiting Exploits Fuzzing Info Gathering MITM Mobile Password Cracking Port Scanning Post Exploitation Reporting Services Training Web Wireless Reverse Engineering Security Cloud Security Endpoint Security Network Security Orchestration Phishing Privacy Social Engineering Framework Harvester Phishing Wardialing CTF Tools CTFd - CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF. FBCTF - Platform to host Capture the Flag competitions. LibreCTF - CTF in a box. Minimal setup required. Mellivora - A CTF engine written in PHP. NightShade - A simple security CTF framework. OneGadget - A tool for you easy to find the one gadget RCE in libc.so.6. Pwntools - CTF framework and exploit development library. Scorebot - Platform for CTFs by Legitbs (Defcon). V0lt - Security CTF Toolkit. Code Auditing Static Analysis Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications. Dr. Taint - A very WIP DynamoRIO module built on the Dr. Memory Framework to implement taint analysis on ARM. ShellCheck - A static analysis tool for shell scripts. Cryptography FeatherDuster - An automated, modular cryptanalysis tool. RSATool - Generate private key with knowledge of p and q. Xortool - A tool to analyze multi-byte xor cipher. Docker DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Docker Bench for Security - The Docker Bench for Security checks for all the automatable tests in the CIS Docker 1.6 Benchmark. Kali Linux - This Kali Linux Docker image provides a minimal base install of the latest version of the Kali Linux Rolling Distribution. Metasploit - Metasploit Framework penetration testing software (unofficial docker). OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. OWASP Mutillidae II - OWASP Mutillidae II Web Pen-Test Practice Application. OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10. OWASP Security Shepherd - A web and mobile application security training platform. OWASP WebGoat - A deliberately insecure Web Application. OWASP ZAP - Current stable owasp zed attack proxy release in embedded docker container. Security Ninjas - An Open Source Application Security Training Program. SpamScope - SpamScope (Fast Advanced Spam Analysis Tool) Elasticsearch. Vulnerability as a service: Heartbleed - Vulnerability as a Service: CVE 2014-0160. Vulnerability as a service: Shellshock - Vulnerability as a Service: CVE 2014-6271. Vulnerable WordPress Installation - Vulnerable WordPress Installation. WPScan - WPScan is a black box WordPress vulnerability scanner. Forensics File Forensics Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. DFF - A Forensics Framework coming with command line and graphical interfaces. DFF can be used to investigate hard drives and volatile memory and create reports about user and system activities. Docker Explorer - A tool to help forensicate offline docker acquisitions. Hadoop_framework - A prototype system that uses Hadoop to process hard drive images. OSXCollector - A forensic evidence collection & analysis toolkit for OS X. Scalpel - An open source data carving tool. Shellbags - Investigate NT_USER.dat files. SlackPirate - Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace. Sleuthkit - A library and collection of command line digital forensics tools. Telegram-extractor - Python3 scripts to analyse the data stored in Telegram. Truehunter - The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. Incident Response Hunter - A threat hunting / data analysis environment based on Python, Pandas, PySpark and Jupyter Notebook. Snoopdigg - Simple utility to ease the process of collecting evidence to find infections. Live Analysis OS X Auditor - OS X Auditor is a free Mac OS X computer forensics tool. Windows-event-forwarding - A repository for using windows event forwarding for incident detection and response. Memory Forensics Rekall - Memory analysis framework developed by Google. Volatility - Extract digital artifacts from volatile memory (RAM) samples. Misc Diffy - A digital forensics and incident response (DFIR) tool developed by Netflix's Security Intelligence and Response Team (SIRT). Allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. HxD - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size. Libfvde - Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes. Mass_archive - A basic tool for pushing a web page to multiple archiving services at once. Mobile Android Forensic Toolkit - Allows you to extract SMS records, call history, photos, browsing history, and password from an Android phone. Android backup extractor - Utility to extract and repack Android backups created with adb backup (ICS+). Largely based on BackupManagerService.java from AOSP. Mem - Tool used for dumping memory from Android devices. Snoopdroid - Extract packages from an Android device. WhatsApp Media Decrypt - Decrypt WhatsApp encrypted media files. Network Forensics Dnslog - Minimalistic DNS logging tool. Dshell - A network forensic analysis framework. Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup. Website Evidence Collector - The tool Website Evidence Collector (WEC) automates the website evidence collection of storage and transfer of personal data. Hardware Hacking Computer Kbd-audio - Tools for capturing and analysing keyboard input paired with microphone capture. LimeSDR-Mini - The LimeSDR-Mini board provides a hardware platform for developing and prototyping high-performance and logic-intensive digital and RF designs using Altera’s MAX10 FPGA and Lime Microsystems transceiver. NSA-B-GONE - Thinkpad X220 board that disconnects the webcam and microphone data lines. Intelligence Attackintel - A python script to query the MITRE ATT&CK API for tactics, techniques, mitigations, & detection methods for specific threat groups. IntelOwl - Analyze files, domains, IPs in multiple ways from a single API at scale. Shodan-seeker - Command-line tool using Shodan API. Generates and downloads CSV results, diffing of historic scanning results, alerts and monitoring of specific ports/IPs, etc. VIA4CVE - An aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs. Yeti - Your Everyday Threat Intelligence. Library C Libdnet - Provides a simplified, portable interface to several low-level networking routines, including network address manipulation, kernel arp cache and route table lookup and manipulation, network firewalling, network interface lookup and manipulation, IP tunnelling, and raw IP packet and Ethernet frame transmission. Go Garble - Obfuscate Go builds. Java Libsignal-service-java - A Java/Android library for communicating with the Signal messaging service. Python Amodem - Audio MODEM Communication Library in Python. Dpkt - Fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols. Pcapy - A Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets. Plyara - Parse YARA rules and operate over them more easily. PyBFD - Python interface to the GNU Binary File Descriptor (BFD) library. PyPDF2 - A utility to read and write PDFs with Python. Pynids - A python wrapper for libnids, a Network Intrusion Detection System library offering sniffing, IP defragmentation, TCP stream reassembly and TCP port scan detection. Let your own python routines examine network conversations. Pypcap - This is a simplified object-oriented Python wrapper for libpcap. Python-ptrace - Python binding of ptrace library. RDPY - RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). Scapy - A python-based interactive packet manipulation program & library. Ruby Secureheaders - Security related headers all in one gem. Live CD - Distributions Android Tamer - Virtual / Live Platform for Android Security professionals. ArchStrike - An Arch Linux repository for security professionals and enthusiasts. BOSSLive - An Indian GNU/Linux distribution developed by CDAC and is customized to suit Indian's digital environment. It supports most of the Indian languages. BackBox - Ubuntu-based distribution for penetration tests and security assessments. BlackArch - Arch Linux-based distribution for penetration testers and security researchers. DEFT Linux - Suite dedicated to incident response and digital forensics. Fedora Security Lab - A safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations. Kali - A Linux distribution designed for digital forensics and penetration testing. NST - Network Security Toolkit distribution. Ophcrack - A free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. Parrot - Security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. Pentoo - Security-focused livecd based on Gentoo. REMnux - Toolkit for assisting malware analysts with reverse-engineering malicious software. Malware Dynamic Analysis Androguard - Reverse engineering, Malware and goodware analysis of Android applications. CAPEv2 - Malware Configuration And Payload Extraction. Cuckoo Sandbox - An automated dynamic malware analysis system. CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox. DECAF - Short for Dynamic Executable Code Analysis Framework, is a binary analysis platform based on QEMU. DRAKVUF Sandbox - DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS. DroidBox - Dynamic analysis of Android apps. Hooker - An opensource project for dynamic analyses of Android applications. Jsunpack-n - Emulates browser functionality when visiting a URL. LiSa - Sandbox for automated Linux malware analysis. Magento-malware-scanner - A collection of rules and samples to detect Magento malware. Malzilla - Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell. Panda - Platform for Architecture-Neutral Dynamic Analysis. ProbeDroid - A dynamic binary instrumentation kit targeting on Android(Lollipop) 5.0 and above. PyEMU - Fully scriptable IA-32 emulator, useful for malware analysis. PyWinSandbox - Python Windows Sandbox library. Create a new Windows Sandbox machine, control it with a simple RPyC interface. Pyrebox - Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU. Qiling - Advanced Binary Emulation framework. Uitkyk - Runtime memory analysis framework to identify Android malware. WScript Emulator - Emulator/tracer of the Windows Script Host functionality. Honeypot Amun - Amun was the first python-based low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance. Basic-auth-pot - HTTP Basic Authentication honeyPot. Bluepot - Bluetooth Honeypot. CitrixHoneypot - Detect and log CVE-2019-19781 scan and exploitation attempts. Conpot - ICS/SCADA honeypot. Cowrie - SSH honeypot, based on Kippo. Dionaea - Honeypot designed to trap malware. Django-admin-honeypot - A fake Django admin login screen to log and notify admins of attempted unauthorized access. ESPot - An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120. Elastichoney - A Simple Elasticsearch Honeypot. Glastopf - Web Application Honeypot. Glutton - All eating honeypot. HFish - A cross platform honeypot platform developed based on golang, which has been meticulously built for enterprise security. Heralding - Sometimes you just want a simple honeypot that collects credentials, nothing more. Heralding is that honeypot! Currently the following protocols are supported: ftp, telnet, ssh, rdp, http, https, pop3, pop3s, imap, imaps, smtp, vnc, postgresql and socks5. HonTel - A Honeypot for Telnet service. Basically, it is a Python v2.x application emulating the service inside the chroot environment. Originally it has been designed to be run inside the Ubuntu/Debian environment, though it could be easily adapted to run inside any Linux environment. HoneyPy - A low to medium interaction honeypot. HoneyTrap - Advanced Honeypot framework. Honeyd - Create a virtual honeynet. Honeypot - Low interaction honeypot that displays real time attacks. Honeything - A honeypot for Internet of TR-069 things. It's designed to act as completely a modem/router that has RomPager embedded web server and supports TR-069 (CWMP) protocol. HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts. Kippo - A medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo-graph - Visualize statistics from a Kippo SSH honeypot. MHN - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. MTPot - Open Source Telnet Honeypot. Maildb - Python Web App to Parse and Track Email and http Pcap Files. Mailoney - A SMTP Honeypot I wrote just to have fun learning Python. Mnemosyne - A normalizer for honeypot data; supports Dionaea. MongoDB-HoneyProxy - A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server. MysqlPot - A mysql honeypot, still very very early stage. NoSQLPot - The NoSQL Honeypot Framework. Nodepot - A nodejs web application honeypot. OWASP-Honeypot - An open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way. OpenCanary - A daemon that runs several canary versions of services that alerts when a service is (ab)used. Phoneyc - Pure Python honeyclient implementation. Phpmyadmin_honeypot - A simple and effective phpMyAdmin honeypot. Servletpot - Web application Honeypot. Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps. Shiva - Spam Honeypot with Intelligent Virtual Analyzer, is an open but controlled relay Spam Honeypot (SpamPot), built on top of Lamson Python framework, with capability of collecting and analyzing all spam thrown at it. Smart-honeypot - PHP Script demonstrating a smart honey pot. Snare - Super Next generation Advanced Reactive honEypot SpamScope - Fast Advanced Spam Analysis Tool. StrutsHoneypot - Struts Apache 2 based honeypot as well as a detection module for Apache 2 servers. T-Pot - The All In One Honeypot Platform. Tango - Honeypot Intelligence with Splunk. Tanner - A remote data analysis and classification service to evaluate HTTP requests and composing the response then served by SNARE. TANNER uses multiple application vulnerability type emulation techniques when providing responses for SNARE. In addition, TANNER provides Dorks for SNARE powering its luring capabilities. Thug - Low interaction honeyclient, for investigating malicious websites. Twisted-honeypots - SSH, FTP and Telnet honeypots based on Twisted. Wetland - A high interaction SSH honeypot. Wordpot - A WordPress Honeypot. Wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot. Intelligence MISP Modules - Modules for expansion services, import and export in MISP. Passivedns-client - Provides a library and a query tool for querying several passive DNS providers. Rt2jira - Convert RT tickets to JIRA tickets. Ops Al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection. BASS - BASS Automated Signature Synthesizer. CSCGuard - Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation. CapTipper - A python tool to analyze, explore and revive HTTP malicious traffic. FLARE - A fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc. FakeNet-NG - A next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. Google-play-crawler - Google-play-crawler is simply Java tool for searching android applications on GooglePlay, and also downloading them. Googleplay-api - An unofficial Python API that let you search, browse and download Android apps from Google Play (formerly Android Market). Grimd - Fast dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers. Hidden - Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc. ImaginaryC2 - A python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads. Irma - IRMA is an asynchronous & customizable analysis system for suspicious files. KLara - A project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara. Kraken - Cross-platform Yara scanner written in Go. Malboxes - Builds malware analysis Windows VMs so that you don't have to. Mquery - YARA malware query accelerator (web frontend). Node-appland - NodeJS tool to download APKs from appland. Node-aptoide - NodeJS to download APKs from aptoide. Node-google-play - Call Google Play APIs from Node. Pafish - A demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. Source Code Android-malware - Collection of android malware samples. AsyncRAT-C-Sharp - Open-Source Remote Administration Tool For Windows C# (RAT). BYOB - An open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats. BlackHole - C# RAT (Remote Administration Tool). Carberp - Carberp leaked source code. Fancybear - Fancy Bear Source Code. LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts). Mirai - Leaked Mirai Source Code for Research/IoC Development Purposes. Morris Worm - The original Morris Worm source code. TinyNuke - Zeus-style banking trojan. Zerokit - Zerokit/GAPZ rootkit (non buildable and only for researching). Zeus - Zeus version, leaked in 2011. Static Analysis APKinspector - A powerful GUI tool for analysts to analyze the Android applications. Androwarn - Detect and warn the user about potential malicious behaviours developed by an Android application. ApkAnalyser - A static, virtual analysis tool for examining and validating the development work of your Android app. Argus-SAF - Argus static analysis framework. CFGScanDroid - Control Flow Graph Scanning for Android. ConDroid - Symbolic/concolic execution of Android apps. DroidLegacy - Static analysis scripts. FSquaDRA - Fast detection of repackaged Android applications based on the comparison of resource files included into the package. Floss - FireEye Labs Obfuscated String Solver. Automatically extract obfuscated strings from malware. Inspeckage - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. Maldrolyzer - Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers, etc). PEfile - Read and work with Portable Executable (aka PE) files. PEview - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. PScout - Analyzing the Android Permission Specification. Pdfminer - A tool for extracting information from PDF documents. Peepdf - A Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. Smali-CFGs - Smali Control Flow Graph's. SmaliSCA - Smali Static Code Analysis. Sysinternals Suite - The Sysinternals Troubleshooting Utilities. Yara - Identify and classify malware samples. Network Analysis Bro - A powerful network analysis framework that is much different from the typical IDS you may know. Fatt - A pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic. Nidan - An active network monitor tool. Pytbull - A python based flexible IDS/IPS testing framework. Sguil - Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Fake Services DNSChef - DNS proxy for Penetration Testers and Malware Analysts. DnsRedir - A small DNS server that will respond to certain queries with addresses provided on the command line. Packet Manipulation Pig - A Linux packet crafting tool. Yersinia - A network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Sniffer Cloud-pcap - Web PCAP storage and analytics. Dnscap - Network capture utility designed specifically for DNS traffic. Dsniff - A collection of tools for network auditing and pentesting. Justniffer - Just A Network TCP Packet Sniffer. Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic. Moloch - Moloch is a open source large scale full PCAP capturing, indexing and database system. Net-creds - Sniffs sensitive data from interface or pcap. Netsniff-ng - A Swiss army knife for your daily Linux network plumbing. NetworkMiner - A Network Forensic Analysis Tool (NFAT). OpenFPC - OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder and buffering tool. Its design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools. Openli - Open Source ETSI compliant Lawful Intercept software. PF_RING - PF_RING™ is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications. Termshark - A terminal UI for tshark, inspired by Wireshark. WebPcap - A web-based packet analyzer (client/server architecture). Useful for analyzing distributed applications or embedded devices. Wireshark - A free and open-source packet analyzer. Penetration Testing DoS DHCPig - DHCP exhaustion script written in python using scapy network library. LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C#. Based on Praetox's LOIC project. Memcrashed - DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API. Sockstress - Sockstress (TCP DoS) implementation. T50 - The more fast network stress tool. Torshammer - Tor's hammer. Slow post DDOS tool written in python. UFONet - Abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc. Exploiting AttackSurfaceAnalyzer - Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. Bashfuscator - A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team. BeEF - The Browser Exploitation Framework Project. BugId - Detect, analyze and uniquely identify crashes in Windows applications. Commix - Automated All-in-One OS Command Injection and Exploitation Tool. DLLInjector - Inject dlls in processes. Donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters. Drupwn - Drupal enumeration & exploitation tool. EfiGuard - Disable PatchGuard and DSE at boot time. Evilgrade - The update explotation framework. Exe2hex - Inline file transfer using in-built Windows tools (DEBUG.exe or PowerShell). Fathomless - A collection of different programs for network red teaming. Gorsair - Gorsair hacks its way into remote docker containers that expose their APIs. LAVA - Large-scale Automated Vulnerability Addition. Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number. Linux-exploit-suggester - Linux privilege escalation auditing tool. Macrome - Excel Macro Document Reader/Writer for Red Teamers & Analysts Metasploit Framework - Exploitation framework. MeterSSH - A way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection. The way it works is by injecting shellcode into memory, then wrapping a port spawned (meterpeter in this case) by the shellcode over SSH back to the attackers machine. Then connecting with meterpreter's listener to localhost will communicate through the SSH proxy, to the victim through the SSH tunnel. All communications are relayed through the SSH tunnel and not through the network. Nessus - Vulnerability, configuration, and compliance assessment. Nexpose - Vulnerability Management & Risk Management Software. Nishang - Offensive PowerShell for red team, penetration testing and offensive security. OpenVAS - Open Source vulnerability scanner and manager. PSKernel-Primitives - Exploit primitives for PowerShell. PowerSploit - A PowerShell Post-Exploitation Framework. ROP Gadget - Framework for ROP exploitation. Routersploit - Automated penetration testing software for router. Rupture - A framework for BREACH and other compression-based crypto attacks. SPARTA - Network Infrastructure Penetration Testing Tool. Shark - Turn off PatchGuard in real time for win7 (7600) ~ win10 (18950). SharpShooter - Payload Generation Framework. ShellcodeCompiler - A program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows (x86 and x64) and Linux (x86 and x64). It is possible to call any Windows API function or Linux syscall in a user-friendly way. Shellen - Interactive shellcoding environment to easily craft shellcodes. Shellsploit - Let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Spoodle - A mass subdomain + poodle vulnerability scanner. SysWhispers - AV/EDR evasion via direct system calls. Unicorn - Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18. Veil Framework - A tool designed to generate metasploit payloads that bypass common anti-virus solutions. Vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go. Windows Exploit Suggester - Detects potential missing patches on the target. Ysoserial.net - Deserialization payload generator for a variety of .NET formatters. Zarp - Network Attack Tool. Exploits Apache-uaf - Apache use after free bug infos / ASAN stack traces. BlueGate - PoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE. Bluedroid - PoCs of Vulnerabilities on Bluedroid. Broadpwn - Broadpwn bug (CVE-2017-9417). CVE-2018-8120 - CVE-2018-8120. CVE-2018-8897 - Implements the POP/MOV SS (CVE-2018-8897) vulnerability by bugchecking the machine (local DoS). CVE-2019-0604 - cve-2019-0604 SharePoint RCE exploit. CVE-2019-18935 - RCE exploit for a .NET deserialization vulnerability in Telerik UI for ASP.NET AJAX. CVE-2019-6453 - Proof of calc for CVE-2019-6453 (Mirc exploit). CVE-2020-10560 - OSSN Arbitrary File Read CVE-2020-11651 - PoC for CVE-2020-11651. Chakra-2016-11 - Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201). Desharialize - Easy mode to Exploit CVE-2019-0604 (Sharepoint XML Deserialization Unauthenticated RCE). ES File Explorer Open Port Vulnerability - ES File Explorer Open Port Vulnerability - CVE-2019-6447. HolicPOC - CVE-2015-2546, CVE-2016-0165, CVE-2016-0167, CVE-2017-0101, CVE-2017-0263, CVE-2018-8120. Jira-Scan - Jira scanner for CVE-2017-9506. Kernel Exploits - Various kernel exploits. MS17-010 - Exploits for MS17-010. Qemu-vm-escape - This is an exploit for CVE-2019-6778, a heap buffer overflow in slirp:tcp_emu(). Ruby-advisory-db - A database of vulnerable Ruby Gems. The Exploit Database - The official Exploit Database repository. XiphosResearch Exploits - Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes. cve-2020-1054 - LPE for CVE-2020-1054 targeting Windows 7 x64 Fuzzing AFL++ - AFL 2.56b with community patches, AFLfast power schedules, qemu 3.1 upgrade + laf-intel support, MOpt mutators, InsTrim instrumentation, unicorn_mode, Redqueen and a lot more. AndroFuzz - A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process. Boofuzz - A fork and successor of the Sulley Fuzzing Framework. Construct - Declarative data structures for python that allow symmetric parsing and building. Deepstate - A unit test-like interface for fuzzing and symbolic execution. Driller - Augmenting AFL with symbolic execution. Eclipser - Grey-box Concolic Testing on Binary Code. Frankenstein - Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging. Fusil - A Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fuzzbox - A multi-codec media fuzzing tool. Fuzzlyn - Fuzzer for the .NET toolchains, utilizes Roslyn to generate random C# programs. Fuzzotron - A TCP/UDP based network daemon fuzzer. Honggfuzz - Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw). InsTrim - Lightweight Instrumentation for Coverage-guided Fuzzing. KleeFL - Seeding Fuzzers With Symbolic Execution. MFFA - Media Fuzzing Framework for Android. Melkor-android - An Android port of the melkor ELF fuzzer. Netzob - Netzob is an opensource tool for reverse engineering, traffic generation and fuzzing of communication protocols. Neuzz - A neural-network-assisted fuzzer. Python-AFL - American fuzzy lop fork server and instrumentation for pure-Python code. RPCForge - Windows RPC Python fuzzer. Radamsa-android - An Android port of radamsa fuzzer. Razzer - A Kernel fuzzer focusing on race bugs. Retrowrite - Retrofitting compiler passes though binary rewriting. SecLists - A collection of multiple types of lists used during security assessments. Sienna-locomotive - A user-friendly fuzzing and crash triage tool for Windows. Sulley - Fuzzer development and fuzz testing framework consisting of multiple extensible components. T-Fuzz - A fuzzing tool based on program transformation. TAOF - The Art of Fuzzing, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer. Unicorefuzz - Fuzzing the Kernel Using Unicornafl and AFL++. Unicornafl - Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86) adapted to afl++. VUzzer - This Project depends heavily on a modeified version of DataTracker, which in turn depends on LibDFT pintool. It has some extra tags added in libdft. Vfuzz - I don't claim superiority over other engines in performance or efficiency out of the box, but this does implement some features that I felt where lacking elsewhere. Winafl - A fork of AFL for fuzzing Windows binaries. Winafl_inmemory - WINAFL for blackbox in-memory fuzzing (PIN). Windows IPC Fuzzing Tools - A collection of tools used to attack applications that use Windows Interprocess Communication mechanisms. Zulu - A fuzzer designed for rapid prototyping that normally happens on a client engagement where something needs to be fuzzed within tight timescales. Info Gathering ATSCAN - Advanced dork Search & Mass Exploit Scanner. Bundler-audit - Patch-level verification for Bundler. Commando-vm - Complete Mandiant Offensive VM (Commando VM), the first full Windows-based penetration testing virtual machine distribution. The security community recognizes Kali Linux as the go-to penetration testing platform for those that prefer Linux. Commando VM is for penetration testers that prefer Windows. Dnsenum - A perl script that enumerates DNS information. Dnsmap - Passive DNS network mapper. Dnsrecon - DNS Enumeration Script. EgressCheck Framework - Used to check for TCP and UDP egress filtering on both windows and unix client systems. Egressbuster - A method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell. EyeWitness - EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. IVRE - An open-source framework for network recon. It relies on open-source well-known tools to gather data (network intelligence), stores it in a database, and provides tools to analyze it. Knock - A python tool designed to enumerate subdomains on a target domain through a wordlist. Operative-framework - This is a framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules (Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics ...). Recon-ng - A full-featured Web Reconnaissance framework written in Python. SMBMap - A handy SMB enumeration tool. SPartan - Frontpage and Sharepoint fingerprinting and attack tool. SSLMap - TLS/SSL cipher suite scanner. Secretz - A tool that minimizes the large attack surface of Travis CI. It automatically fetches repos, builds, and logs for any given organization. Sparty - MS Sharepoint and Frontpage Auditing Tool. Spyse.py - Python API wrapper and command-line client for the tools hosted on spyse.com. SubFinder - A subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing. SubQuest - Fast, Elegant subdomain scanner using nodejs. Subbrute - A DNS meta-query spider that enumerates DNS records, and subdomains. TravisLeaks - A tool to find sensitive keys and passwords in Travis logs. TruffleHog - Searches through git repositories for high entropy strings, digging deep into commit history. URLextractor - Information gathering & website reconnaissance. VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. Wmap - Information gathering for web hacking. XRay - A tool for recon, mapping and OSINT gathering from public networks. MITM Bettercap - A powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. Caplets - Bettercap scripts (caplets) and proxy modules. Dnsspoof - DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response. Ettercap - A comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. MITMf - Framework for Man-In-The-Middle attacks. Mallory - An extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway. Unlike other tools of its kind, Mallory supports modifying non-standard protocols on the fly. Mitmproxy - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface. Mitmsocks4j - Man in the Middle SOCKS Proxy for JAVA. Nogotofail - An on-path blackbox network traffic security testing tool. Responder - A LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. Ssh-mitm - An SSH/SFTP man-in-the-middle tool that logs interactive sessions and passwords. Mobile AFE - Android Framework for Exploitation, is a framework for exploiting android based devices. AndroBugs - An efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. Android-vts - Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis. CobraDroid - A custom build of the Android operating system geared specifically for application security analysts and for individuals dealing with mobile malware. Drozer - The Leading Security Assessment Framework for Android. Idb - A tool to simplify some common tasks for iOS pentesting and research. Introspy-iOS - Security profiling for blackbox iOS. JAADAS - Joint Advanced Defect assEsment for android applications. Keychain-Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken. Mobile Security Framework - An intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing. Objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak. QARK - QARK by LinkedIn is for app developers to scan app for security issues. Password Cracking BozoCrack - A silly & effective MD5 cracker in Ruby. Common-substr - Simple awk script to extract the most common substrings from an input text. Built for password cracking. HashCat - World's fastest and most advanced password recovery utility. Hashcrack - Guesses hash types, picks some sensible dictionaries and rules for hashcat. Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns. John the Ripper - A fast password cracker. NPK - A mostly-serverless distributed hash cracking platform. Patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. THC-Hydra - A very fast network logon cracker which support many different services. Port Scanning Angry IP Scanner - Fast and friendly network scanner. Evilscan - NodeJS Simple Network Scanner. Flan - A pretty sweet vulnerability scanner. Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. Nmap - Free Security Scanner For Network Exploration & Security Audits. Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool. ZGrab - Go Application Layer Scanner. Zmap - An open-source network scanner that enables researchers to easily perform Internet-wide network studies. Post Exploitation Apfell - A collaborative, multi-platform, red teaming framework. Backdoorme - Powerful auto-backdooring utility. CatTails - Raw socket library/framework for red team events. Cloudy-kraken - AWS Red Team Orchestration Framework. Covenant - Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. CrackMapExec - A post-exploitation tool that helps automate assessing the security of large Active Directory networks. CredCrack - A fast and stealthy credential harvester. Creddump - Dump windows credentials. DBC2 - DropboxC2 is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication. DET - (extensible) Data Exfiltration Toolkit (DET). DNSlivery - Easy files and payloads delivery over DNS. Dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests. Empire - Empire is a pure PowerShell post-exploitation agent. Enumdb - MySQL and MSSQL brute force and post exploitation tool to search through databases and extract sensitive information. EvilOSX - A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Fireaway - Next Generation Firewall Audit and Bypass Tool. FruityC2 - A post-exploitation (and open source) framework based on the deployment of agents on compromised machines. Agents are managed from a web interface under the control of an operator. GetVulnerableGPO - PowerShell script to find 'vulnerable' security-related GPOs that should be hardended. Ghost In The Logs - Evade sysmon and windows event logging. HoneyBadger - A collection of Metasploit modules with a plugin to help automate Post-Exploitation actions on target systems using the Metasploit Framework. HoneypotBuster - Microsoft PowerShell module designed for red teams that can be used to find honeypots and honeytokens in the network or at the host. Iodine - Lets you tunnel IPv4 data through a DNS server. Koadic - Koadic C3 COM Command & Control - JScript RAT. Mallory - HTTP/HTTPS proxy over SSH. Mimikatz - A little tool to play with Windows security. Mimikittenz - A post-exploitation powershell tool for extracting juicy info from memory. NoPowerShell - PowerShell rebuilt in C# for Red Teaming purposes. Orc - A post-exploitation framework for Linux written in Bash. P0wnedShell - PowerShell Runspace Post Exploitation Toolkit. PacketWhisper - Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type (e.g. executables, Office, Zip, images) into a list of Fully Qualified Domain Names (FQDNs), use DNS queries to transfer data. Simple yet extremely effective. Paragon - Red Team engagement platform with the goal of unifying offensive tools behind a simple UI. Pivoter - A proxy tool for pentesters to have easier lateral movement. Poet - Post-exploitation tool. PoshC2 - A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement. PowerOPS - PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell "easier". ProcessHider - Post-exploitation tool for hiding processes from monitoring applications. Pupy - An opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python. Pwnat - Punches holes in firewalls and NATs allowing any numbers of clients behind NATs to directly connect to a server behind a different NAT. Pypykatz - Mimikatz implementation in pure Python. RedGhost - Linux post exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. RemoteRecon - Remote Recon and Collection. RottenPotatoNG - New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools. SafetyKatz - SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subTee's .NET PE Load. SharpC2 - .NET Command & Control Framework SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services. SpYDyishai - A Gmail credential harvester. SprayWMI - An easy way to get mass shells on systems that support WMI. Much more effective than PSEXEC as it does not leave remnants on a system. Tgcd - A simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. TheFatRat - An easy tool to generate backdoor with msfvenom (a part from metasploit framework). This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection. WCE - Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials. Weasel - DNS covert channel implant for Red Teams. Reporting Cartography - A Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. DefectDojo - An open-source application vulnerability correlation and security orchestration tool. Dradis - Colllaboration and reporting for IT Security teams. Faraday - Collaborative Penetration Test and Vulnerability Management Platform. VECTR - A tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios. Services SSLyze - SSL configuration scanner. Sslstrip - A demonstration of the HTTPS stripping attacks. Sslstrip2 - SSLStrip version to defeat HSTS. Tls_prober - Fingerprint a server's SSL/TLS implementation. Training Android-InsecureBankv2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities. BadBlood - Fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. DIVA Android - Damn Insecure and vulnerable App for Android. DVCP-TE - Damn Vulnerable Chemical Process - Tennessee Eastman. DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. DVWS - Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. Don't Panic - Training linux bind shell with anti-reverse engineering techniques. Hackazon - A modern vulnerable web app. Insecure-deserialization-net-poc - A small webserver vulnerable to insecure deserialization. OWASP Juice Shop - An intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. OWASP NodeGoat - An environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. OWASP Railsgoat - A vulnerable version of Rails that follows the OWASP Top 10. OWASP Security Shepherd - A web and mobile application security training platform. OWASP WebGoat - A deliberately insecure Web Application. RopeyTasks - Deliberately vulnerable web application. Sadcloud - A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure. Sqli-labs - SQLI labs to test error based, Blind boolean based, Time based. WackoPicko - A vulnerable web application used to test web application vulnerability scanners. Xvwa - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. Web Arachni - Web Application Security Scanner Framework. Argumentinjectionhammer - A Burp Extension designed to identify argument injection vulnerabilities. BlackBox Protobuf Burp Extension - A Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition. BlindElephant - Web Application Fingerprinter. Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands. Burp Suite - An integrated platform for performing security testing of web applications. CloudScraper - Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space. Cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running. Dvcs-ripper - Rip web accessible (distributed) version control systems. Fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs. Gobuster - Directory/file & DNS busting tool written in Go. Jok3r - Network and Web Pentest Framework. Joomscan - Joomla CMS scanner. Jwt_tool - A toolkit for testing, tweaking and cracking JSON Web Tokens. Kadabra - Automatic LFI Exploiter and Scanner, written in C++ and a couple extern module in Python. Kadimus - LFI scan and exploit tool. Konan - An advanced open source tool designed to brute force directories and files names on web/application servers. Liffy - LFI exploitation tool. LinkFinder - A python script that finds endpoints in JavaScript files. Netsparker - Web Application Security Scanner. Nikto2 - Web application vulnerability scanner. NoSQLMap - Automated Mongo database and NoSQL web application exploitation tool. OWASP Xenotix - XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Paros - A Java based HTTP/HTTPS proxy for assessing web application vulnerability. PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF. Pyfiscan - Free web-application vulnerability and version scanner. Ratproxy - A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems. RecurseBuster - Rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments. Relative-url-extractor - A small tool that extracts relative URLs from a file. SQLMap - Automatic SQL injection and database takeover tool. SQLNinja - SQL Server injection & takeover tool. Scout2 - Security auditing tool for AWS environments. Skipfish - An active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. TPLMap - Automatic Server-Side Template Injection Detection and Exploitation Tool. Tracy - A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. W3af - Web application attack and audit framework. WPScan - WPScan is a black box WordPress vulnerability scanner. WPSploit - Exploiting Wordpress With Metasploit. WS-Attacker - A modular framework for web services penetration testing. WStalker - An easy proxy. Wapiti - Web application vulnerability scanner. Wappalyzer - Cross-platform utility that uncovers the technologies used on websites. Weevely3 - Weaponized web shell. Wfuzz - Web application fuzzer. WhatWeb - Website Fingerprinter. Wordpress Exploit Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Wuzz - Interactive cli tool for HTTP inspection XSS-keylogger - A keystroke logger to exploit XSS vulnerabilities in a site. XSS-payload-list - XSS Payload list. Yasuo - A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network. Zed Attack Proxy (ZAP) - The OWASP ZAP core project. Wireless Aircrack-ng - An 802.11 WEP and WPA-PSK keys cracking program. Airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks. Kismet - Wireless network detector, sniffer, and IDS. Krackattacks-scripts - Scripts to test if clients or access points (APs) are affected by the KRACK attack against WPA2. LANs.py - Inject code, jam wifi, and spy on wifi users. Mass-deauth - A script for 802.11 mass-deauthentication. Reaver - Brute force attack against Wifi Protected Setup. Sniffle - A sniffer for Bluetooth 5 and 4.x (LE) using TI CC1352/CC26x2 hardware. WiFiDuck - Wireless keystroke injection attack platform. Wifijammer - Continuously jam all wifi clients/routers. Wifikill - A python program to kick people off of wifi. Wifiphisher - Automated phishing attacks against Wi-Fi networks. Wifite - Automated wireless attack tool. Reverse Engineering AndBug - A debugger targeting the Android platform's Dalvik virtual machine intended for reverse engineers and developers. Angr - A platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish. Apk2Gold - Yet another Android decompiler. ApkTool - A tool for reverse engineering Android apk files. Avscript - Avast JavaScript Interactive Shell. B2R2 - A collection of useful algorithms, functions, and tools for binary analysis. Barf - Binary Analysis and Reverse engineering Framework. BinText - A small, very fast and powerful text extractor. BinWalk - Analyze, reverse engineer, and extract firmware images. Binaryanalysis-ng - Binary Analysis Next Generation is a framework for unpacking files (like firmware) recursively and running checks on the unpacked files. Its intended use is to be able to find out the provenance of the unpacked files and classify/label files, making them available for further analysis. Binee - A complete binary emulation environment that focuses on introspection of all IO operations. Boomerang - Decompile x86/SPARC/PowerPC/ST-20 binaries to C. Bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More). Bytecode_graph - Module designed to modify Python bytecode. Allows instructions to be added or removed from a Python bytecode string. CHIPSEC - Platform Security Assessment Framework. Capstone - Lightweight multi-platform, multi-architecture disassembly framework with Python bindings. ClassNameDeobfuscator - Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines. Coda - Coredump analyzer. Ctf_import - Run basic functions from stripped binaries cross platform. DBI - Dynamic Binary Instrumentation plugins. Dex2jar - Tools to work with android .dex and java .class files. Distorm - Powerful Disassembler Library For x86/AMD64. DotPeek - A free-of-charge .NET decompiler from JetBrains. Dotnet-netrace - Collects network traces of .NET applications. Dragondance - Binary code coverage visualizer plugin for Ghidra. Dwarf - A gui for mobile reverse engineers, crackers and security analyst. Or damn, what a reversed fluffy or yet, duck warrios are rich as fuck. Whatever you like! Built on top of pyqt5, frida and some terrible code. DynStruct - Reverse engineering tool for automatic structure recovering and memory use analysis based on DynamoRIO and Capstone. EFI DXE Emulator - An EFI DXE phase binaries emulator based on Unicorn. Edb - A cross platform x86/x86-64 debugger. Enjarify - A tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications. Fibratus - Tool for exploration and tracing of the Windows kernel. Fino - An Android Dynamic Analysis Tool. Flare-ida - IDA Pro utilities from FLARE team. Frida - Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX. Frida-scripts - These scripts will help in security research and automation. GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers. Gdb-dashboard - Modular visual interface for GDB in Python. Gdbstub - A simple, dependency-free GDB stub that can be easily dropped in to your project. Ghidra - A software reverse engineering (SRE) framework. Ghidra_scripts - Scripts for the Ghidra software reverse engineering suite. Granary - A kernel space dynamic binary translation framework. The main goal of Granary is to enable flexible and efficient instrumentation of Linux kernel modules, while imposing no overhead to non-module kernel code. Grap - Define and match graph patterns within binaries. Haybale - Symbolic execution of LLVM IR with an