poc

There are 56 repositories under poc topic.

xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
security vulnerability vulnerability-scanner passive-vulnerability-scanner xss sqlinjection poc
Language:Vue 7852
frohoff / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
java deserialization gadget exploit javadeser jvm serialization poc vulnerability
Language:Java 6040
Mr-xn / Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp
Language:PowerShell 4994
K8tools
k8gege / K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
exploit apt 0day poc getshell pentest hacking scanner privilege-escalation bypass crack netscan brute-force password database
Language:PowerShell 4944
1earn
ffffffff0x / 1earn
暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
markdown-article linux-learning pentest study security collection blueteam redteam post-penetration ics-security writeup pentest-tool poc ctf security-tools infosec hacking
Language:C++ 4222
trickest / cve
Gather and update all available and newest CVEs with their PoC.
poc cve cve-poc latest-cve vulnerability vulnerabilities software-vulnerabilities software-security exploit security infosec hacking pentesting penetration-testing red-team security-tools software-vulnerability
Language:HTML 3983
zhzyker / exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
weblogic tomcat exploit poc vulnerability exp webshell drupal getshell nexus cve-2020-10199 cve-2020-2555 cve-2020-11444 cve-2020-10204 cve-2020-1938 cve-2020-2883 cve-2020-2551 cve-2020-5902 cve-2020-14882
Language:Python 3667
Ladon
k8gege / Ladon
Ladon modular hacking framework penetration scanner & Cobalt strike, Ladon 10.1 has 180 built-in modules, including information collection / surviving host / port scanning / service identification / password blasting / vulnerability detection / vulnerability utilization. Vulnerability detection includes ms17010 / smbghost / Weblogic / ActiveMQ
scanner portscan pentest hacking security security-tools security-scanner poc getshell brute-force password netscan tools hack exp ladon ipscanner exploit
Language:C# 3662
qazbnm456 / awesome-cve-poc
✍️ A curated list of CVE PoCs.
awesome cve poc
3041
Ascotbe / Medusa
:cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
poc exp payload medusa cve xss readteam dnslog virus email cobaltstrike metasploit-framework mail
Language:Python 1769
tr0uble-mAker / POC-bomber
利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点
poc vulnerability-scanner poc-bomber cve rce getshell fuzzing redteam exp
Language:Python 1459
Lucifer1993 / AngelSword
Python3编写的CMS漏洞检测框架
cms poc vulnerability-scanners
Language:Python 1379
XiphosResearch / exploits
Miscellaneous exploit code
bypass exploits hacking php poc python rce security tr-064 windows
Language:Python 1367
danigargu / CVE-2020-0796
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
coronablue cve-2020-0796 exploit poc smbghost
Language:C 1229
jweny / pocassist
全新的漏洞测试框架，支持poc在线编辑、运行、批量测试。使用文档：
cve penetration-testing-poc poc pocassist security security-tools vulnerability vulnerability-scanners
Language:Go 1223
zan8in / afrog
A Vulnerability Scanning Tools For Penetration Testing
afrog penetration-testing poc tools vulnerability-scanner vulnerability-scanning-tools
Language:Go 1217
LadonGo
k8gege / LadonGo
LadonGO 4.2 Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。
bannerscan brute-force detection exploit ftpscan hacktools ms17010 mysqlscan poc portscan scanner security-tools smbscan sshscan
Language:Go 1155
tenable / poc
Proof of Concepts
poc
Language:Python 1085
1n7erface / PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
poc alibaba-nacos jar
Language:Java 1002
Lucifer1993 / SatanSword
红队综合渗透框架
vulnerability-scanners security-tools fingerprinting poc pentest-tool vulnerability-detection
