7.5
CVSSv2

CVE-2020-1938

Published: 24/02/2020 Updated: 28/06/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Tomcat could allow a remote malicious user to execute arbitrary code on the system, caused by a flaw in the AJP connector. By sending a specially-crafted AJP request, an attacker could exploit this vulnerability to execute arbitrary code or obtain sensitive information on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheTomcat7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.51, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.58, 7.0.59, 7.0.60, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.66, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.71, 7.0.72, 7.0.73, 7.0.74, 7.0.75, 7.0.76, 7.0.77, 7.0.78, 7.0.79, 7.0.80, 7.0.81, 7.0.82, 7.0.83, 7.0.84, 7.0.85, 7.0.86, 7.0.87, 7.0.88, 7.0.89, 7.0.90, 7.0.91, 7.0.92, 7.0.93, 7.0.94, 7.0.95, 7.0.96, 7.0.97, 7.0.98, 7.0.99, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.17, 8.5.18, 8.5.19, 8.5.20, 8.5.21, 8.5.22, 8.5.23, 8.5.24, 8.5.25, 8.5.26, 8.5.27, 8.5.28, 8.5.29, 8.5.30, 8.5.31, 8.5.32, 8.5.33, 8.5.34, 8.5.35, 8.5.36, 8.5.37, 8.5.38, 8.5.39, 8.5.40, 8.5.41, 8.5.42, 8.5.43, 8.5.44, 8.5.45, 8.5.46, 8.5.47, 8.5.48, 8.5.49, 8.5.50, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.0.11, 9.0.12, 9.0.13, 9.0.14, 9.0.15, 9.0.16, 9.0.17, 9.0.18, 9.0.19, 9.0.20, 9.0.21, 9.0.22, 9.0.23, 9.0.24, 9.0.25, 9.0.26, 9.0.27, 9.0.28, 9.0.29, 9.0.30

Vendor Advisories

Debian Bug report logs - #952437 tomcat9: vulnerable for "ghostcat", CVE-2020-1938 / CNVD-2020-10487 Package: tomcat9; Maintainer for tomcat9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat9 is src:tomcat9 (PTS, buildd, popcon) Reported by: Joost van Baal-Ilić <joostvb+debian- ...
Debian Bug report logs - #952436 tomcat7: CVE-2020-1938 AJP Request Injection and potential RCE Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Joost van Baal-Ilić <joostvb+debian-bugs@ ...
Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64Red Hat Product Security has rated this update as having a security impact of Important A C ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 64 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as h ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64Red Hat Product Security has rated this update as having a security impact of Important ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6423 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Red Hat JBoss Web Server 530 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this release as having a security impact ofImportant A Common ...
Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Commo ...
Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this release as having a security impact of Important A Common Vulnerability Scorin ...
Synopsis Important: Red Hat support for Spring Boot 2113 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Updated Red Hat JBoss Web Server 530 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated this relea ...
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian) For the oldstable distribution (stretch), these problems have been fixed in version 8554-0+deb9u1 We recommend that you upgrade your tomcat8 packages ...
In Apache Tomcat 900M1 to 9030, 850 to 8550 and 700 to 7099 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Enc ...
In Apache Tomcat 900M1 to 9030, 850 to 8550 and 700 to 7099 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Enc ...
This interim fix provides instructions on upgrading Apache Tomcat to v8553 in IBM Platform Symphony 71 Fix Pack 1 in order to address security vulnerabilities CVE-2020-1938, CVE-2020-1935 and CVE-2019-17569 in Apache Tomcat ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2020-1938 GhostCat Vulnerability Article Number: 000018077 Products: All Version: A ...
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u1 The ...
The host name verification when using TLS with the WebSocket client was missing It is now enabled by default Versions Affected: Apache Tomcat 900M1 to 909, 850 to 8531, 800RC1 to 8052, and 7035 to 7088 (CVE-2018-8034 ) The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in A ...

Github Repositories

Learnings on how to verify if vulnerable to Ghostcat (aka CVE-2020-1938)

Tomcat的文件包含及文件读取漏洞利用POC

CVE-2020-1938

Test Explo for Ghostcat CVE-2020-1938

批量扫描TomcatAJP漏洞

CVE-2020-1938漏洞复现

No description, website, or topics provided.

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核

在一定条件下可执行命令

CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc

No description, website, or topics provided.

CVE-2020-1938

No description, website, or topics provided.

批量检测幽灵猫漏洞

tomcat ajp read and execute file,CNVD-2020-10487(CVE-2020-1938)

利用任意文件下载漏洞自动循环下载并反编译class文件获得网站源码

CVE-2020-1938(GhostCat) clean and readable code version

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核

批量扫描TomcatAJP漏洞

Java安全相关的漏洞和技术demo,其中包括原生Java、Fastjson、Jackson、Hessian2以及XML反序列化漏洞利用和Dubbo(Hessian2反序列化)、Shiro(PaddingOracleCBC)等框架的exploits,并且还有Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。

No description, website, or topics provided.

CNVD-2020-10487 OR CVE-2020-1938 批量验证脚本,批量验证,并自动截图,方便提交及复核

CNVD-2020-10487(CVE-2020-1938), tomcat ajp lfi poc

CVE-2020-1938 / CNVD-2020-1048 Detection Tools

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit calmateo committed 156f953 15 minutes ago Create README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Create README.md 15 minutes ago ghostCatch.ps1 Create ghostCatch.ps1 16 minutes ago View code README.md ghostcatch Remediates CVE-2020-1938 for those who can't upgrade quickly and don't use AJP How? Finds all Apache Tomcat AJP connectors and comments them out! About Finds all Apache Tomcat AJP connectors and comments them out! Resources Readme Releases No releases published Languages PowerShell 100.0%

No description, website, or topics provided.

No description, website, or topics provided.

This is an open source Snort rules repository

exp for CNVD-2020-10487(CVE-2020-1938)

基于 Knownsec 404 Team 编写的 pocsuite3 框架收集整理漏洞相关POC,用于安全测试。

No description, website, or topics provided.

vulfocus docker vulnerability-environment cve-2020-12409 cve-2020-7961 cve-2020-1938 cnvd-2019-22238 cve-2019-17564 cve-2019-15107 cve-2019-8942 cnvd-2018-24942

