CatCara's repositories
kscan
Kscan是一款纯go开发的轻量级的资产发现工具,可针对指定IP段、资产清单、存活网段自动化进行端口扫描以及TCP指纹识别和Banner抓取,在不发送更多的数据包的情况下尽可能的获取端口更多信息。并且能够针对扫描结果进行自动化暴力破解,且是go平台首款开源的RDP暴力破解工具。
Yasso
强大的内网渗透辅助工具集-让Yasso像风一样
CVE-2020-11978
PoC of how to exploit a RCE vulnerability of the example DAGs in Apache Airflow <1.10.11
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Impost3r
👻Impost3r -- A linux password thief
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
super-guacamole
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc html-poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql
GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
phpstudy
XSS Vulnerability
bashbunny-payloads
The Official Bash Bunny Payload Repository
AwesomeXSS
Awesome XSS stuff
PHP-Parser
A PHP parser written in PHP
XSStrike
Most advanced XSS scanner.
weevely3
Weaponized web shell
CVE-2019-9978
CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)
MYSQL_SQL_BYPASS_WIKI
mysql注入,bypass的一些心得
gitlab-SSRF-redis-RCE
GitLab 11.4.7 SSRF配合redis远程执行代码
sudo_inject
[Linux] Two Privilege Escalation techniques abusing sudo token
exploits
Some of my exploits.
CVE-2019-3396_EXP
CVE-2019-3396 confluence SSTI RCE
MacPass
A native OS X KeePass client
RW_Password
此项目用来提取收集以往泄露的密码中符合条件的强弱密码
linux-kernel-exploits
linux-kernel-exploits Linux平台提权漏洞集合
Rails-doubletap-RCE
RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
CVE-2019-5786
FileReader Exploit
top-500-username
看见一个top 500的用户名字典,觉得还可以,因为是中文,所以搞了了很low的脚本转换一下。
Drupalgeddon2
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)