engine written in Rust. Heap-viewer - An IDA Pro plugin to examine the glibc heap, focused on exploit development. HexRaysCodeXplorer - Hex-Rays Decompiler plugin for better code navigation Hopper - A OS X and Linux Disassembler/Decompiler for 32/64 bit Windows/Mac/Linux/iOS executables. IDA Free - The freeware version of IDA. IDA Patcher - IDA Patcher is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's ability to patch binary files and memory. IDA Pomidor - IDA Pomidor is a plugin for Hex-Ray's IDA Pro disassembler that will help you retain concentration and productivity during long reversing sessions. IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger. IDA Sploiter - IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool. IDAPython - An IDA plugin which makes it possible to write scripts for IDA in the Python programming language. IDAwasm - IDA Pro loader and processor modules for WebAssembly. IRPMon - The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only modifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload and StartIo requests. Idaemu - Is an IDA Pro Plugin, use for emulating code in IDA Pro. Immunity Debugger - A powerful new way to write exploits and analyze malware. JAD - JAD Java Decompiler. JD-GUI - Aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions. Jadx - Decompile Android files. Keystone Engine - A lightweight multi-platform, multi-architecture assembler framework. Krakatau - Java decompiler, assembler, and disassembler. Levitate - Reverse Engineering and Static Malware Analysis Platform. MARA Framework - A Mobile Application Reverse engineering and Analysis Framework. Manticore - Prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation. Medusa - A disassembler designed to be both modular and interactive. MegaDumper - Dump native and .NET assemblies. Minhook - The Minimalistic x86/x64 API Hooking Library for Windows. Mona.py - PyCommand for Immunity Debugger that replaces and improves on pvefindaddr. OllyDbg - An x86 debugger that emphasizes binary code analysis. PEDA - Python Exploit Development Assistance for GDB. Paimei - Reverse engineering framework, includes PyDBG, PIDA, pGRAPH. Pigaios - A tool for matching and diffing source codes directly against binaries. Plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. Ponce - An IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely written in C/C++. Procyon - A modern open-source Java decompiler. Protobuf-inspector - Tool to reverse-engineer Protocol Buffers with unknown definition. Pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy. Pyew - Command line hexadecimal editor and disassembler, mainly to analyze malware. QBDI - A Dynamic Binary Instrumentation framework based on LLVM. Qira - QEMU Interactive Runtime Analyser. R2MSDN - R2 plugin to add MSDN documentation URLs and parameter names to imported function calls. RABCDAsm - Robust ABC (ActionScript Bytecode) [Dis-]Assembler. Radare2 - Opensource, crossplatform reverse engineering framework. Radare2-bindings - Bindings of the r2 api for Valabind and friends. Redexer - A reengineering tool that manipulates Android app binaries. ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API. Shed - .NET runtime inspector. Simplify - Generic Android Deobfuscator. SimplifyGraph - IDA Pro plugin to assist with complex graphs. Smali - Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation. Swiffas - SWF parser and AVM2 (Actionscript 3) bytecode parser. Swift-frida - Frida library for interacting with Swift programs. Toolbag - The IDA Toolbag is a plugin providing supplemental functionality to Hex-Rays IDA Pro disassembler. Triton - Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a dynamic taint engine, AST representations of the x86, x86-64, ARM32 and AArch64 Instructions Set Architecture (ISA), SMT simplification passes, an SMT solver interface and, the last but not least, Python bindings. UPX - The Ultimate Packer for eXecutables. Ufgraph - A simple script which parses the output of the uf (un-assemble function) command in windbg and uses graphviz to generate a control flow graph as a PNG/SVG/PDF/GIF (see -of option) and displays it. Uncompyle - Decompile Python 2.7 binaries (.pyc). Unicorn Engine - A lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU. Unlinker - Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files. VT-IDA Plugin - Official VirusTotal plugin for IDA Pro. Voltron - An extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host. WinDbg - Windows Driver Kit and WinDbg. WinHex - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. WinIPT - The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool. X64_dbg - An open-source x64/x32 debugger for windows. Xxxswf - A Python script for analyzing Flash files. YaCo - An Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control. uEmu - Tiny cute emulator plugin for IDA based on unicorn. Security Cloud Security Aws-nuke - Nuke a whole AWS account and delete all its resources. Azucar - Security auditing tool for Azure environments. CloudMapper - CloudMapper helps you analyze your Amazon Web Services (AWS) environments. Hammer - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS). Panther - A Cloud-Native SIEM for the Modern Security Team Parliament - An AWS IAM linting library. It reviews policies looking for problems. Security Monkey - Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time. Varna - Quick & Cheap AWS CloudTrail Monitoring with Event Query Language (EQL) Resources - s3cr3t - Serve files securely from an S3 bucket with expiring links and other restrictions. Endpoint Security AIDE - Advanced Intrusion Detection Environment is a file and directory integrity checker. Duckhunt - Prevent RubberDucky (or other keystroke injection) attacks. Hardentools - A utility that disables a number of risky Windows features. Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. Osx-config-check - Verify the configuration of your OS X machine. ProcMon-for-Linux - A Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system. Xnumon - Monitor macOS for malicious activity. Network Security Pi-hole - A DNS sinkhole that protects your devices from unwanted content, without installing any client-side software. Orchestration Stoq - An open source framework for enterprise level automated analysis. Phishing Miteru - An experimental phishing kit detection tool. StreamingPhish - Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network. Privacy Git-crypt - Transparent file encryption in git. GoSecure - An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. I2P - The Invisible Internet Project. Nipe - A script to make Tor Network your default gateway. SecureDrop - Open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. Sshuttle - Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling. Tomb - A minimalistic commandline tool to manage encrypted volumes aka The Crypto Undertaker. Tor - The free software for enabling onion routing online anonymity. Toriptables2 - A python script alternative to Nipe. Makes Tor Network your default gateway. Social Engineering Framework SET - The Social-Engineer Toolkit from TrustedSec. Harvester Creepy - A geolocation OSINT tool. Datasploit - A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data. Email-enum - Searches mainstream websites and tells you if an email is registered. Github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak. Maltego - Proprietary software for open source intelligence and forensics, from Paterva. Metagoofil - Metadata harvester. SpiderFoot - Automates OSINT collection so that you can focus on analysis. TTSL - Tool to scrape LinkedIn. TheHarvester - E-mail, subdomain and people names harvester. Phishing BlackPhish - Super lightweight with many features and blazing fast speeds. Blackeye - The most complete Phishing Tool, with 32 templates +1 customizable. CredSniper - A phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens. FiercePhish - A full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. GoPhish - Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Lockphish - Lockphish it's the first tool for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. Modlishka - Reverse Proxy. Phishing NG. Phishing-frenzy - Ruby on Rails Phishing Framework. Pompa - Fully-featured spear-phishing toolkit - web front-end. Whatsapp-phishing - The best tool for whatsapp-phishing with otp provider. Wardialing Voipwardialer - A Voip Wardialer for the phreaking of 2020. About No description, website, or topics provided. Resources Readme Releases No releases published Contributors 6 Languages Python 53.7% Makefile 46.3%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Mr-xn committed 0feda91 yesterday update reademe Git stats 537 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BlueKeep add add bluekeep-CVE-2019-0708-python 8 months ago CVE-2018-6389 add CVE-2018-6389 10 months ago CVE-2019-0211-apache add CVE-2019-0211-apache 9 months ago CVE-2019-0803 add CVE-2019-0803 Win32k漏洞提权工具 9 months ago CVE-2019-11043 add CVE-2019-11043-PHP远程代码执行漏 9 months ago CVE-2019-11510 add CVE-2019-11510 11 months ago CVE-2019-13051 add ThinkCMF漏洞全集和 9 months ago CVE-2019-15107 uplaod 11 months ago CVE-2019-16097 add Harbor remote add admin user 10 months ago CVE-2019-6977-imagecolormatch add CVE-2019-6977-imagecolormatch 9 months ago CVE-2019-8451 add CVE-2019-8451 10 months ago IIS/CVE-2017-7269-Echo-PoC upload img md rb file 11 months ago POC_Details add D-Link Devices - Unauthenticated Remote Command Execution in ssdp… 5 months ago Struts2_045-Poc upload 12 months ago WeblogicScanLot upload about Weblogic 10 months ago books add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell) 3 days ago discuz-ml-rce update README.md 12 months ago img add 绕过ASM执行powershell脚本 7 days ago jboss_CVE-2017-12149 add jboss_CVE-2017-12149 10 months ago macOS-Kernel-Exploit add macOS-Kernel-Exploit 10 months ago redis-rogue-server upload Redis(<=5.0.5) RCE 10 months ago tools add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 3 days ago tp5-getshell add tp3-5getshell&构建ASMX绕过限制WAF达到命令执行 9 months ago zentao-getshell add zentao-getshell 禅道8.2 - 9.2.1前台Getshell 10 months ago Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md update 12 months ago Apache Solr RCE via Velocity Template Injection.md add some cve and poc 6 months ago CVE-2019-0708-msf快速搭建.md Update CVE-2019-0708-msf快速搭建.md 10 months ago CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md Update CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md 11 months ago CVE-2019-15107 Webmin 1.920 远程命令执行漏洞.md add CVE-2019-15107 Webmin 1.920 远程命令执行漏洞 44139-mysql-udf-exploitation… 9 months ago CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md add CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md 10 months ago CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞.md add CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 10 months ago CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd.md add CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd 9 months ago CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞.md add CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 10 months ago CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md add CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 10 months ago CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell.md add indexhibit cms v2.1.5 直接编辑php文件getshell 10 months ago CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md 10 months ago CVE-2019-16920-D-Link-rce.md add CVE-2019-16920-D-Link-rce 9 months ago CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md add CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux… 9 months ago CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass.md add CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass 9 months ago CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞.md add CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞 9 months ago CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行.md add CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 8 months ago CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行.md add CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 9 months ago CVE-2020-0554:phpMyAdmin后台SQL注入.md add CVE-2020-0554:phpMyAdmin后台SQL注入 4 months ago CVE-2020-0796检测与修复.md update CVE-2020-0796检测与修复.md 4 months ago CVE-2020-8794-OpenSMTPD 远程命令执行漏洞.md add CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 4 months ago CVE-2020-8813 - Cacti v1.2.8 RCE.md add CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析 5 months ago CVE-2020-9374.md add CVE-2020-9374-TP LINK TL-WR849N - RCE 4 months ago Cobub Razor 0.7.2存在跨站请求伪造漏洞.md update 12 months ago Cobub Razor 0.7.2越权增加管理员账户.md update 12 months ago Cobub Razor 0.8.0存在SQL注入漏洞.md Update Cobub Razor 0.8.0存在SQL注入漏洞.md 12 months ago Cobub Razor 0.8.0存在物理路径泄露漏洞.md update 12 months ago Couch through 2.0存在路径泄露漏洞.md upload 12 months ago DomainMod的XSS集合.md update 12 months ago Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH).md add Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 9 months ago FineCMS_v5.0.8两处getshell.md upload 12 months ago Finecms_v5.4存在CSRF漏洞可修改管理员账户密码.md update 12 months ago GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户.md update 12 months ago Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号.md update 12 months ago Joomla-3.4.6-RCE.md update Joomla-3.4.6-RCE 9 months ago LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户.md update 12 months ago LICENSE Update LICENSE 5 months ago MetInfoCMS 5.X版本GETSHELL漏洞合集.md upload discuz-ml-rce 12 months ago Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞.md update 12 months ago MiniCMS 1.10存在CSRF漏洞可增加管理员账户.md update 12 months ago PAM劫持SSH密码.md add PAM劫持SSH密码 2 months ago README.md update reademe yesterday S-CMS PHP v3.0存在SQL注入漏洞.md update 12 months ago S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号.md update 12 months ago ThinkCMF漏洞全集和.md add ThinkCMF漏洞全集和 9 months ago WDJACMS1.5.2模板注入漏洞.md add WDJACMS1.5.2模板注入漏洞.md 6 months ago YzmCMS 3.6存在XSS漏洞.md update 12 months ago Z-Blog存在XSS漏洞.md update 12 months ago ZZCMS201910 SQL Injections.md add zzcms201910 sql注入 6 months ago adduser添加用户.md add adduser添加用户 6 months ago cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC.md add cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC 8 months ago freeFTP1.0.8-'PASS'远程缓冲区溢出.md freeFTP1.0.8-PASS远程缓冲区溢出 9 months ago indexhibit cms v2.1.5 直接编辑php文件getshell.md update 12 months ago joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户.md update 12 months ago maccms_v10存在CSRF漏洞可增加任意账号.md update 12 months ago rConfig v3.9.2 RCE漏洞.md add rConfig v3.9.2 RCE漏洞 8 months ago showdoc的api_page存在任意文件上传getshell.md add showdoc的api_page存在任意文件上传getshell&xss-demo-超级简单版本的XSS练习demo&xFTP6密码解密 2 months ago solr_rce.md add solre_rce 8 months ago thinkphp5命令执行.md upload 12 months ago thinkphp5框架缺陷导致远程代码执行.md upload 12 months ago typecho反序列化漏洞.md upload 12 months ago yii2-statemachine v2.x.x存在XSS漏洞.md update 12 months ago 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户.md update 12 months ago 华为WS331a产品管理页面存在CSRF漏洞.md upload 12 months ago 天翼创维awifi路由器存在多处未授权访问漏洞.md upload 12 months ago 快速判断sql注入点是否支持load_file.md add 79款 Netgear 路由器遭远程接管0day&代码审计之DTCMS_V5.0后台漏洞两枚&快速判断sql注入点是否支持load… 20 days ago 构建ASMX绕过限制WAF达到命令执行.md Update 构建ASMX绕过限制WAF达到命令执行.md 9 months ago 泛微 e-cology OA 前台SQL注入漏洞.md add 泛微 e-cology OA 前台SQL注入漏洞 9 months ago 泛微OA管理系统RCE漏洞利用脚本.md 泛微OA管理系统RCE漏洞利用脚本.md 10 months ago 泛微e-mobile ognl注入.md add 泛微e-mobile ognl注入&表达式注入.pdf 4 months ago 致远OA_A8_getshell_0day.md upload 12 months ago 通达OA前台任意用户伪造登录漏洞批量检测.md add 通达OA前台任意用户伪造登录漏洞批量检测 3 months ago 通过phpinfo获取cookie突破httponly.md add 通过phpinfo获取cookie突破httponly.md 3 months ago View code README.md Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 D-Link路由器RCE漏洞 CVE-2019-13051-Pi-Hole路由端去广告软件的命令注入&权限提升 D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621) Huawei HG255 Directory Traversal[目录穿越]|本地备份文件 D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)CVE-2019-20215(Metasploit) 从 Interfaces.d 到 RCE:Mozilla WebThings IoT 网关漏洞挖掘 小米系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371) Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload-未经验证即可替换固件) cve-2020-8634&cve-2020-8635|Wing FTP Server 6.2.3权限提升漏洞发现分析复现过程|Wing FTP Server 6.2.5权限提升 CVE-2020-9374-TP LINK TL-WR849N - RCE CVE-2020-12753-LG 智能手机任意代码执行漏洞 CVE-2020-12695-UPnP 安全漏洞 79款 Netgear 路由器遭远程接管0day Web APP 致远OA_A8_getshell_0day Couch through 2.0存在路径泄露漏洞 Cobub Razor 0.7.2存在跨站请求伪造漏洞 joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户 MiniCMS 1.10存在CSRF漏洞可增加管理员账户 Z-Blog存在XSS漏洞 YzmCMS 3.6存在XSS漏洞 Cobub Razor 0.7.2越权增加管理员账户 Cobub Razor 0.8.0存在SQL注入漏洞 Cobub Razor 0.8.0存在物理路径泄露漏洞 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户 DomainMod的XSS集合 GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户 yii2-statemachine v2.x.x存在XSS漏洞 maccms_v10存在CSRF漏洞可增加任意账号 LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户 Finecms_v5.4存在CSRF漏洞可修改管理员账户密码 Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞 Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞 Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号 indexhibit cms v2.1.5 直接编辑php文件getshell S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号 S-CMS PHP v3.0存在SQL注入漏洞 MetInfoCMS 5.X版本GETSHELL漏洞合集 discuz ml RCE 漏洞检测工具 thinkphp5框架缺陷导致远程代码执行 FineCMS_v5.0.8两处getshell Struts2_045漏洞批量检测|搜索引擎采集扫描 thinkphp5命令执行 typecho反序列化漏洞 CVE-2019-10173 Xstream 1.4.10版本远程代码执行 IIS/CVE-2017-7269-Echo-PoC CVE-2019-15107 Webmin RCE thinkphp5 rce漏洞检测工具 thinkphp5_RCE合集 thinkphp3.X-thinkphp5.x 关于ThinkPHP框架的历史漏洞分析集合 CVE-2019-11510 Redis(<=5.0.5) RCE Redis 4.x/5.x RCE(主从复制导致RCE) 生成Redis恶意模块so文件配合主从复制RCE达到命令执行|相关文章 RedisWriteFile-通过 Redis 主从写出无损文件,可用于 Windows 平台下写出无损的 EXE、DLL、 LNK 和 Linux 下的 OS 等二进制文件 WeblogicScanLot系列,Weblogic漏洞批量检测工具 jboss_CVE-2017-12149 Wordpress的拒绝服务(DoS)-CVE-2018-6389 Webmin Remote Code Execution (authenticated)-CVE-2019-15642 CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞 CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell 泛微OA管理系统RCE漏洞利用脚本 CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit zentao-getshell 禅道8.2 - 9.2.1前台Getshell 泛微 e-cology OA 前台SQL注入漏洞 Joomla-3.4.6-RCE Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境) CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd CVE-2019-11043-PHP远程代码执行漏 ThinkCMF漏洞全集和 CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 ecologyExp.jar-泛微ecology OA系统数据库配置文件读取 freeFTP1.0.8-'PASS'远程缓冲区溢出 rConfig v3.9.2 RCE漏洞 apache_solr_rce CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 Apache Flink任意Jar包上传导致远程代码执行 用于检测JSON接口令牌安全性测试 cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC CVE-2019-12409_Apache_Solr RCE Shiro RCE (Padding Oracle Attack) CVE-2019-19634-class.upload.php <= 2.0.4任意文件上传 Apache Solr RCE via Velocity Template Injection CVE-2019-10758-mongo-express before 0.54.0 is vulnerable to Remote Code Execution CVE-2019-2107-Android播放视频-RCE-POC(Android 7.0版本,7.1.1版本,7.1.2版本,8.0版本,8.1版本,9.0版本) CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11) CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞,影响: 4.0.0版本至4.6.0版本) ZZCMS201910 SQL Injections WDJACMS1.5.2模板注入漏洞 CVE-2019-19781-Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781.nse---use Nmap check Citrix ADC Remote Code Execution Mysql Client 任意文件读取攻击链拓展 CVE-2020-5504-phpMyAdmin注入(需要登录) CVE-2020-5509-Car Rental Project 1.0版本中存在远程代码执行漏洞 CryptoAPI PoC CVE-2020-0601|另一个PoC for CVE-2020-0601 New Weblogic RCE (CVE-2020-2546、CVE-2020-2551) CVE-2020-2546|WebLogic WLS核心组件RCE分析(CVE-2020-2551)|CVE-2020-2551-Weblogic IIOP 反序列化EXP CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC PHPOK v5.3&v5.4getshell | phpok V5.4.137前台getshell分析 | PHPOK 4.7从注入到getshell thinkphp6 session 任意文件创建漏洞复现 含POC --- 原文在漏洞推送公众号上 ThinkPHP 6.x反序列化POP链(一)|原文链接 ThinkPHP 6.x反序列化POP链(二)|原文链接 ThinkPHP 6.x反序列化POP链(三)|原文链接 WordPress InfiniteWP - Client Authentication Bypass (Metasploit) 【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution CVE-2020-7471-django1.11- StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC CVE-2019-17564 : Apache Dubbo反序列化漏洞 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) YzmCMS 5.4 后台getshell 关于Ghostcat(幽灵猫CVE-2020-1938漏洞):CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc|Java版本POC|Tomcat-Ajp协议文件读取漏洞|又一个python版本CVE-2020-1938漏洞检测|CVE-2020-1938-漏洞复现环境及EXP CVE-2020-8840:Jackson-databind远程命令执行漏洞(或影响fastjson) CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析(需要认证/或开启访客即可不需要登录)(一款Linux是基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具)|EXP|CVE-2020-8813MSF利用脚本 CVE-2020-7246-PHP项目管理系统qdPM< 9.1 RCE CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞 CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞 Apache ActiveMQ 5.11.1目录遍历/ Shell上传 CVE-2020-2555:WebLogic RCE漏洞POC|CVE-2020-2555-Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE CVE-2020-1947-Apache ShardingSphere UI YAML解析远程代码执行漏洞 CVE-2020-0554:phpMyAdmin后台SQL注入 泛微E-Mobile Ognl 表达式注入|表达式注入.pdf 通达OA RCE漏洞 CVE-2020-10673-jackson-databind JNDI注入导致远程代码执行 CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面(Sonatype Nexus <3.21.1) CVE-2020-2555-Oracle Coherence 反序列化漏洞|分析文章 cve-2020-5260-Git凭证泄露漏洞 通达OA前台任意用户伪造登录漏洞批量检测 CVE-2020-11890 JoomlaRCE <3.9.17 远程命令执行漏洞(需要有效的账号密码) CVE-2020-10238【JoomlaRCE <= 3.9.15 远程命令执行漏洞(需要有效的账号密码)】&CVE-2020-10239【JoomlaRCE 3.7.0 to 3.9.15 远程命令执行漏洞(需要有效的账号密码)】 CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3|CVE-2020-2883-Weblogic coherence.jar RCE tongda_oa_rce-通达oa 越权登录+文件上传getshell CVE-2020-11651-SaltStack Proof of Concept【认证绕过RCE漏洞】|CVE-2020-11651&&CVE-2020-11652 EXP showdoc的api_page存在任意文件上传getshell Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法 SpringBoot_Actuator_RCE jizhicms(极致CMS)v1.7.1代码审计-任意文件上传getshell+sql注入+反射XSS CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞|CVE-2020-9484:Apache Tomcat 反序列化RCE漏洞的分析和利用 PHPOK 最新版漏洞组合拳 GETSHELL Apache Kylin 3.0.1命令注入漏洞 weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory CVE-2020-5410 Spring Cloud Config目录穿越漏洞 NewZhan CMS 全版本 SQL注入(0day) 盲注 or 联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day) 从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过 CVE-2020-1948 : Apache Dubbo 远程代码执行漏洞 CVE-2020-5902-F5 BIG-IP 远程代代码执行(RCE)&任意文件包含读取 提权辅助相关 windows-kernel-exploits Windows平台提权漏洞集合 windows 溢出提权小记/本地保存了一份+Linux&Windows提取脑图 Windows常见持久控制脑图 CVE-2019-0803 Win32k漏洞提权工具 脏牛Linux提权漏洞 远控免杀从入门到实践之白名单(113个)|远控免杀从入门到实践之白名单(113个)总结篇.pdf Linux提权-CVE-2019-13272 A linux kernel Local Root Privilege Escalation vulnerability with PTRACE_TRACEME Linux权限提升辅助一键检测工具 将powershell脚本直接注入到进程中执行来绕过对powershell.exe的限制 CVE-2020-2696 – Local privilege escalation via CDE dtsession CVE-2020-0683-利用Windows MSI “Installer service”提权 Linux sudo提权辅助工具—查找sudo权限配置漏洞 Windows提权-CVE-2020-0668:Windows Service Tracing本地提权漏洞 Linux提取-Linux kernel XFRM UAF poc (3.x - 5.x kernels)2020年1月前没打补丁可测试 linux-kernel-exploits Linux平台提权漏洞集合 Linux提权辅助检测Perl脚本|Linux提权辅助检测bash脚本 CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost|【Windows提取】Windows SMBv3 LPE exploit 已编译版.exe|SMBGhost_RCE_PoC-远程代码执行EXP|Windows_SMBv3_RCE_CVE-2020-0796漏洞复现 getAV---windows杀软进程对比工具单文件版 【Windows提权工具】Windows 7 to Windows 10 / Server 2019|搭配CS的修改版可上线system权限的session 【Windows提权工具】SweetPotato修改版,用于webshell下执行命令|本地编译好的版本|点击下载或右键另存为|SweetPotato_webshell下执行命令版.pdf 【bypass