第1.5阶段:武器积累

goby vulnerability-research

CMS、中间件漏洞检测利用合集 Since 2019-9-15

CVE-2019-0193 RCE

Branch: master Go to file Clone Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Downloading Want to be notified of new releases in xqx12/daily-info? Sign in Sign up Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit debian-vpn committed 92a9518 2 minutes ago … update techinfo, 2020-06-28 20:10:05 Git stats 68 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time readme init the repo 2 days ago readme.md update techinfo, 2020-06-28 20:10:05 2 minutes ago tech_info_202006.md update techinfo, 2020-06-28 20:10:05 2 minutes ago tech_info_20200626.md update techinfo, 2020-06-26 23:47:04 2 days ago tech_info_20200627.md update techinfo, 2020-06-27 21:58:48 22 hours ago tech_info_20200628.md update techinfo, 2020-06-28 20:10:05 2 minutes ago View code readme.md 互联网安全 推荐 ts title url 20200628 BurpCrypto: 万能网站密码爆破测试工具 https://www.freebuf.com/sectool/238272.html 20200628 云安全市场现状与需求调研 , 给AWS云找找“茬”(上) https://www.freebuf.com/articles/paper/241272.html 20200628 14多万条学生的个人信息被泄露 https://www.freebuf.com/news/241309.html 20200628 臭名昭著的Fxmsp如何一步步成为“暗网隐形的神” https://www.freebuf.com/news/241168.html 20200628 挖洞经验 , 利用系列视频创建功能删除任意Facebook平台图片($10,000) https://www.freebuf.com/vuls/239236.html 20200628 “维基解密”创始人被追加起诉与黑客合作窃密,或将面临175年监禁 https://www.freebuf.com/news/241311.html 20200628 「京麒安全沙龙」拍了拍你 , 快来康康6月30日的直播活动都有啥! https://www.freebuf.com/open/241099.html 20200628 云WAF如何防止敏感信息泄漏 https://www.freebuf.com/articles/web/239300.html 20200628 FreeBuf早报|Apple iOS 14和macOS Big Sur中添加了新的隐私功能;VirusTotal增加了Cynet基于人工智能的恶意软件检测;德法院裁定Facebook需遵守监管命令 https://www.freebuf.com/news/241133.html 20200628 某租车系统Java代码审计之后台注入漏洞分析 https://www.freebuf.com/vuls/238175.html 玄武实验室 推荐 ts title url 20200628 通过学习挖掘DNS MX记录来以获取流行电子邮件的安全体系研究。 https://medium.com/@jason_trost/mining-dns-mx-records-for-fun-and-profit-7a069da9ee2d 20200628 FreeDVDBoot-通过对其DVD播放器入侵PlayStation 2安全研究。 https://cturt.github.io/freedvdboot.html 20200628 APC系列:KiUserApcDispatcher演变与Wow64技术的研究。 https://repnz.github.io/posts/apc/wow64-user-apc/ 20200628 在macOS平台下使用Swift做安全开发研究。 https://medium.com/red-teaming-with-a-blue-team-mentaility/using-macos-internals-for-post-exploitation-b5faaa11e121?source=social.tw&_branch_match_id=805938169909134436 20200628 如何在AWS Lambda上使用Swift进行开发 https://github.com/swift-server/swift-aws-lambda-runtime/ 20200628 微软发布免费文件恢复工具 https://support.microsoft.com/en-in/help/4538642/windows-10-restore-lost-files 20200628 linux内核调试视频教程第三节 https://www.youtube.com/watch?v=unizGCcZg3Y&feature=youtu.be 20200628 使用syzkaller对驱动程序进行Fuzzing https://lwn.net/Articles/824598/rss 20200628 Windows10(1909)中超300个系统dll可被DLL劫持攻击 https://www.bleepingcomputer.com/news/security/almost-300-windows-10-executables-vulnerable-to-dll-hijacking/ 20200628 使用QASan对二进制文件进行Fuzzing以检查内存安全 https://sec.today/pulses/fc209569-dfee-4cac-af72-ba9e7bac71ac/ 20200628 Linux下的网络数据包和流量拦截器,可进行ARP欺骗和网络窃听 https://sec.today/pulses/922091b9-a0ca-44ff-9c4c-2904e62cdf77/ 20200628 使用QASan对二进制文件进行Fuzzing以检查内存安全 https://andreafioraldi.github.io/assets/qasan-secdev20.pdf 20200628 Linux下的网络数据包和流量拦截器,可进行ARP欺骗和网络窃听 https://www.kitploit.com/2020/06/espionage-network-packet-and-traffic.html 安全维基 推荐 ts title url 20200628 APT的思考: PowerShell命令混淆高级对抗 https://mp.weixin.qq.com/s/Sg0LK8emSWP1m-yds4VGrQ 20200628 SPIDER: Enabling Fast Patch Propagation in Related Softwar... https://securitygossip.com/blog/2020/05/26/spider-enabling-fast-patch-propagation-in-related-software-repositories/ 20200628 Recovering Credentials from a Process inside a Docker Cont... https://blog.pentesteracademy.com/recovering-credentials-from-a-docker-container-process-using-docker-checkpoint-and-gdb-ea22e8898d2b 20200628 Java Deserialization Exploitation With Customized Ysoseria... https://rhinosecuritylabs.com/research/java-deserializationusing-ysoserial/ 20200628 Using SQL Injection to perform SSRF/XSPA attacks https://ibreak.software/2020/06/using-sql-injection-to-perform-ssrf-xspa-attacks/ 20200628 Mining DNS MX Records for Fun and Profit https://medium.com/@jason_trost/mining-dns-mx-records-for-fun-and-profit-7a069da9ee2d CVE Github 推荐 ts cve_id title url cve_detail 20200628T20:49:46Z CVE-2020-10665 POC for CVE-2020-10665 Docker Desktop Local Privilege Escalation https://github.com/spaceraccoon/CVE-2020-10665 MYMEMORY WARNING: YOU USED ALL AVAILABLE FREE TRANSLATIONS FOR TODAY. NEXT AVAILABLE IN 22 HOURS 50 MINUTES 53 SECONDSVISIT HTTPS://MYMEMORY.TRANSLATED.NET/DOC/USAGELIMITS.PHP TO TRANSLATE MORE 20200628T15:22:04Z CVE-2020-0121 Null https://github.com/mooneee/CVE-2020-0121 MYMEMORY WARNING: YOU USED ALL AVAILABLE FREE TRANSLATIONS FOR TODAY. NEXT AVAILABLE IN 22 HOURS 50 MINUTES 55 SECONDSVISIT HTTPS://MYMEMORY.TRANSLATED.NET/DOC/USAGELIMITS.PHP TO TRANSLATE MORE 20200628T14:23:04Z 未知编号 CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送 https://github.com/404notf0und/CVE-Flow 未查询到CVE信息 20200628T13:45:30Z CVE-2020-12856 A bluetooth-related vulnerability in some contact tracing apps https://github.com/alwentiu/COVIDSafe-CVE-2020-12856 MYMEMORY WARNING: YOU USED ALL AVAILABLE FREE TRANSLATIONS FOR TODAY. NEXT AVAILABLE IN 22 HOURS 50 MINUTES 41 SECONDSVISIT HTTPS://MYMEMORY.TRANSLATED.NET/DOC/USAGELIMITS.PHP TO TRANSLATE MORE 20200628T13:35:45Z CVE-2020-1948 Null https://github.com/ctlyz123/CVE-2020-1948 未查询到CVE信息 20200628T12:34:55Z CVE-2020-11444 Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,优先更新高危且易利用的漏洞利用脚本,最新添加CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340 https://github.com/zhzyker/exphub MYMEMORY WARNING: YOU USED ALL AVAILABLE FREE TRANSLATIONS FOR TODAY. NEXT AVAILABLE IN 22 HOURS 50 MINUTES 39 SECONDSVISIT HTTPS://MYMEMORY.TRANSLATED.NET/DOC/USAGELIMITS.PHP TO TRANSLATE MORE 20200628T08:19:59Z CVE-2020-8163 CVE-2020-8163 - Remote code execution of user-provided local names in Rails https://github.com/sh286/CVE-2020-8163 未查询到CVE信息 20200628T05:38:01Z CVE-2020-0787 Support ALL Windows Version https://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION MYMEMORY WARNING: YOU USED ALL AVAILABLE FREE TRANSLATIONS FOR TODAY. NEXT AVAILABLE IN 22 HOURS 50 MINUTES 45 SECONDSVISIT HTTPS://MYMEMORY.TRANSLATED.NET/DOC/USAGELIMITS.PHP TO TRANSLATE MORE klee on Github 推荐 ts title url stars forks 20200628T03:06:16Z A simple quine generator (for sed). https://github.com/Circiter/quine-kleene-generator 0 0 s2e on Github 推荐 ts title url stars forks exploit on Github 推荐 ts title url stars forks 20200628T23:52:57Z This Bufferflow Guide includes instructions and the scripts necessary for Buffer Overflow Exploitation. This guide is a supplement for TheCyberMentor%s walkthrough. Please watch his walkthrough if you%re confused. Feel free to implement Pull Requests or raise Issues. https://github.com/planetxort/Buffer-Overflow-Guide 20 3 20200628T23:50:57Z Script to check MikroTik Routers the WinBox Authentication Bypass Disclosure & RouterOS Jailbreak vulnerabilities https://github.com/s1l3nt78/MkCheck 20 8 20200628T23:47:27Z Null https://github.com/Jb05s/Exploit-Dev-C 1 4 20200628T23:31:34Z Kernel Exploits https://github.com/connormcgarr/Kernel-Exploits 0 0 20200628T23:31:16Z Solution to BFS Ekoparty 2019 Exploitation Challenge https://github.com/skogafoss/BFS-Ekoparty-2019 0 0 20200628T23:30:43Z PlayStation 2 DVD Player Exploit https://github.com/CTurt/FreeDVDBoot 139 11 20200628T23:27:24Z This repository contains the reports of some of the exercises and project done in my Security course. It includes reports on attacks and exploitation like Buffer Overflow, Integer overflow, Sql Injection, XSS, XSRF. It also includes test automation using Selenium with Java to automate True positive vulnerabilities found on a web app [to be updated]. https://github.com/mondayevidence/SecurityTesting 0 0 20200628T22:26:29Z single file ctf/exploit client library - python3, type annotated https://github.com/lunixbochs/mpwn 36 5 20200628T22:00:13Z This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. https://github.com/The-Art-of-Hacking/h4cker 6629 1038 20200628T21:53:28Z Automated All-in-One OS command injection and exploitation tool. https://github.com/commixproject/commix 2324 542 backdoor on Github 推荐 ts title url stars forks 20200628T23:28:36Z Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable https://github.com/persianhydra/Xeexe-TopAntivirusEvasion 26 10 20200628T22:45:33Z Null https://github.com/lrjunior123/BackdoorMan 0 0 20200628T22:33:24Z UNIX PAM Backdoor with rolling passwords https://github.com/moortality/pamdoor 0 0 20200628T21:46:11Z Tool untuk membantu eksploitasi shell di linux target seperti membuat user backdoor dengan akses root, mendapatkan user dan password linux dari memory server dan menghapus jejak dari target server https://github.com/kurniawandata/xcodeshellexploitation 1 0 20200628T21:42:55Z Script backdoor upload untuk disisipkan pada file php yang ada di website target https://github.com/kurniawandata/xcodebackdoorupload 0 0 20200628T17:55:10Z Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python https://github.com/n1nj4sec/pupy 5623 1487 20200628T17:38:16Z A deck-building roguelike cyberpunk game. https://github.com/uspgamedev/backdoor 14 2 20200628T15:59:51Z Null https://github.com/X-MarsHall/Shell-Backdoor 0 0 20200628T13:59:04Z Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors https://github.com/secretsquirrel/the-backdoor-factory 2516 703 20200628T11:27:40Z Advanced Attack toolkit, Native C++ RAT, Instagram Brute Force and Password Spraying over Tor, Mass Emailer, Malicious file Sentinel and more. https://github.com/quantumcored/paradoxia 121 20 fuzz on Github 推荐 ts title url stars forks 20200628T22:17:25Z Pedal Multiefecto para guitarra electrica (LoopBack, Delay, Fuzz y Wah-wah) https://github.com/jrosmirez94/Pedal-Multiefecto 0 0 20200628T21:10:36Z Null https://github.com/renanreboredo/fuzzy-trader 0 0 20200628T21:01:06Z Null https://github.com/handong32/NicFuzzer 0 0 20200628T20:57:23Z Null https://github.com/bahadrzeren/InvPendFuzzyController 0 0 20200628T20:43:45Z Null https://github.com/rrkoti/fuzzy-journey 0 0 20200628T19:53:21Z Repeat tests. Repeat tests. Repeat tests. https://github.com/ehmicky/test-each 88 1 20200628T19:47:07Z Null https://github.com/BayooG/fuzzy-robot-avoding-obstacles 1 0 20200628T19:33:57Z Null https://github.com/leodealmeida/fuzzyTrader 0 0 20200628T19:08:42Z Personal website of Laurence Hughes https://github.com/fuzzylogicxx/fuzzylogic 4 1 20200628T18:17:36Z Fuzzy System for Warehouse Ordering System https://github.com/mariusraht1/AI_2_FuzzySystem 0 0 日更新程序 About No description, website, or topics provided. Resources Readme Releases No releases published

