Inject everything!
Vacuna is a little library to provide dependency management for your python code.
pip install vacuna
import vacuna
container = vacuna.Container()
@container.dependency(name='app')
class App:
def run(self):
print('very important computation')
@container.dependency()
def main(app):
app.run()
if __name__ == '__main__':
container.run(main)
CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Conflue
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.
Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta
logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http
Blind SQL Injection I wrote this script to solve PortSwigger Web Security Academy's particular Blind SQL injection with conditional responses lab. Bec
CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V
This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.
CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s
Analysis of Virtualization-based Obfuscation This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We
OSINT cli tool skeleton Template for new OSINT command-line tools. Press button "Use this template" to generate your own tool repository. See INSTALL.
CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R
Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.
AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea
CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV
log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=
pyew Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE
yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log
CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */
Malware Arcane Repository of notes and scripts I use when doing malware analysis
Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,
Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is
Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t
AutoScanner AutoScanner是什么 AutoScanner是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告; 工具目前有:oneforall、masscan、nmap、crawlergo、dirse
noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel
Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.
OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun
15 Sep 23, 2022
2 Nov 9, 2022
3 Nov 16, 2021
9 Dec 30, 2022
67 Oct 25, 2022
2 Oct 29, 2022
9 Aug 31, 2022
32 Nov 5, 2022
2 Feb 15, 2022
133 Dec 18, 2022
36 Dec 20, 2022
104 Dec 08, 2022
1 Feb 07, 2022
58 Dec 05, 2022
43 Nov 09, 2022
1 Jun 30, 2022
362 Nov 28, 2022
1 Jan 31, 2022
81 Dec 12, 2022
9 Jun 01, 2022
4 Dec 07, 2021
1 Oct 22, 2021
46 Nov 12, 2022
2 Jun 23, 2022
3 Feb 10, 2022
5 May 18, 2022
47 Nov 09, 2022
12 Dec 17, 2022