ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
usage:
python ProxyLogon.py --host=exchange.com --mail=admin@exchange.com
python ProxyLogon.py --host=exchange.com --mails=./mails.txt
args:
--host: target's address.
--mail: exists user's mail.
--mails: mails file.
This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.
CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Than
noPac Exploiting CVE-2021-42278 and CVE-2021-42287 原项目noPac在实现上可能有点问题,导致在本地没有打通,于是参考sam-the-admin项目进行修改。 使用 pip3 install -r requirements.txt # GetShel
🐸 Kramer 🐸 Kramer is a next level obfuscation tool written in Python3 allowing you to obfuscate your Python3 code easily and securely. It uses Berse
pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where
scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined
CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972
pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER
shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr
pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509
CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri
log4shell_finder Python port of https://github.com/mergebase/log4j-detector log4j-detector is copyright (c) 2021 - MergeBase Software Inc. https://mer
tinyman_exploit_finder There was a big tinyman exploit. You can read about it he
介绍 工具介绍 这是一款致力于将各类优秀脚本集合在一起调用、联动,最终可形成超级渗透脚本的工具。目的是扫描到更全的资产信息,发现更多的漏洞利用。但是这是通过牺牲扫描速度来提升扫描广度的。所以不太适合要进行紧急信息收集和漏洞利用的情况。
Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu
Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f
Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.
PreviewGram is for users that wants get a more private experience with the Telegram's Channel.
pybox A proof-of-concept bare-bones container written in 50 lines of python code. Provides namespace isolation and resource limit control Usage Insta
3 Feb 03, 2022
5 Nov 08, 2022
263 Jan 01, 2023
2 Jun 23, 2022
114 Dec 26, 2022
795 Dec 29, 2022
1 Dec 21, 2021
210 Dec 31, 2022
1 Jan 05, 2022
1 Nov 03, 2021
70 Jun 21, 2022
23 Dec 02, 2022
33 Jan 04, 2023
9 Dec 27, 2022
23 Jul 05, 2022
368 Jan 04, 2023
153 Nov 09, 2022
1 Nov 10, 2021
1 Sep 25, 2022
5 Jun 03, 2021