An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Soon...
https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
Springboot directory scanning
GetMail 利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。
PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host
CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in
😭 WSOB (CVE-2022-29464) 😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464. CVE-2022-29464 details:
webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co
CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R
Vacuum-Cleaner Python3 This is a Python3 agent that implements a simulator for a vacuum cleaner and it is introduction to Artificial Intelligence. A s
hash-cracker hash cracker is a multi-functional and compact...hash cracking tool...that supports dictionary attacks against three kinds of hashes: md5
xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.
OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the --proxi
privateRoom Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin STEPS: Uploa
CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C
log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Overview
brute_smb_share I wrote this small PoC after bumping into SMB servers where Hydr
r2flutch Yet another tool to decrypt iOS apps using r2frida. Requirements It requires to install Frida on the Jailbroken iOS device: Jailbroken device
Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi
log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址
log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari
IronNet Threat Research 🕵️ Overview This repository contains IronNet's Threat Research. Research & Reporting 📝 Project Description Cobalt Strike Res
87 Dec 28, 2022
[email protected]">
388 Dec 27, 2022
3 Mar 25, 2022
295 Jan 06, 2023
25 Oct 14, 2022
396 Jan 08, 2023
104 Dec 08, 2022
6 Nov 14, 2022
3 Feb 22, 2022
809 Dec 26, 2022
408 Jan 03, 2023
3 Nov 08, 2022
17 Dec 22, 2022
171 Dec 25, 2022
3 Feb 21, 2022
146 Jan 03, 2023
1 Nov 02, 2022
5 Dec 10, 2021
5 Sep 12, 2022
36 Dec 02, 2022