Language:Python 995
BaizeSec / bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
baize sec poc exp security
Language:HTML 982
K8CScan
k8gege / K8CScan
K8Cscan大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动
cobalt-strike portscan hacking pentest security exploit getshell poc ftp mssql mysql smb ipc wmi subdomain crack scanner netscan password oracle
Language:Python 969
c0ny1 / FastjsonExploit
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
fastjson exploiting-vulnerabilities exp poc
Language:Java 943
arthepsy / CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
cve cve-2021-4034 poc
Language:C 941
Puliczek / CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
security exploit log4j hacking cybersecurity writeups bugbounty cve pentest payload red-team bugbounttips bugbounty-writeups security-writeups pentesting cve-2021-44228 cve-2021-45046 cve-2021-45105 poc
Language:Java 874
lyshark / Windows-exploits
Windows 平台提权漏洞大合集，长期收集各种提权漏洞利用工具。 A large collection of rights raising vulnerabilities on the windows platform, which collects various rights raising vulnerability utilization tools for a long time.
exploit poc windows windows10 cve ms windows-11 windows7-8 windowsxp
840
100apps / charles-hacking
Hacking Charles Web Debugging Proxy
do-not-use-in-production just-for-learn poc
797
Puliczek / awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
security exploit log4j cybersecurity poc pentesting writeups bugbounty red-team blue-team security-writeups cve-2021-44228 bugbounttips
784
tenable / routeros
RouterOS Security Research Tooling and Proof of Concepts
bughunting exploits honeypot poc routeros scanner
Language:C++ 772
bit4woo / Fiora
Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。
nuclei poc nuclei-gui burp-extensions fiora
Language:Java 735
Threekiii / Awesome-POC
一个各类漏洞POC知识库
poc vulnerability
734
thezdi / PoC
Proofs-of-concept
cve-2016-0856 zdi poc proof-of-concept vulnerability advantech scada exploit research rpc
Language:C++ 661
vulscanteam / vulscan
vulscan 扫描系统：最新的poc&exp漏洞扫描，redis未授权、敏感文件、java反序列化、tomcat命令执行及各种未授权扫描等...
vulscan webscan poc pocscanner webscanner pocscan vulnerability vulnerability-scanners vulnerability-databases vulnerability-scanning vulnerability-database-entry exploitation-framework exploit-databa sesecurity-vulnerability security-tools scanner-web
Language:Python 587
StarCrossPortal / scalpel
scalpel是一款命令行漏洞扫描工具，支持深度参数注入，拥有一个强大的数据解析和变异算法，可以将常见的数据格式（json, xml, form等）解析为树结构，然后根据poc中的规则，对树进行变异，包括对叶子节点和树结构的变异。变异完成之后，将树结构还原为原始的数据格式。原理：https://mp.weixin.qq.com/s/U_llBwC05vb84U9wb8NZog
cve exploits fuzzing poc scanner vulnerabilities vulnerability
585
CHYbeta / cmsPoc
CMS渗透测试框架-A CMS Exploit Framework
security poc cms phpcms discuzx drupal
Language:Python 573
ycdxsb / PocOrExp_in_Github
聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
cve exploit poc vulnerabilities
Language:Python 573

poc

chaitin / xray

frohoff / ysoserial

Mr-xn / Penetration_Testing_POC

k8gege / K8tools

ffffffff0x / 1earn

trickest / cve

zhzyker / exphub

k8gege / Ladon

qazbnm456 / awesome-cve-poc

Ascotbe / Medusa

tr0uble-mAker / POC-bomber

Lucifer1993 / AngelSword

XiphosResearch / exploits

danigargu / CVE-2020-0796

jweny / pocassist

zan8in / afrog

k8gege / LadonGo

tenable / poc

1n7erface / PocList

Lucifer1993 / SatanSword

BaizeSec / bylibrary

k8gege / K8CScan

c0ny1 / FastjsonExploit

arthepsy / CVE-2021-4034

Puliczek / CVE-2021-44228-PoC-log4j-bypass-words

lyshark / Windows-exploits

100apps / charles-hacking

Puliczek / awesome-list-of-secrets-in-environment-variables

tenable / routeros

bit4woo / Fiora

Threekiii / Awesome-POC

thezdi / PoC

vulscanteam / vulscan

StarCrossPortal / scalpel

CHYbeta / cmsPoc

ycdxsb / PocOrExp_in_Github