平常看到好的各种工具的集合

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Mr-xn committed 0feda91 yesterday update reademe Git stats 537 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BlueKeep add add bluekeep-CVE-2019-0708-python 8 months ago CVE-2018-6389 add CVE-2018-6389 10 months ago CVE-2019-0211-apache add CVE-2019-0211-apache 9 months ago CVE-2019-0803 add CVE-2019-0803 Win32k漏洞提权工具 9 months ago CVE-2019-11043 add CVE-2019-11043-PHP远程代码执行漏 9 months ago CVE-2019-11510 add CVE-2019-11510 11 months ago CVE-2019-13051 add ThinkCMF漏洞全集和 9 months ago CVE-2019-15107 uplaod 11 months ago CVE-2019-16097 add Harbor remote add admin user 10 months ago CVE-2019-6977-imagecolormatch add CVE-2019-6977-imagecolormatch 9 months ago CVE-2019-8451 add CVE-2019-8451 10 months ago IIS/CVE-2017-7269-Echo-PoC upload img md rb file 11 months ago POC_Details add D-Link Devices - Unauthenticated Remote Command Execution in ssdp… 5 months ago Struts2_045-Poc upload 12 months ago WeblogicScanLot upload about Weblogic 10 months ago books add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell) 3 days ago discuz-ml-rce update README.md 12 months ago img add 绕过ASM执行powershell脚本 7 days ago jboss_CVE-2017-12149 add jboss_CVE-2017-12149 10 months ago macOS-Kernel-Exploit add macOS-Kernel-Exploit 10 months ago redis-rogue-server upload Redis(<=5.0.5) RCE 10 months ago tools add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 3 days ago tp5-getshell add tp3-5getshell&构建ASMX绕过限制WAF达到命令执行 9 months ago zentao-getshell add zentao-getshell 禅道8.2 - 9.2.1前台Getshell 10 months ago Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md update 12 months ago Apache Solr RCE via Velocity Template Injection.md add some cve and poc 6 months ago CVE-2019-0708-msf快速搭建.md Update CVE-2019-0708-msf快速搭建.md 10 months ago CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md Update CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md 11 months ago CVE-2019-15107 Webmin 1.920 远程命令执行漏洞.md add CVE-2019-15107 Webmin 1.920 远程命令执行漏洞 44139-mysql-udf-exploitation… 9 months ago CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md add CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md 10 months ago CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞.md add CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 10 months ago CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd.md add CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd 9 months ago CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞.md add CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 10 months ago CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md add CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 10 months ago CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell.md add indexhibit cms v2.1.5 直接编辑php文件getshell 10 months ago CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md 10 months ago CVE-2019-16920-D-Link-rce.md add CVE-2019-16920-D-Link-rce 9 months ago CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md add CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux… 9 months ago CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass.md add CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass 9 months ago CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞.md add CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞 9 months ago CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行.md add CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 8 months ago CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行.md add CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 9 months ago CVE-2020-0554:phpMyAdmin后台SQL注入.md add CVE-2020-0554:phpMyAdmin后台SQL注入 4 months ago CVE-2020-0796检测与修复.md update CVE-2020-0796检测与修复.md 4 months ago CVE-2020-8794-OpenSMTPD 远程命令执行漏洞.md add CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 4 months ago CVE-2020-8813 - Cacti v1.2.8 RCE.md add CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析 5 months ago CVE-2020-9374.md add CVE-2020-9374-TP LINK TL-WR849N - RCE 4 months ago Cobub Razor 0.7.2存在跨站请求伪造漏洞.md update 12 months ago Cobub Razor 0.7.2越权增加管理员账户.md update 12 months ago Cobub Razor 0.8.0存在SQL注入漏洞.md Update Cobub Razor 0.8.0存在SQL注入漏洞.md 12 months ago Cobub Razor 0.8.0存在物理路径泄露漏洞.md update 12 months ago Couch through 2.0存在路径泄露漏洞.md upload 12 months ago DomainMod的XSS集合.md update 12 months ago Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH).md add Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 9 months ago FineCMS_v5.0.8两处getshell.md upload 12 months ago Finecms_v5.4存在CSRF漏洞可修改管理员账户密码.md update 12 months ago GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户.md update 12 months ago Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号.md update 12 months ago Joomla-3.4.6-RCE.md update Joomla-3.4.6-RCE 9 months ago LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户.md update 12 months ago LICENSE Update LICENSE 5 months ago MetInfoCMS 5.X版本GETSHELL漏洞合集.md upload discuz-ml-rce 12 months ago Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞.md update 12 months ago MiniCMS 1.10存在CSRF漏洞可增加管理员账户.md update 12 months ago PAM劫持SSH密码.md add PAM劫持SSH密码 2 months ago README.md update reademe yesterday S-CMS PHP v3.0存在SQL注入漏洞.md update 12 