poc

There are 79 repositories under poc topic.

xray
chaitin / xray
一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
passive-vulnerability-scanner poc security sqlinjection vulnerability vulnerability-scanner xss
Language:Vue 9710
ysoserial
frohoff / ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
java deserialization gadget exploit javadeser jvm serialization poc vulnerability
Language:Java 7334
Mr-xn / Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp
Language:HTML 6174
trickest / cve
Gather and update all available and newest CVEs with their PoC.
poc cve cve-poc latest-cve vulnerability vulnerabilities software-vulnerabilities software-security exploit security infosec hacking pentesting penetration-testing red-team security-tools software-vulnerability
Language:HTML 6107
nomi-sec / PoC-in-GitHub
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
5988
K8tools
k8gege / K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
exploit apt 0day poc getshell pentest hacking scanner privilege-escalation bypass crack netscan brute-force password database
Language:PowerShell 5639
1earn
ffffffff0x / 1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
markdown-article linux-learning pentest study security collection blueteam redteam post-penetration ics-security writeup pentest-tool poc ctf security-tools infosec hacking
Language:C++ 5084
Ladon
k8gege / Ladon
Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 12.2内置262个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange
brute-force exp exploit getshell hack hacking ipscanner ladon netscan password pentest poc portscan scanner security security-scanner security-tools tools
Language:PowerShell 4602
zhzyker / exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本，最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
weblogic tomcat exploit poc vulnerability exp webshell drupal getshell nexus cve-2020-10199 cve-2020-2555 cve-2020-11444 cve-2020-10204 cve-2020-1938 cve-2020-2883 cve-2020-2551 cve-2020-5902 cve-2020-14882
Language:Python 4027
qazbnm456 / awesome-cve-poc
✍️ A curated list of CVE PoCs.
awesome cve poc
3235
Threekiii / Awesome-POC
一个漏洞POC知识库
poc
2891
zan8in / afrog
A Security Tool for Bug Bounty, Pentest and Red Teaming.
afrog bug-bounty penetration-testing pentest poc red-teaming vulnerability-scanner vulnerability-scanning-tools
Language:Go 2836
tr0uble-mAker / POC-bomber
利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点
cve exp getshell poc poc-bomber rce redteam vulnerability-scanner
Language:Python 2127
Ascotbe / Medusa
:cat2:Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中
poc exp payload medusa cve xss readteam dnslog virus email cobaltstrike metasploit-framework mail
Language:Python 2100
Notselwyn / CVE-2024-1086
Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
cve exploit lpe poc cve-2024-1086
Language:C 1916
LadonGo
k8gege / LadonGo
Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透，使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost，远程执行SSH/Winrm，密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis，端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机，端口扫描服务识别PortScan。
scanner portscan smbscan sshscan mysqlscan ftpscan bannerscan ms17010 brute-force detection exploit poc hacktools security-tools
Language:Go 1530
XiphosResearch / exploits
Miscellaneous exploit code
exploits python poc rce php security hacking windows bypass tr-064
Language:Python 1483
Lucifer1993 / AngelSword
Python3编写的CMS漏洞检测框架
cms vulnerability-scanners poc
Language:Python 1440
jweny / pocassist
傻瓜式漏洞PoC测试框架
poc penetration-testing-poc vulnerability vulnerability-scanners security-tools security cve pocassist
Language:Go 1395
BaizeSec / bylibrary
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
baize sec poc exp security
Language:HTML 1297
danigargu / CVE-2020-0796
CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
cve-2020-0796 smbghost poc exploit coronablue
Language:C 1292
tenable / poc
Proof of Concepts
poc
Language:Python 1187
K8CScan
k8gege / K8CScan
K8Ladon大型内网渗透自定义插件化扫描神器，包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用，程序采用多线程批量扫描大型内网多个IP段C段主机，目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本，支持Cobalt Strike联动
cobalt-strike portscan hacking pentest security exploit getshell poc ftp mssql mysql smb ipc wmi subdomain crack scanner netscan password oracle
Language:Python 1178
c0ny1 / FastjsonExploit
Fastjson vulnerability quickly exploits the framework（fastjson漏洞快速利用框架）
exp exploiting-vulnerabilities fastjson poc
Language:Java 1166
Lucifer1993 / SatanSword
红队综合渗透框架
fingerprinting pentest-tool poc security-tools vulnerability-detection vulnerability-scanners
Language:Python 1147
1n7erface / PocList
Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE
poc alibaba-nacos jar
Language:Java 1081
bit4woo / Fiora
Fiora：漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行，也可作为burp插件使用。
nuclei poc nuclei-gui burp-extensions fiora
Language:Java 1049
arthepsy / CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
cve cve-2021-4034 poc
Language:C 1022
1n7erface / Template
Next generation RedTeam heuristic intranet scanning | 下一代RedTeam启发式内网扫描
scanner security-tools poc
998
Puliczek / CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
bugbounttips bugbounty bugbounty-writeups cve cve-2021-44228 cve-2021-45046 cve-2021-45105 cybersecurity exploit hacking log4j payload pentest pentesting poc red-team security security-writeups writeups
Language:Java 925
Puliczek / awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
security exploit log4j cybersecurity poc pentesting writeups bugbounty red-team blue-team security-writeups cve-2021-44228 bugbounttips
849
tenable / routeros
RouterOS Security Research Tooling and Proof of Concepts
poc routeros bughunting honeypot scanner exploits
Language:C++ 845
ycdxsb / PocOrExp_in_Github
聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.
cve exploit poc vulnerabilities
Language:Python 828
100apps / charles-hacking
Hacking Charles Web Debugging Proxy
do-not-use-in-production just-for-learn poc
827
thezdi / PoC
Proofs-of-concept
cve-2016-0856 zdi poc proof-of-concept vulnerability advantech scada exploit research rpc
Language:C++ 739
bigblackhat / oFx
漏洞批量验证框架
cve exploit poc scanner verify-framework vulnerability vulnerability-scanners
Language:Python 738

poc

chaitin / xray

frohoff / ysoserial

Mr-xn / Penetration_Testing_POC

trickest / cve

nomi-sec / PoC-in-GitHub

k8gege / K8tools

ffffffff0x / 1earn

k8gege / Ladon

zhzyker / exphub

qazbnm456 / awesome-cve-poc

Threekiii / Awesome-POC

zan8in / afrog

tr0uble-mAker / POC-bomber

Ascotbe / Medusa

Notselwyn / CVE-2024-1086

k8gege / LadonGo

XiphosResearch / exploits

Lucifer1993 / AngelSword

jweny / pocassist

BaizeSec / bylibrary

danigargu / CVE-2020-0796

tenable / poc

k8gege / K8CScan

c0ny1 / FastjsonExploit

Lucifer1993 / SatanSword

1n7erface / PocList

bit4woo / Fiora

arthepsy / CVE-2021-4034

1n7erface / Template

Puliczek / CVE-2021-44228-PoC-log4j-bypass-words

Puliczek / awesome-list-of-secrets-in-environment-variables

tenable / routeros

ycdxsb / PocOrExp_in_Github

100apps / charles-hacking

thezdi / PoC

bigblackhat / oFx