Ravindra lahara's repositories
AndroidSecNotes
Self curated notes related to android application security.
pwn_jenkins
Notes about attacking Jenkins servers
AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
CloudPentestCheatsheets
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
CVE-2021-26855
CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. According to Orange Tsai, the researcher who discovered the vulnerabilities, CVE-2021-26855 allows code execution when chained with CVE-2021-27065 (see below). A successful exploit chain would allow an unauthenticated attacker to "execute arbitrary commands on Microsoft Exchange Server through only an open 443 port." More information and a disclosure timeline are available at https://proxylogon.com.
CVE-2021-26855-SSRF
This script helps to identify CVE-2021-26855 ssrf Poc
FuzzingTool
Software for fuzzing, used on web application pentestings.
Guide-to-SSRF
Guide to SSRF
Penetration_Testing_POC
有关渗透测试的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
public-pentesting-reports
Curated list of public penetration test reports released by several consulting firms and academic security groups
security_resources
Collection of online security resources
vulnerability-rating-taxonomy
Bugcrowd’s baseline priority ratings for common security vulnerabilities
petereport
PeTeReport is an open-source application vulnerability reporting tool.