months ago S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号.md update 12 months ago ThinkCMF漏洞全集和.md add ThinkCMF漏洞全集和 9 months ago WDJACMS1.5.2模板注入漏洞.md add WDJACMS1.5.2模板注入漏洞.md 6 months ago YzmCMS 3.6存在XSS漏洞.md update 12 months ago Z-Blog 1.5.1.1740存在XSS漏洞.md update 12 months ago ZZCMS201910 SQL Injections.md add zzcms201910 sql注入 6 months ago adduser添加用户.md add adduser添加用户 6 months ago cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC.md add cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC 8 months ago freeFTP1.0.8-'PASS'远程缓冲区溢出.md freeFTP1.0.8-PASS远程缓冲区溢出 9 months ago indexhibit cms v2.1.5 直接编辑php文件getshell.md update 12 months ago joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户.md update 12 months ago maccms_v10存在CSRF漏洞可增加任意账号.md update 12 months ago rConfig v3.9.2 RCE漏洞.md add rConfig v3.9.2 RCE漏洞 8 months ago showdoc的api_page存在任意文件上传getshell.md add showdoc的api_page存在任意文件上传getshell&xss-demo-超级简单版本的XSS练习demo&xFTP6密码解密 2 months ago solr_rce.md add solre_rce 8 months ago thinkphp5命令执行.md upload 12 months ago thinkphp5框架缺陷导致远程代码执行.md upload 12 months ago typecho反序列化漏洞.md upload 12 months ago yii2-statemachine v2.x.x存在XSS漏洞.md update 12 months ago 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户.md update 12 months ago 华为WS331a产品管理页面存在CSRF漏洞.md upload 12 months ago 天翼创维awifi路由器存在多处未授权访问漏洞.md upload 12 months ago 快速判断sql注入点是否支持load_file.md add 79款 Netgear 路由器遭远程接管0day&代码审计之DTCMS_V5.0后台漏洞两枚&快速判断sql注入点是否支持load… 20 days ago 构建ASMX绕过限制WAF达到命令执行.md Update 构建ASMX绕过限制WAF达到命令执行.md 9 months ago 泛微 e-cology OA 前台SQL注入漏洞.md add 泛微 e-cology OA 前台SQL注入漏洞 9 months ago 泛微OA管理系统RCE漏洞利用脚本.md 泛微OA管理系统RCE漏洞利用脚本.md 10 months ago 泛微e-mobile ognl注入.md add 泛微e-mobile ognl注入&表达式注入.pdf 4 months ago 致远OA_A8_getshell_0day.md upload 12 months ago 通达OA前台任意用户伪造登录漏洞批量检测.md add 通达OA前台任意用户伪造登录漏洞批量检测 3 months ago 通过phpinfo获取cookie突破httponly.md add 通过phpinfo获取cookie突破httponly.md 3 months ago View code README.md Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 D-Link路由器RCE漏洞 CVE-2019-13051-Pi-Hole路由端去广告软件的命令注入&权限提升 D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621) Huawei HG255 Directory Traversal[目录穿越]|本地备份文件 D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)CVE-2019-20215(Metasploit) 从 Interfaces.d 到 RCE:Mozilla WebThings IoT 网关漏洞挖掘 小米系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371) Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload-未经验证即可替换固件) cve-2020-8634&cve-2020-8635|Wing FTP Server 6.2.3权限提升漏洞发现分析复现过程|Wing FTP Server 6.2.5权限提升 CVE-2020-9374-TP LINK TL-WR849N - RCE CVE-2020-12753-LG 智能手机任意代码执行漏洞 CVE-2020-12695-UPnP 安全漏洞 79款 Netgear 路由器遭远程接管0day Web APP 致远OA_A8_getshell_0day Couch through 2.0存在路径泄露漏洞 Cobub Razor 0.7.2存在跨站请求伪造漏洞 joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户 MiniCMS 1.10存在CSRF漏洞可增加管理员账户 Z-Blog 1.5.1.1740存在XSS漏洞 YzmCMS 3.6存在XSS漏洞 Cobub Razor 0.7.2越权增加管理员账户 Cobub Razor 0.8.0存在SQL注入漏洞 Cobub Razor 0.8.0存在物理路径泄露漏洞 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户 DomainMod的XSS集合 GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户 yii2-statemachine v2.x.x存在XSS漏洞 maccms_v10存在CSRF漏洞可增加任意账号 LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户 Finecms_v5.4存在CSRF漏洞可修改管理员账户密码 Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞 Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞 Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号 indexhibit cms v2.1.5 直接编辑php文件getshell S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号 S-CMS PHP v3.0存在SQL注入漏洞 MetInfoCMS 5.X版本GETSHELL漏洞合集 discuz ml RCE 漏洞检测工具 thinkphp5框架缺陷导致远程代码执行 FineCMS_v5.0.8两处getshell Struts2_045漏洞批量检测|搜索引擎采集扫描 thinkphp5命令执行 typecho反序列化漏洞 CVE-2019-10173 Xstream 1.4.10版本远程代码执行 IIS/CVE-2017-7269-Echo-PoC CVE-2019-15107 Webmin RCE thinkphp5 rce漏洞检测工具 thinkphp5_RCE合集 thinkphp3.X-thinkphp5.x 关于ThinkPHP框架的历史漏洞分析集合 CVE-2019-11510 Redis(<=5.0.5) RCE Redis 4.x/5.x RCE(主从复制导致RCE) 生成Redis恶意模块so文件配合主从复制RCE达到命令执行|相关文章 RedisWriteFile-通过 Redis 主从写出无损文件,可用于 Windows 平台下写出无损的 EXE、DLL、 LNK 和 Linux 下的 OS 等二进制文件 WeblogicScanLot系列,Weblogic漏洞批量检测工具 jboss_CVE-2017-12149 Wordpress的拒绝服务(DoS)-CVE-2018-6389 Webmin Remote Code Execution (authenticated)-CVE-2019-15642 CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞 CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell 泛微OA管理系统RCE漏洞利用脚本 CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit zentao-getshell 禅道8.2 - 9.2.1前台Getshell 泛微 e-cology OA 前台SQL注入漏洞 Joomla-3.4.6-RCE Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境) CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd CVE-2019-11043-PHP远程代码执行漏 ThinkCMF漏洞全集和 CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 ecologyExp.jar-泛微ecology OA系统数据库配置文件读取 freeFTP1.0.8-'PASS'远程缓冲区溢出 rConfig v3.9.2 RCE漏洞 apache_solr_rce CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 Apache Flink任意Jar包上传导致远程代码执行 用于检测JSON接口令牌安全性测试 cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC CVE-2019-12409_Apache_Solr RCE Shiro RCE (Padding Oracle Attack) CVE-2019-19634-class.upload.php <= 2.0.4任意文件上传 Apache Solr RCE via Velocity Template Injection CVE-2019-10758-mongo-express before 0.54.0 is vulnerable to Remote Code Execution CVE-2019-2107-Android播放视频-RCE-POC(Android 7.0版本,7.1.1版本,7.1.2版本,8.0版本,8.1版本,9.0版本) CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11) CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞,影响: 