poc

There are 81 repositories under poc topic.

xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
passive-vulnerability-scanner poc security sqlinjection vulnerability vulnerability-scanner xss
Language:Vue 10256
ysoserial
frohoff / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
deserialization exploit gadget java javadeser jvm poc serialization vulnerability
Language:Java 7651
Mr-xn / Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp
Language:HTML 6520
trickest / cve
Gather and update all available and newest CVEs with their PoC.
cve cve-poc exploit hacking infosec latest-cve penetration-testing pentesting poc red-team security security-tools software-security software-vulnerabilities software-vulnerability vulnerabilities vulnerability
Language:HTML 6454
nomi-sec / PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
cve exploit poc security vulnerability
6419
K8tools
k8gege / K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
0day apt brute-force bypass crack database exploit getshell hacking netscan password pentest poc privilege-escalation scanner
Language:PowerShell 5782
1earn
ffffffff0x / 1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
blueteam collection ctf hacking ics-security infosec linux-learning markdown-article pentest pentest-tool poc post-penetration redteam security security-tools study writeup
Language:C++ 5276
Ladon
k8gege / Ladon
Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange
brute-force exp exploit getshell hack hacking ipscanner ladon netscan password pentest poc portscan scanner security security-scanner security-tools tools
Language:PowerShell 4805
zhzyker / exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
cve-2020-10199 cve-2020-10204 cve-2020-11444 cve-2020-14882 cve-2020-1938 cve-2020-2551 cve-2020-2555 cve-2020-2883 cve-2020-5902 drupal exp exploit getshell nexus poc tomcat vulnerability weblogic webshell
Language:Python 4099
Threekiii / Awesome-POC
一个漏洞POC知识库目前数量 1000+
poc
3462
zan8in / afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
afrog bug-bounty penetration-testing pentest poc red-teaming vulnerability-scanner vulnerability-scanning-tools
Language:Go 3373
qazbnm456 / awesome-cve-poc
✍️ A curated list of CVE PoCs.
awesome cve poc
3292
Notselwyn / CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
cve cve-2024-1086 exploit lpe poc
Language:C 2239
tr0uble-mAker / POC-bomber
利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点
poc vulnerability-scanner poc-bomber cve rce getshell redteam exp
Language:Python 2237
Ascotbe / Medusa
:cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
cobaltstrike cve dnslog email exp mail medusa metasploit-framework payload poc readteam virus xss
Language:Python 2146
LadonGo
k8gege / LadonGo
Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。
bannerscan brute-force detection exploit ftpscan hacktools ms17010 mysqlscan poc portscan scanner security-tools smbscan sshscan
Language:Go 1589
XiphosResearch / exploits
Miscellaneous exploit code
bypass exploits hacking php poc python rce security tr-064 windows
Language:Python 1511
Lucifer1993 / AngelSword
Python3编写的CMS漏洞检测框架
cms vulnerability-scanners poc
Language:Python 1450
jweny / pocassist
傻瓜式漏洞PoC测试框架
poc penetration-testing-poc vulnerability vulnerability-scanners security-tools security cve pocassist
Language:Go 1430
BaizeSec / bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
baize exp poc sec security
Language:HTML 1364
danigargu / CVE-2020-0796
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
coronablue cve-2020-0796 exploit poc smbghost
Language:C 1295
c0ny1 / FastjsonExploit
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
exp exploiting-vulnerabilities fastjson poc
Language:Java 1256
K8CScan
k8gege / K8CScan
K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动
cobalt-strike portscan hacking pentest security exploit getshell poc ftp mssql mysql smb ipc wmi subdomain crack scanner netscan password oracle
Language:Python 1220
tenable / poc
Proof of Concepts
poc
Language:Python 1207
Lucifer1993 / SatanSword
红队综合渗透框架
fingerprinting pentest-tool poc security-tools vulnerability-detection vulnerability-scanners
Language:Python 1159
bit4woo / Fiora
Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。
burp-extensions fiora nuclei nuclei-gui poc
Language:Java 1135
1n7erface / PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
poc alibaba-nacos jar
Language:Java 1080
1n7erface / Template
Next generation RedTeam heuristic intranet scanning | 下一代RedTeam启发式内网扫描
poc scanner security-tools
1052
arthepsy / CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
cve cve-2021-4034 poc
Language:C 1046
Puliczek / CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
security exploit log4j hacking cybersecurity writeups bugbounty cve pentest payload red-team bugbounttips bugbounty-writeups security-writeups pentesting cve-2021-44228 cve-2021-45046 cve-2021-45105 poc
Language:Java 932
ycdxsb / PocOrExp_in_Github
Automatically Collect POC or EXP from GitHub by CVE ID. If you are unable to find the POC/EXP on GitHub, you can also check here: https://pocorexps.nsa.im/
cve exploit poc vulnerabilities
Language:Python 906
Puliczek / awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
blue-team bugbounttips bugbounty cve-2021-44228 cybersecurity exploit log4j pentesting poc red-team security security-writeups writeups
862
tenable / routeros
RouterOS Security Research Tooling and Proof of Concepts
poc routeros bughunting honeypot scanner exploits
Language:C++ 862
100apps / charles-hacking
Hacking Charles Web Debugging Proxy
do-not-use-in-production just-for-learn poc
827
bigblackhat / oFx
漏洞批量验证框架
cve exploit poc scanner verify-framework vulnerability vulnerability-scanners
Language:Python 798
thezdi / PoC
Proofs-of-concept
advantech cve-2016-0856 exploit poc proof-of-concept research rpc scada vulnerability zdi
Language:C++ 751

poc

chaitin / xray

frohoff / ysoserial

Mr-xn / Penetration_Testing_POC

trickest / cve

nomi-sec / PoC-in-GitHub

k8gege / K8tools

ffffffff0x / 1earn

k8gege / Ladon

zhzyker / exphub

Threekiii / Awesome-POC

zan8in / afrog

qazbnm456 / awesome-cve-poc

Notselwyn / CVE-2024-1086

tr0uble-mAker / POC-bomber

Ascotbe / Medusa

k8gege / LadonGo

XiphosResearch / exploits

Lucifer1993 / AngelSword

jweny / pocassist

BaizeSec / bylibrary

danigargu / CVE-2020-0796

c0ny1 / FastjsonExploit

k8gege / K8CScan

tenable / poc

Lucifer1993 / SatanSword

bit4woo / Fiora

1n7erface / PocList

1n7erface / Template

arthepsy / CVE-2021-4034

Puliczek / CVE-2021-44228-PoC-log4j-bypass-words

ycdxsb / PocOrExp_in_Github

Puliczek / awesome-list-of-secrets-in-environment-variables

tenable / routeros

100apps / charles-hacking

bigblackhat / oFx

thezdi / PoC