UAC】Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe" 【Windows提权】CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 【Windows提权 Windows 10&Server 2019】PrintSpoofer-Abusing Impersonation Privileges on Windows 10 and Server 2019|配合文章食用-pipePotato复现|Windows 权限提升 BadPotato-已经在Windows 2012-2019 8-10 全补丁测试成功 【Windows提权】Windows 下的提权大合集 【Windows提权】-CVE-2020-1048 | PrintDemon本地提权漏洞-漏洞影响自1996年以来发布(Windows NT 4)的所有Windows版本 【Windows bypass UAC】UACME-一种集成了60多种Bypass UAC的方法 CVE-2020–1088: Windows wersvc.dll 任意文件删除本地提权漏洞分析 【Windows提权】CVE-2019-0863-Windows中错误报告机制导致的提权-EXP 【Windows提权】CVE-2020-1066-EXP 【Windows提权】CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-适用于Windows所有版本的提权EXP 【Windows提权】CVE-2020-1054-Win32k提权漏洞Poc 【Linux提权】对Linux提权的简单总结 【Windows提权】wesng-Windows提权辅助脚本 PC 微软RDP远程代码执行漏洞(CVE-2019-0708) CVE-2019-0708-python版 MS17-010-微软永恒之蓝漏洞 macOS-Kernel-Exploit CVE-2019-1388 UAC提权 (nt authority\system) CVE-2019-1405和CVE-2019-1322:通过组合漏洞进行权限提升 Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation CVE-2019-11708 Telegram(macOS v4.9.155353) 代码执行漏洞 Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610 Microsoft SharePoint - Deserialization Remote Code Execution CVE-2020-0728-Windows Modules Installer Service 信息泄露漏洞 CVE-2020-0618: 微软 SQL Server Reporting Services远程代码执行(RCE)漏洞|GitHub验证POC(其实前文的分析文章也有) CVE-2020-0767Microsoft ChakraCore脚本引擎【Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分】安全漏洞 CVE-2020-0688:微软EXCHANGE服务的远程代码执行漏洞|CVE-2020-0688_EXP---另一个漏洞检测利用脚本|又一个cve-2020-0688利用脚本|Exploit and detect tools for CVE-2020-0688 CVE-2020-0674: Internet Explorer远程代码执行漏洞检测 CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 Linux平台-CVE-2020-8597: PPPD 远程代码执行漏洞 Windows-CVE-2020-0796:疑似微软SMBv3协议“蠕虫级”漏洞|相关讨论|CVE-2020–0796检测与修复|又一个CVE-2020-0796的检测工具-可导致目标系统崩溃重启 SMBGhost_RCE_PoC(CVE-2020-0796) WinRAR 代码执行漏洞 (CVE-2018-20250)-POC|相关文章|全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250) windows10相关漏洞EXP&POC shiro rce 反序列 命令执行 一键工具 CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】 CVE-2019-1253-Windows权限提升漏洞-AppXSvc任意文件安全描述符覆盖EoP的另一种poc|CVE-2019-1253 BypassAV【免杀】Cobalt Strike插件,用于快速生成免杀的可执行文件 CVE-2020-0674:Internet Explorer UAF 漏洞exp【在64位的win7测试了IE 8, 9, 10, and 11】 SMBGhost_AutomateExploitation-SMBGhost (CVE-2020-0796) Automate Exploitation and Detection MS Windows OLE 远程代码执行漏洞(CVE-2020-1281) tools-小工具集合 java环境下任意文件下载情况自动化读取源码的小工具 Linux登录日志清除/伪造 python2的socks代理 dede_burp_admin_path-dedecms后台路径爆破(Windows环境) PHP 7.1-7.3 disable_functions bypass 一个各种方式突破Disable_functions达到命令执行的shell 【PHP】bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail) 另一个bypass PHP的disable_functions cmd下查询3389远程桌面端口 伪装成企业微信名片的钓鱼代码 vbulletin5-rce利用工具(批量检测/getshell)/保存了一份源码:vbulletin5-rce.py CVE-2017-12615 通过Shodan和favicon icon发现真实IP地址 Cobalt_Strike扩展插件 Windows命令行cmd的空格替换 绕过disable_function汇总 WAF Bypass 命令注入总结 隐藏wifi-ssid获取 · theKingOfNight's Blog crt.sh证书/域名收集 TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993 Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993 sqlmap_bypass_D盾_tamper sqlmap_bypass_安全狗_tamper sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper sqlmap_bypass_云锁_tamper masscan+nmap扫描脚本 PHP解密扩展 linux信息收集/应急响应/常见后门检测脚本 RdpThief-从远程桌面客户端提取明文凭据辅助工具 使用powershell或CMD直接运行命令反弹shell FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令检测 GitHack-.git泄露利用脚本 GitHacker---比GitHack更好用的git泄露利用脚本 SVN源代码泄露全版本Dump源码 多进程批量网站备份文件扫描 Empire|相关文章:后渗透测试神器Empire详解 FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera Zoomeye Tools-一款利用Zoomeye 获取有关当前网页IP地址的各种信息(需要登录) 360 0Kee-Team 的 crawlergo动态爬虫 结合 长亭XRAY扫描器的被动扫描功能 内网神器Xerosploit-娱乐性质(端口扫描|DoS攻击|HTML代码注入|JavaScript代码注入|下载拦截和替换|嗅探攻击|DNS欺骗|图片替换|Web页面篡改|Drifnet) 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo 内网常见渗透工具包 从内存中加载 SHELLCODE bypass AV查杀|twitter示例 流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具 内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】|adduser使用方法 pypykatz-通过python3实现完整的Mimikatz功能(python3.6+) 【windows】Bypassing AV via in-memory PE execution-通过在内存中加载多次XOR后的payload来bypass杀软|作者自建gitlab地址 wafw00f-帮助你快速识别web应用是否使用何种WAF(扫描之前很有用) Linux提取其他用户密码的工具(需要root权限) apache2_BackdoorMod-apache后门模块 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp) 一个简单探测jboss漏洞的工具 一款lcx在golang下的实现-适合内网代理流量到公网,比如阿里云的机器代理到你的公网机器 Cobalt Strike Aggressor 插件包 Erebus-Cobalt Strike后渗透测试插件,包括了信息收集、权限获取、密码获取、痕迹清除等等常见的脚本插件 IP/IP段资产扫描-->扫描开放端口识别运行服务部署网站-->自动化整理扫描结果-->输出可视化报表+整理结果 A script to scan for unsecured Laravel .env files Struts2漏洞扫描Golang版-【特点:单文件、全平台支持、可在webshell下使用】 Shiro<=1.2.4反序列化,一键检测工具|Apache shiro <= 1.2.4 rememberMe 反序列化漏洞利用工具 完整weblogic 漏洞扫描工具修复版 GitHub敏感信息泄露监控 Java安全相关的漏洞和技术demo 在线扫描-网站基础信息获取|旁站|端口扫描|信息泄露 bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统 内网渗透中常用的c#程序整合成cs脚本,直接内存加载 【漏洞库】又一个各种漏洞poc、Exp的收集或编写 内网渗透代理转发利器reGeorg|相关文章:配置reGeorg+Proxifier渗透内网|reGeorg+Proxifier实现内网sock5代理|内网渗透之reGeorg+Proxifier|reGeorg+Proxifier使用 Neo-reGeorg重构的reGeorg get_Team_Pass-获取目标机器上的teamviewerID和密码(你需要具有有效的目标机器账号密码且目标机器445端口可以被访问(开放445端口)) chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK|SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history|ChromePasswords-开源获取chrome密码/cookies工具 java-jdwp远程调试利用|相关文章:jdwp远程调试与安全 社会工程学密码生成器,是一个利用个人信息生成密码的工具 云业CMS(yunyecms)的多处SQL注入审计分析|原文地址|官网下载地址|sqlmap_yunyecms_front_sqli_tamp.py www.flash.cn 的钓鱼页,中文+英文 织梦dedecms全版本漏洞扫描 CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15 Dirble -快速目录扫描和爬取工具【比dirsearch和dirb更快】 RedRabbit - Red Team PowerShell脚本 Pentest Tools Framework - 渗透测试工具集-适用于Linux系统 白鹿社工字典生成器,灵活与易用兼顾。 NodeJsScan-一款转为Nodejs进行静态代码扫描开发的工具 一款国人根据poison ivy重写的远控 NoXss-可配合burpsuite批量检测XSS fofa 采集脚本 java web 压缩文件 安全 漏洞 可以自定义规则的密码字典生成器,支持图形界面 dump lass 工具(绕过/干掉卡巴斯基)|loader.zip下载 GO语言版本的mimikatz-编译后免杀 CVE-2019-0708-批量检测扫描工具 dump lsass的工具|又一个dump lsass的工具 Cobalt Strike插件 - RDP日志取证&清除 xencrypt-一款利用powershell来加密并采用Gzip/DEFLATE来绕过杀软的工具 SessionGopher-一款采用powershell来解密Windows机器上保存的session文件,例如: WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop,支持远程加载和本地加载使用 CVE-2020-0796 Local Privilege Escalation POC-python版本|CVE-2020-0796 Remote Code Execution POC Windows杀软在线对比辅助 递归式寻找域名和api mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户 【Android脱壳】之一键提取APP敏感信息 Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本 通过phpinfo获取cookie突破httponly phpstudy RCE 利用工具 windows GUI版本 WebAliveScan-根据端口快速扫描存活的WEB 扫描可写目录.aspx PC客户端(C-S架构)渗透测试 wsltools-web扫描辅助python库 struts2_check-用于识别目标网站是否采用Struts2框架开发的工具 sharpmimi.exe-免杀版mimikatz thinkPHP代码执行批量检测工具 pypykatz-用纯Python实现的Mimikatz Flux-Keylogger-具有Web面板的现代Javascript键盘记录器 JSINFO-SCAN-递归式寻找域名和api FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架 SRC资产信息聚合网站 Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测 JNDI 注入利用工具【Fastjson、Jackson 等相关漏洞】 各种反弹shell的语句集合页面 解密weblogic AES或DES加密方法 使用 sshLooterC 抓取 SSH 密码|相关文章|本地版本 redis-rogue-server-Redis 4.x/5.x RCE ew-内网穿透(跨平台) xray-weblisten-ui-一款基于GO语言写的Xray 被动扫描管理 SQLEXP-SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据 SRC资产在线管理系统 - Shots luject:可以将动态库静态注入到指定应用程序包的工具,目前支持Android/iPhonsOS/Windows/macOS/Linux|相关文章 CursedChrome:Chrome扩展植入程序,可将受害Chrome浏览器转变为功能齐全的HTTP代理,使你能够以受害人身份浏览网站 pivotnacci:通过HTTP隧道进行Socks连接 PHPFuck-一款适用于php7以上版本的代码混淆|[PHPFuck在线版本 冰蝎 bypass open_basedir 的马 goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理 自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用 xFTP6密码解密 Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具 Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具 BadDNS 是一款使用 Rust 开发的使用公共 DNS 服务器进行多层子域名探测的极速工具 【Android脱壳】XServer是一个用于对方法进行分析的Xposed插件|相关文章:Xposed+XServer无需脱壳抓取加密包|使用xserver对某应用进行不脱壳抓加密包 masscan_to_nmap-基于masscan和nmap的快速端口扫描和指纹识别工具 Evilreg -使用Windows注册表文件的反向Shell (.Reg) Shecodject工具使用python注入shellcode bypass 火絨,360,windows defender Malleable-C2-Profiles-Cobalt Strike的C2隐藏配置文件相关|渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗 AutoRemove-自动卸载360 ligolo:用于渗透时反向隧道连接工具 RMIScout: Java RMI爆破工具 【Android脱壳】FRIDA-DEXDump-【使用Frida来进行Android脱壳】 Donut-Shellcode生成工具 JSP-Webshells集合【2020最新bypass某云检测可用】 one-scan-多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息 ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。 域渗透-Windows hash dump之secretsdump.py|相关文章 WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】 基于实战沉淀下的各种弱口令字典 SpoofWeb:一键部署HTTPS钓鱼站 VpsEnvInstall:一键部署VPS渗透环境 tangalanga:Zoom会议扫描工具 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC Taie-RedTeam-OS-泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统 naiveproxy-一款用C语言编写类似于trojan的代理工具 BrowserGhost-一个抓取浏览器密码的工具,后续会添加更多功能 GatherInfo-渗透测试信息搜集/内网渗透信息搜集 EvilPDF:一款把恶意文件嵌入在 PDF 中的工具 SatanSword-红队综合渗透框架,支持web指纹识别、漏洞PoC检测、批量web信息和端口信息查询、路径扫描、批量JS查找子域名、使用google headless、协程支持、完整的日志回溯 Get-WeChat-DB-获取目标机器的微信数据库和密钥 ThinkphpRCE-支持代理IP池的批量检测Thinkphp漏洞或者日志泄露的py3脚本 fakelogonscreen-伪造(Windows)系统登录页面,截获密码 WMIHACKER-仅135端口免杀横向移动|使用方法以及介绍|横向移动工具WMIHACKER|原文链接 cloud-ranges-部分公有云IP地址范围 sqltools_ch-sqltools2.0汉化增强版 railgun-poc_1.0.1.7-多功能端口扫描/爆破/漏洞利用/编码转换等 dede_funcookie.php-DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 文章/书籍/教程相关 windwos权限维持系列12篇PDF Linux 权限维持之进程注入(需要关闭ptrace) | 在不使用ptrace的情况下,将共享库(即任意代码)注入实时Linux进程中。(不需要关闭ptrace) 44139-mysql-udf-exploitation emlog CMS的代码审计_越权到后台getshell PHPOK 5.3 最新版前台注入 PHPOK 5.3 最新版前台无限制注入(二) Thinkphp5 RCE总结 rConfig v3.9.2 RCE漏洞分析 weiphp5.0 cms审计之exp表达式注入 zzzphp1.7.4&1.7.5到处都是sql注入 FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor zzcms 2019 版本代码审计 利用SQLmap 结合 OOB 技术实现音速盲注 特权提升技术总结之Windows文件服务内核篇(主要是在webshell命令行执行各种命令搜集信息)|(项目留存PDF版本) WellCMS 2.0 Beta3 后台任意文件上传 国外详细的CTF分析总结文章(2014-2017年) 这是一篇“不一样”的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码|原文地址 表达式注入.pdf WordPress ThemeREX Addons 插件安全漏洞深度分析 通达OA文件包含&文件上传漏洞分析 高级SQL注入:混淆和绕过 权限维持及后门持久化技巧总结 Windows常见的持久化后门汇总 Linux常见的持久化后门汇总 CobaltStrike4.0用户手册_中文翻译_3 Cobaltstrike 4.0之 我自己给我自己颁发license.pdf Cobalt Strike 4.0 更新内容介绍 Cobal_Strike_自定义OneLiner cobalt strike 快速上手 [ 一 ] Cobalt strike3.0使用手册 Cobalt_Strike_Spear_Phish_CS邮件钓鱼制作 Remote NTLM relaying through CS 渗透测试神器Cobalt Strike使用教程 Cobalt Strike的teamserver在Windows上快速启动脚本 ThinkPHP v6.0.0_6.0.1 任意文件操作漏洞分析 Django_CVE-2020-9402_Geo_SQL注入分析 CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行 安全狗SQL注入WAF绕过 通过将JavaScript隐藏在PNG图片中,绕过CSP 通达OA任意文件上传_文件包含GetShell 文件上传Bypass安全狗4.0 SQL注入Bypass安全狗4.0 通过正则类SQL注入防御的绕过技巧 MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得 bypass云锁注入测试 360webscan.php_bypass think3.2.3_sql注入分析 UEditor SSRF DNS Rebinding PHP代码审计分段讲解 京东SRC小课堂系列文章 windows权限提升的多种方式|Privilege_Escalation_in_Windows_for_OSCP bypass CSP|Content-Security-Policy(CSP)Bypass_Techniques 个人维护的安全知识框架,内容偏向于web PAM劫持SSH密码 零组资料文库-(需要邀请注册) redis未授权个人总结-Mature NTLM中继攻击的新方法 PbootCMS审计 De1CTF2020系列文章 xss-demo-超级简单版本的XSS练习demo 空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透 入门KKCMS代码审计 SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist 文件上传突破waf总结 极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞|原文地址 代码审计之DTCMS_V5.0后台漏洞两枚 快速判断sql注入点是否支持load_file 文件上传内容检测绕过 Fastjson_=1.2.47反序列化远程代码执行漏洞复现 【Android脱壳】_腾讯加固动态脱壳(上篇) 【Android脱壳】腾讯加固动态脱壳(下篇) 【Android脱壳】记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务 【Android抓包】记一次APP测试的爬坑经历.pdf 完整的内网域渗透-暗月培训之项目六 Android APP渗透测试方法大全 App安全检测指南-V1.0 借github上韩国师傅的一个源码实例再次理解.htaccess的功效 Pentest_Note-渗透Tips,总结了渗透测试常用的工具方法 红蓝对抗之Windows内网渗透-腾讯SRC出品 远程提取Windows中的系统凭证 绕过AMSI执行powershell脚本|AmsiScanBufferBypass-相关项目 踩坑记录-Redis(Windows)的getshell Cobal_Strike踩坑记录-DNS Beacon windows下隐藏webshell的方法 [DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./books/DEDECMS伪随机漏洞分析 (三) 碰撞点.pdf) 说明 此项目所有文章、代码部分来源于互联网,版权归原作者所有,此项目仅供学习参考使用,严禁用于任何非法行为!使用即代表你同意自负责任! About No description, website, or topics provided. Resources Readme License Apache-2.0 License Releases No releases published Languages PowerShell 49.3% Java 33.0% Python 12.7% C 2.2% HTML 0.7% PHP 0.6% Other 1.5%