4.0.0版本至4.6.0版本) ZZCMS201910 SQL Injections WDJACMS1.5.2模板注入漏洞 CVE-2019-19781-Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781.nse---use Nmap check Citrix ADC Remote Code Execution Mysql Client 任意文件读取攻击链拓展 CVE-2020-5504-phpMyAdmin注入(需要登录) CVE-2020-5509-Car Rental Project 1.0版本中存在远程代码执行漏洞 CryptoAPI PoC CVE-2020-0601|另一个PoC for CVE-2020-0601 New Weblogic RCE (CVE-2020-2546、CVE-2020-2551) CVE-2020-2546|WebLogic WLS核心组件RCE分析(CVE-2020-2551)|CVE-2020-2551-Weblogic IIOP 反序列化EXP CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC PHPOK v5.3&v5.4getshell | phpok V5.4.137前台getshell分析 | PHPOK 4.7从注入到getshell thinkphp6 session 任意文件创建漏洞复现 含POC --- 原文在漏洞推送公众号上 ThinkPHP 6.x反序列化POP链(一)|原文链接 ThinkPHP 6.x反序列化POP链(二)|原文链接 ThinkPHP 6.x反序列化POP链(三)|原文链接 WordPress InfiniteWP - Client Authentication Bypass (Metasploit) 【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC CVE-2019-17564 : Apache Dubbo反序列化漏洞 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) YzmCMS 5.4 后台getshell 关于Ghostcat(幽灵猫CVE-2020-1938漏洞):CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc|Java版本POC|Tomcat-Ajp协议文件读取漏洞|又一个python版本CVE-2020-1938漏洞检测|CVE-2020-1938-漏洞复现环境及EXP CVE-2020-8840:Jackson-databind远程命令执行漏洞(或影响fastjson) CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析(需要认证/或开启访客即可不需要登录)(一款Linux是基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具)|EXP|CVE-2020-8813MSF利用脚本 CVE-2020-7246-PHP项目管理系统qdPM< 9.1 RCE CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞 CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞 Apache ActiveMQ 5.11.1目录遍历/ Shell上传 CVE-2020-2555:WebLogic RCE漏洞POC|CVE-2020-2555-Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE CVE-2020-1947-Apache ShardingSphere UI YAML解析远程代码执行漏洞 CVE-2020-0554:phpMyAdmin后台SQL注入 泛微E-Mobile Ognl 表达式注入|表达式注入.pdf 通达OA RCE漏洞 CVE-2020-10673-jackson-databind JNDI注入导致远程代码执行 CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面(Sonatype Nexus <3.21.1) CVE-2020-2555-Oracle Coherence 反序列化漏洞|分析文章 cve-2020-5260-Git凭证泄露漏洞 通达OA前台任意用户伪造登录漏洞批量检测 CVE-2020-11890 JoomlaRCE <3.9.17 远程命令执行漏洞(需要有效的账号密码) CVE-2020-10238【JoomlaRCE <= 3.9.15 远程命令执行漏洞(需要有效的账号密码)】&CVE-2020-10239【JoomlaRCE 3.7.0 to 3.9.15 远程命令执行漏洞(需要有效的账号密码)】 CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3|CVE-2020-2883-Weblogic coherence.jar RCE tongda_oa_rce-通达oa 越权登录+文件上传getshell CVE-2020-11651-SaltStack Proof of Concept【认证绕过RCE漏洞】|CVE-2020-11651&&CVE-2020-11652 EXP showdoc的api_page存在任意文件上传getshell Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法 SpringBoot_Actuator_RCE jizhicms(极致CMS)v1.7.1代码审计-任意文件上传getshell+sql注入+反射XSS CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞|CVE-2020-9484:Apache Tomcat 反序列化RCE漏洞的分析和利用 PHPOK 最新版漏洞组合拳 GETSHELL Apache Kylin 3.0.1命令注入漏洞 weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory CVE-2020-5410 Spring Cloud Config目录穿越漏洞 NewZhan CMS 全版本 SQL注入(0day) 盲注 or 联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day) 从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过 CVE-2020-1948 : Apache Dubbo 远程代码执行漏洞 CVE-2020-5902-F5 BIG-IP 远程代代码执行(RCE)&任意文件包含读取 提权辅助相关 windows-kernel-exploits Windows平台提权漏洞集合 windows 溢出提权小记/本地保存了一份+Linux&Windows提取脑图 Windows常见持久控制脑图 CVE-2019-0803 Win32k漏洞提权工具 脏牛Linux提权漏洞 远控免杀从入门到实践之白名单(113个)|远控免杀从入门到实践之白名单(113个)总结篇.pdf Linux提权-CVE-2019-13272 A linux kernel Local Root Privilege Escalation vulnerability with PTRACE_TRACEME Linux权限提升辅助一键检测工具 将powershell脚本直接注入到进程中执行来绕过对powershell.exe的限制 CVE-2020-2696 – Local privilege escalation via CDE dtsession CVE-2020-0683-利用Windows MSI “Installer service”提权 Linux sudo提权辅助工具—查找sudo权限配置漏洞 Windows提权-CVE-2020-0668:Windows Service Tracing本地提权漏洞 Linux提取-Linux kernel XFRM UAF poc (3.x - 5.x kernels)2020年1月前没打补丁可测试 linux-kernel-exploits Linux平台提权漏洞集合 Linux提权辅助检测Perl脚本|Linux提权辅助检测bash脚本 CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost|【Windows提取】Windows SMBv3 LPE exploit 已编译版.exe|SMBGhost_RCE_PoC-远程代码执行EXP|Windows_SMBv3_RCE_CVE-2020-0796漏洞复现 getAV---windows杀软进程对比工具单文件版 【Windows提权工具】Windows 7 to Windows 10 / Server 2019|搭配CS的修改版可上线system权限的session 【Windows提权工具】SweetPotato修改版,用于webshell下执行命令|本地编译好的版本|点击下载或右键另存为|SweetPotato_webshell下执行命令版.pdf 【bypass UAC】Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe" 【Windows提权】CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 【Windows提权 Windows 10&Server 2019】PrintSpoofer-Abusing Impersonation Privileges on Windows 10 and Server 2019|配合文章食用-pipePotato复现|Windows 权限提升 BadPotato-已经在Windows 2012-2019 8-10 全补丁测试成功 【Windows提权】Windows 下的提权大合集 【Windows提权】-CVE-2020-1048 | PrintDemon本地提权漏洞-漏洞影响自1996年以来发布(Windows NT 4)的所有Windows版本 【Windows bypass UAC】UACME-一种集成了60多种Bypass UAC的方法 CVE-2020–1088: Windows wersvc.dll 任意文件删除本地提权漏洞分析 【Windows提权】CVE-2019-0863-Windows中错误报告机制导致的提权-EXP 【Windows提权】CVE-2020-1066-EXP 【Windows提权】CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-适用于Windows所有版本的提权EXP 【Windows提权】CVE-2020-1054-Win32k提权漏洞Poc 【Linux提权】对Linux提权的简单总结 【Windows提权】wesng-Windows提权辅助脚本 PC 微软RDP远程代码执行漏洞(CVE-2019-0708) CVE-2019-0708-python版 MS17-010-微软永恒之蓝漏洞 macOS-Kernel-Exploit CVE-2019-1388 UAC提权 (nt authority\system) CVE-2019-1405和CVE-2019-1322:通过组合漏洞进行权限提升 Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation CVE-2019-11708 Telegram(macOS v4.9.155353) 代码执行漏洞 Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610 Microsoft SharePoint - Deserialization Remote Code Execution CVE-2020-0728-Windows Modules Installer Service 信息泄露漏洞 CVE-2020-0618: 微软 SQL Server Reporting Services远程代码执行(RCE)漏洞|GitHub验证POC(其实前文的分析文章也有) CVE-2020-0767Microsoft ChakraCore脚本引擎【Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分】安全漏洞 CVE-2020-0688:微软EXCHANGE服务的远程代码执行漏洞|CVE-2020-0688_EXP---另一个漏洞检测利用脚本|又一个cve-2020-0688利用脚本|Exploit and detect tools for CVE-2020-0688 CVE-2020-0674: Internet Explorer远程代码执行漏洞检测 CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 Linux平台-CVE-2020-8597: PPPD 远程代码执行漏洞 Windows-CVE-2020-0796:疑似微软SMBv3协议“蠕虫级”漏洞|相关讨论|CVE-2020–0796检测与修复|又一个CVE-2020-0796的检测工具-可导致目标系统崩溃重启 SMBGhost_RCE_PoC(CVE-2020-0796) WinRAR 代码执行漏洞 (CVE-2018-20250)-POC|相关文章|全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250) windows10相关漏洞EXP&POC shiro rce 反序列 命令执行 一键工具 CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】 CVE-2019-1253-Windows权限提升漏洞-AppXSvc任意文件安全描述符覆盖EoP的另一种poc|CVE-2019-1253 BypassAV【免杀】Cobalt Strike插件,用于快速生成免杀的可执行文件 CVE-2020-0674:Internet Explorer UAF 漏洞exp【在64位的win7测试了IE 8, 9, 10, and 11】 SMBGhost_AutomateExploitation-SMBGhost (CVE-2020-0796) Automate Exploitation and Detection MS Windows OLE 远程代码执行漏洞(CVE-2020-1281) tools-小工具集合 java环境下任意文件下载情况自动化读取源码的小工具 Linux登录日志清除/伪造 python2的socks代理 dede_burp_admin_path-dedecms后台路径爆破(Windows环境) PHP 7.1-7.3 disable_functions bypass 一个各种方式突破Disable_functions达到命令执行的shell 【PHP】bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail) 另一个bypass PHP的disable_functions cmd下查询3389远程桌面端口 伪装成企业微信名片的钓鱼代码 vbulletin5-rce利用工具(批量检测/getshell)/保存了一份源码:vbulletin5-rce.py CVE-2017-12615 通过Shodan和favicon icon发现真实IP地址 Cobalt_Strike扩展插件 Windows命令行cmd的空格替换 绕过disable_function汇总 WAF Bypass 命令注入总结 隐藏wifi-ssid获取 · theKingOfNight's Blog crt.sh证书/域名收集 TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993 Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993 sqlmap_bypass_D盾_tamper sqlmap_bypass_安全狗_tamper sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper sqlmap_bypass_云锁_tamper masscan+nmap扫描脚本 PHP解密扩展 linux信息收集/应急响应/常见后门检测脚本 RdpThief-从远程桌面客户端提取明文凭据辅助工具 使用powershell或CMD直接运行命令反弹shell FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令检测 GitHack-.git泄露利用脚本 GitHacker---比GitHack更好用的git泄露利用脚本 SVN源代码泄露全版本Dump源码 多进程批量网站备份文件扫描 Empire|相关文章:后渗透测试神器Empire详解 FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera Zoomeye Tools-一款利用Zoomeye 获取有关当前网页IP地址的各种信息(需要登录) 360 0Kee-Team 的 crawlergo动态爬虫 结合 长亭XRAY扫描器的被动扫描功能 内网神器Xerosploit-娱乐性质(端口扫描|DoS攻击|HTML代码注入|JavaScript代码注入|下载拦截和替换|嗅探攻击|DNS欺骗|图片替换|Web页面篡改|Drifnet) 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo 内网常见渗透工具包 从内存中加载 SHELLCODE bypass AV查杀|twitter示例 流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具 内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】|adduser使用方法 pypykatz-通过python3实现完整的Mimikatz功能(python3.6+) 【windows】Bypassing AV via in-memory PE execution-通过在内存中加载多次XOR后的payload来bypass杀软|作者自建gitlab地址 wafw00f-帮助你快速识别web应用是否使用何种WAF(扫描之前很有用) Linux提取其他用户密码的工具(需要root权限) apache2_BackdoorMod-apache后门模块 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp) 一个简单探测jboss漏洞的工具 一款lcx在golang下的实现-适合内网代理流量到公网,比如阿里云的机器代理到你的公网机器 Cobalt Strike Aggressor 插件包 Erebus-Cobalt Strike后渗透测试插件,包括了信息收集、权限获取、密码获取、痕迹清除等等常见的脚本插件 IP/IP段资产扫描-->扫描开放端口识别运行服务部署网站-->自动化整理扫描结果-->输出可视化报表+整理结果 A script to scan for unsecured Laravel .env files Struts2漏洞扫描Golang版-【特点:单文件、全平台支持、可在webshell下使用】 Shiro<=1.2.4反序列化,一键检测工具|Apache shiro <= 1.2.4 rememberMe 反序列化漏洞利用工具 完整weblogic 漏洞扫描工具修复版 GitHub敏感信息泄露监控 Java安全相关的漏洞和技术demo 在线扫描-网站基础信息获取|旁站|端口扫描|信息泄露 bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统 内网渗透中常用的c#程序整合成cs脚本,直接内存加载 【漏洞库】又一个各种漏洞poc、Exp的收集或编写 内网渗透代理转发利器reGeorg|相关文章:配置reGeorg+Proxifier渗透内网|reGeorg+Proxifier实现内网sock5代理|内网渗透之reGeorg+Proxifier|reGeorg+Proxifier使用 Neo-reGeorg重构的reGeorg get_Team_Pass-获取目标机器上的teamviewerID和密码(你需要具有有效的目标机器账号密码且目标机器445端口可以被访问(开放445端口)) chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK|SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history|ChromePasswords-开源获取chrome密码/cookies工具 java-jdwp远程调试利用|相关文章:jdwp远程调试与安全 社会工程学密码生成器,是一个利用个人信息生成密码的工具 云业CMS(yunyecms)的多处SQL注入审计分析|原文地址|官网下载地址|sqlmap_yunyecms_front_sqli_tamp.py www.flash.cn 的钓鱼页,中文+英文 织梦dedecms全版本漏洞扫描 CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15 Dirble -快速目录扫描和爬取工具【比dirsearch和dirb更快】 RedRabbit - Red Team PowerShell脚本 Pentest Tools Framework - 渗透测试工具集-适用于Linux系统 白鹿社工字典生成器,灵活与易用兼顾。 NodeJsScan-一款转为Nodejs进行静态代码扫描开发的工具 一款国人根据poison ivy重写的远控 NoXss-可配合burpsuite批量检测XSS fofa 采集脚本 java web 压缩文件 安全 漏洞 可以自定义规则的密码字典生成器,支持图形界面 dump lass 工具(绕过/干掉卡巴斯基)|loader.zip下载 GO语言版本的mimikatz-编译后免杀 CVE-2019-0708-批量检测扫描工具 dump lsass的工具|又一个dump lsass的工具 Cobalt Strike插件 - RDP日志取证&清除 xencrypt-一款利用powershell来加密并采用Gzip/DEFLATE来绕过杀软的工具 SessionGopher-一款采用powershell来解密Windows机器上保存的session文件,例如: WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop,支持远程加载和本地加载使用 CVE-2020-0796 Local Privilege Escalation POC-python版本|CVE-2020-0796 Remote Code Execution POC Windows杀软在线对比辅助 递归式寻找域名和api mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户 【Android脱壳】之一键提取APP敏感信息 Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本 通过phpinfo获取cookie突破httponly phpstudy RCE 利用工具 windows GUI版本 WebAliveScan-根据端口快速扫描存活的WEB 扫描可写目录.aspx PC客户端(C-S架构)渗透测试 wsltools-web扫描辅助python库 struts2_check-用于识别目标网站是否采用Struts2框架开发的工具 sharpmimi.exe-免杀版mimikatz thinkPHP代码执行批量检测工具 pypykatz-用纯Python实现的Mimikatz Flux-Keylogger-具有Web面板的现代Javascript键盘记录器 JSINFO-SCAN-递归式寻找域名和api FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架 SRC资产信息聚合网站 Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测 JNDI 注入利用工具【Fastjson、Jackson 等相关漏洞】 各种反弹shell的语句集合页面 解密weblogic AES或DES加密方法 使用 sshLooterC 抓取 SSH 密码|相关文章|本地版本 redis-rogue-server-Redis 4.x/5.x RCE ew-内网穿透(跨平台) xray-weblisten-ui-一款基于GO语言写的Xray 被动扫描管理 SQLEXP-SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据 SRC资产在线管理系统 - Shots luject:可以将动态库静态注入到指定应用程序包的工具,目前支持Android/iPhonsOS/Windows/macOS/Linux|相关文章 CursedChrome:Chrome扩展植入程序,可将受害Chrome浏览器转变为功能齐全的HTTP代理,使你能够以受害人身份浏览网站 pivotnacci:通过HTTP隧道进行Socks连接 PHPFuck-一款适用于php7以上版本的代码混淆|[PHPFuck在线版本 冰蝎 bypass open_basedir 的马 goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理 自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用 xFTP6密码解密 Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具 Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具 BadDNS 是一款使用 Rust 开发的使用公共 DNS 服务器进行多层子域名探测的极速工具 【Android脱壳】XServer是一个用于对方法进行分析的Xposed插件|相关文章:Xposed+XServer无需脱壳抓取加密包|使用xserver对某应用进行不脱壳抓加密包 masscan_to_nmap-基于masscan和nmap的快速端口扫描和指纹识别工具 Evilreg -使用Windows注册表文件的反向Shell (.Reg) Shecodject工具使用python注入shellcode bypass 火絨,360,windows defender Malleable-C2-Profiles-Cobalt Strike的C2隐藏配置文件相关|渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗 AutoRemove-自动卸载360 ligolo:用于渗透时反向隧道连接工具 RMIScout: Java RMI爆破工具 【Android脱壳】FRIDA-DEXDump-【使用Frida来进行Android脱壳】 Donut-Shellcode生成工具 JSP-Webshells集合【2020最新bypass某云检测可用】 one-scan-多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息 ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。 域渗透-Windows hash dump之secretsdump.py|相关文章 WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】 基于实战沉淀下的各种弱口令字典 SpoofWeb:一键部署HTTPS钓鱼站 VpsEnvInstall:一键部署VPS渗透环境 tangalanga:Zoom会议扫描工具 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC Taie-RedTeam-OS-泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统 naiveproxy-一款用C语言编写类似于trojan的代理工具 BrowserGhost-一个抓取浏览器密码的工具,后续会添加更多功能 GatherInfo-渗透测试信息搜集/内网渗透信息搜集 EvilPDF:一款把恶意文件嵌入在 PDF 中的工具 SatanSword-红队综合渗透框架,支持web指纹识别、漏洞PoC检测、批量web信息和端口信息查询、路径扫描、批量JS查找子域名、使用google headless、协程支持、完整的日志回溯 Get-WeChat-DB-获取目标机器的微信数据库和密钥 ThinkphpRCE-支持代理IP池的批量检测Thinkphp漏洞或者日志泄露的py3脚本 fakelogonscreen-伪造(Windows)系统登录页面,截获密码 WMIHACKER-仅135端口免杀横向移动|使用方法以及介绍|横向移动工具WMIHACKER|原文链接 cloud-ranges-部分公有云IP地址范围 sqltools_ch-sqltools2.0汉化增强版 railgun-poc_1.0.1.7-多功能端口扫描/爆破/漏洞利用/编码转换等 dede_funcookie.php-DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 文章/书籍/教程相关 windwos权限维持系列12篇PDF Linux 权限维持之进程注入(需要关闭ptrace) | 在不使用ptrace的情况下,将共享库(即任意代码)注入实时Linux进程中。(不需要关闭ptrace) 44139-mysql-udf-exploitation emlog CMS的代码审计_越权到后台getshell PHPOK 5.3 最新版前台注入 PHPOK 5.3 最新版前台无限制注入(二) Thinkphp5 RCE总结 rConfig v3.9.2 RCE漏洞分析 weiphp5.0 cms审计之exp表达式注入 zzzphp1.7.4&1.7.5到处都是sql注入 FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor zzcms 2019 版本代码审计 利用SQLmap 结合 OOB 技术实现音速盲注 特权提升技术总结之Windows文件服务内核篇(主要是在webshell命令行执行各种命令搜集信息)|(项目留存PDF版本) WellCMS 2.0 Beta3 后台任意文件上传 国外详细的CTF分析总结文章(2014-2017年) 这是一篇“不一样”的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码|原文地址 表达式注入.pdf WordPress ThemeREX Addons 插件安全漏洞深度分析 通达OA文件包含&文件上传漏洞分析 高级SQL注入:混淆和绕过 权限维持及后门持久化技巧总结 Windows常见的持久化后门汇总 Linux常见的持久化后门汇总 CobaltStrike4.0用户手册_中文翻译_3 Cobaltstrike 4.0之 我自己给我自己颁发license.pdf Cobalt Strike 4.0 更新内容介绍 Cobal_Strike_自定义OneLiner cobalt strike 快速上手 [ 一 ] Cobalt strike3.0使用手册 Cobalt_Strike_Spear_Phish_CS邮件钓鱼制作 Remote NTLM relaying through CS 渗透测试神器Cobalt Strike使用教程 Cobalt Strike的teamserver在Windows上快速启动脚本 ThinkPHP v6.0.0_6.0.1 任意文件操作漏洞分析 Django_CVE-2020-9402_Geo_SQL注入分析 CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行 安全狗SQL注入WAF绕过 通过将JavaScript隐藏在PNG图片中,绕过CSP 通达OA任意文件上传_文件包含GetShell 文件上传Bypass安全狗4.0 SQL注入Bypass安全狗4.0 通过正则类SQL注入防御的绕过技巧 MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得 bypass云锁注入测试 360webscan.php_bypass think3.2.3_sql注入分析 UEditor SSRF DNS Rebinding PHP代码审计分段讲解 京东SRC小课堂系列文章 windows权限提升的多种方式|Privilege_Escalation_in_Windows_for_OSCP bypass CSP|Content-Security-Policy(CSP)Bypass_Techniques 个人维护的安全知识框架,内容偏向于web PAM劫持SSH密码 零组资料文库-(需要邀请注册) redis未授权个人总结-Mature NTLM中继攻击的新方法 PbootCMS审计 De1CTF2020系列文章 xss-demo-超级简单版本的XSS练习demo 空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透 入门KKCMS代码审计 SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist 文件上传突破waf总结 极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞|原文地址 代码审计之DTCMS_V5.0后台漏洞两枚 快速判断sql注入点是否支持load_file 文件上传内容检测绕过 Fastjson_=1.2.47反序列化远程代码执行漏洞复现 【Android脱壳】_腾讯加固动态脱壳(上篇) 【Android脱壳】腾讯加固动态脱壳(下篇) 【Android脱壳】记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务 【Android抓包】记一次APP测试的爬坑经历.pdf 完整的内网域渗透-暗月培训之项目六 Android APP渗透测试方法大全 App安全检测指南-V1.0 借github上韩国师傅的一个源码实例再次理解.htaccess的功效 Pentest_Note-渗透Tips,总结了渗透测试常用的工具方法 红蓝对抗之Windows内网渗透-腾讯SRC出品 远程提取Windows中的系统凭证 绕过AMSI执行powershell脚本|AmsiScanBufferBypass-相关项目 踩坑记录-Redis(Windows)的getshell Cobal_Strike踩坑记录-DNS Beacon windows下隐藏webshell的方法 [DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./books/DEDECMS伪随机漏洞分析 (三) 碰撞点.pdf) 说明 此项目所有文章、代码部分来源于互联网,版权归原作者所有,此项目仅供学习参考使用,严禁用于任何非法行为!使用即代表你同意自负责任! About No description, website, or topics provided. Resources Readme License Apache-2.0 License Releases No releases published Languages PowerShell 49.3% Java 33.0% Python 12.7% C 2.2% HTML 0.7% PHP 0.6% Other 1.5%