No description, website, or topics provided.

Recent Articles

IT threat evolution Q1 2020. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev • 20 May 2020

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data.
According to Kaspersky Security Network,
Q1 2020 will be remembered primarily for the coronavirus pandemic and cybercriminals’ exploitation of the topic. In particular, the creators of a new modification of the Ginp banking trojan renamed their malware Coronavirus Finder and then began offering it for €0.75 disguised as an app supposedly capable...

RCE Exploit for Windows RDP Gateway Demoed by Researcher
BleepingComputer • Sergiu Gatlan • 27 Jan 2020

A remote code execution (RCE) exploit for Windows Remote Desktop Gateway (RD Gateway) was demoed by InfoGuard AG penetration tester Luca Marcelli, after a proof-of-concept denial of service exploit was released by Danish security researcher Ollypwn on Friday for the same pair of flaws.
The exploit targets the CVE-2020-0609 and CVE-2020-0610 bugs found in the Remote Desktop Gateway (RD Gateway) component on devices running Windows Server (2012, 2012 R2, 2016, and 2019).

Teenagers today. Can't take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist
The Register • Shaun Nichols in San Francisco • 25 Jan 2020

Also, Cisco, Citrix emit patches, US army advises using Signal

Roundup Here comes a summary of this week's computer security news beyond what we've already covered.
An 18-year-old man from Canada has been accused of stealing more than $50m in cryptocurrency using SIM-swapping attacks.
SIM swapping typically involves crooks tricking cellular network support staff to transfer victims' smartphone numbers to the criminals' own SIMs, and then using those numbers to reset passwords, or get two-factor authentication tokens, via text messages, and ultim...

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs
BleepingComputer • Sergiu Gatlan • 24 Jan 2020

A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.
RD Gateway is used to fence off Remote Desktop servers on internal networks from Internet connections and to only allow the ones that successfully authenticate on the gateway to reach the server.
The two vulner...

Microsoft Patch Tuesday – January 2020
Symantec Threat Intelligence Blog • Preethi Koroth • 15 Jan 2020

This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

Posted: 15 Jan, 202014 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – January 2020This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all softw...

Microsoft patches severe Windows flaw after tip‑off from NSA
welivesecurity • Tomáš Foltýn • 15 Jan 2020

Microsoft has shipped out a security patch to address a serious vulnerability in the Windows operating system that, if abused, could enable attackers to make malware appear as though it was code from a legitimate source.
The vulnerability, which is being fixed as part of this month’s Patch Tuesday rollout, affects a key cryptographic component of Windows 10, Windows Server 2019 and Windows Server 2016. The flaw was discovered by the United States’ National Security Agency (NSA), which,...

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows cert-spoofing bugs, RDP flaws...
The Register • Shaun Nichols in San Francisco • 14 Jan 2020

Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now

Patch Tuesday In the first Patch Tuesday of the year, Microsoft finds itself joined by Adobe, Intel, VMware, and SAP in dropping scheduled security updates.
This month's Microsoft security fixes include three more remote-code-execution vulnerabilities in Redmond's Windows Remote Desktop Protocol software. Two of the flaws (CVE-2020-0609, CVE-2020-0610) are present on the server side in RD Gateway – requiring no authentication – while a third (CVE-2020-0611) is found on the client side....

Microsoft's January 2020 Patch Tuesday Fixes 49 Vulnerabilities
BleepingComputer • Lawrence Abrams • 14 Jan 2020

Today is Microsoft's January 2020 Patch Tuesday and also the Windows 7 end of life. This is going to be a stressful day for your Windows administrators, so be nice!
With the release of the January 2020 security updates, Microsoft has released fixes for 49 vulnerabilities. Of these vulnerabilities, 7 are classified as Critical, 41 as Important, and 1 as Moderate.
One of the 'Critical' vulnerabilities fixed today was discovered by the NSA and could allow attackers to spoof digital ce...

Vulnerable perimeter devices: a huge attack surface
BleepingComputer • Ionut Ilascu • 01 Jan 1970

With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line.
Companies lack visibility into the growing network of internet-connected services and devices that support the new work paradigm; and the avalanche of vulnerabilities reported for edge devices make tackling the new security challenge even more difficult.