No description, website, or topics provided.

Recent Articles

Apache Tomcat Exploit Poised to Pounce, Stealing Files
Threatpost • Tara Seals • 23 Mar 2020

A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept (PoC) exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0.
According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for the “Ghostcat,” security bug (tracked as CVE-2020-1938 and first publicly disclosed Feb. 20) reliably allows information disclosure via file retrieval on a vulnerable server – without authe...

Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now
BleepingComputer • Sergiu Gatlan • 02 Mar 2020

Image: Chaitin Tech / vargazs
Ongoing scans for Apache Tomcat servers unpatched against the Ghostcat vulnerability that allows potential attackers to take over servers have been detected over the weekend.
As cyber threat intelligence firm Bad Packets said on Saturday, "mass scanning activity targeting this vulnerability has already begun. PATCH NOW!"
Ghostcat is a high-risk file read/include vulnerability tracked as CVE-2020-1938 and present in the Apache JServ Protocol (AJP) o...

The Register

Microsoft has given admins another busy Patch Tuesday with 129 security vulnerabilities to address.
The Redmond giant has posted fixes for CVE-listed bugs in its latest monthly security update, including 23 that allow for remote code execution. The massive bundle is not entirely unexpected, as security experts have suggested that vendors are still catching up on their patching and reporting routines.
Of the 129 patches this month, 11 were rated by Microsoft as 'critical' security ris...

References

CWE-20http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.htmlhttp://support.blackberry.com/kb/articleDetail?articleNumber=000062739https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e@%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a@%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194@%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425@%3Cnotifications.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7@%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca@%3Cbugs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3@%3Ccommits.tomee.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/03/msg00006.htmlhttps://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/https://security.gentoo.org/glsa/202003-43https://security.netapp.com/advisory/ntap-20200226-0002/https://www.debian.org/security/2020/dsa-4673https://www.debian.org/security/2020/dsa-4680https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952437https://github.com/shaunmclernon/ghostcat-verificationhttps://nvd.nist.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/176562