rce

There are 37 repositories under rce topic.

• Mr-xn / Penetration_Testing_POC

  渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

  penetration-testingpocgetshellcsrfpenetration-testing-poccsrf-webshellcvercesql-pocpoc-expbypassoa-getshellcve-cmsphp-bypassthinkphpsql-getshellauthentication-bypasscobalt-strikeexploit
  Language:HTML 6147

• LandGrey / SpringBootVulExploit

  SpringBoot 相关漏洞学习资料，利用方法和技巧合集，黑盒安全评估 check list

  springbootspringboot-actuator-rcercespring-boot-vulnerabilityspringcloudspring-vulnerabilityvulnerabilityspring-actuator-vulnerability
  Language:Java 5512

• zhzyker / vulmap

  Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

  exploitcvercevulnerabilitiescve-2016-4437securitysecurity-toolspentestingpentest-toolcve-2020-14882cve-2020-2555cve-2020-2883scannercve-2020-13942cve-2020-17518cve-2021-21972cve-2021-26855cve-2021-27065cve-2021-21975cve-2021-3129
  Language:Python 3270

• reddelexc / hackerone-reports

  Top disclosed reports from HackerOne

  bugbountycsrfhackeroneidorrcereportssecuritysql-injectionssrfwriteupsxssxxe
  Language:Python 3190

• tarunkant / Gopherus

  This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

  rcessrfmysqlrediszabbixmemcachegophergithub-rcefastcgismtppostgresql
  Language:Python 2664

• JoyChou93 / java-sec-code

  Java web common vulnerabilities and security code which is base on springboot and spring security

  javacodesecurityxxercedeserializetomcatsqlissrfrmicorsjsonpwebspelbenchmark
  Language:Java 2254

• tr0uble-mAker / POC-bomber

  利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

  cveexpgetshellpocpoc-bomberrceredteamvulnerability-scanner
  Language:Python 2114
• pwn_jenkins

  gquere / pwn_jenkins

  Notes about attacking Jenkins servers

  jenkinspentesthackingexploitrce
  Language:Python 1887

• insightglacier / Dictionary-Of-Pentesting

  Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

  pentestingfuzzingbruteforcebugbountydictionarywebsecurityiot-securitypasswordpentestregex-patterndnssubdomaindatabasewifibugbountytipsbughunting-methodologyfingerprintrcespring-bootpayloads
  Language:Shell 1824

• p0dalirius / Awesome-RCE-techniques

  Awesome list of step by step techniques to achieve Remote Code Execution on various apps!

  rceframeworkawesome-listcodeexecutionexploitbugbountycms
  Language:Dockerfile 1802

• JKornev / hidden

  🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

  windowssecuritymalware-analysisregistrydriverkernelrootkitrce
  Language:C 1598

• XiphosResearch / exploits

  Miscellaneous exploit code

  bypassexploitshackingphppocpythonrcesecuritytr-064windows
  Language:Python 1484

• 1N3 / BlackWidow

  A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

  webapplicationscannerosintfuzzerowaspvulnerabilitypythonspiderpassiveactivesqlixsslfirfircecsrfautomatedscanbugbounty
  Language:Python 1457

• pen4uin / java-memshell-generator-release

  一款支持高度自定义的 Java 内存马生成工具

  javamemshellpayloadrcewebshell
  1152

• nemesida-waf / waf-bypass

  Check your WAF before an attacker does

  wafpython3bypasspythonrcexsswaf-bypass-toolapi-security-testinglfinosql-injectionpath-traversalrfisqli-injectiongraphql-injectionsstiwaf-testing
  Language:Python 1098

• n0b0dyCN / redis-rogue-server

  Redis(<=5.0.5) RCE

  rceredis
  Language:C 934

• cn-panda / JavaCodeAudit

  Getting started with java code auditing 代码审计入门的小项目

  vulnerability-analysisssrfjavarcefastjsonjacksonxsssqlcodeweblogic
  Language:JavaScript 840

• klezVirus / CVE-2021-40444

  CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit

  cve-2021-40444mswordoffice0dayrceremote-code-execution
  Language:HTML 780

• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

  rcespring-bootupload-filevulnerability
  Language:Java 649
• SSTImap

  vladko312 / SSTImap

  Automatic SSTI detection tool with interactive interface

  information-securitypenetration-testingpenetration-testing-toolspentestpentest-toolpentestingpentesting-toolspythonrcessti
  Language:Python 645

• GhostTroops / TOP

  TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

  bugbountycveexpexploitpayloadpocrcevulnerability
  Language:Shell 622
• mec

  jm33-m0 / mec

  for mass exploiting

  hacking-toolrceweblogicgoogle-searchbaidu-searchzoomeyemasscanparallelizationexploitspythonadapted-exploitslinuxcensysssh-bruteforceprompt-toolkitmec
  Language:Python 590

• lintstar / About-Attack

  一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集，降低红队技术门槛的手册【持续更新】

  attackattack-defenseredteamredteam-toolsrceintranet-penetrationautomationopensource
  584

• jamf / CVE-2020-0796-RCE-POC

  CVE-2020-0796 Remote Code Execution POC

  cve-2020-0796pocsmbghostremote-code-executionrce
  Language:Python 510

• kraken-ng / Kraken

  Kraken, a modular multi-language webshell coded by @secu_x11

  red-teamsecuritywebshellevasionrce
  Language:Python 496

• Li4n0 / revsuit

  RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

  pentest-toolssrfxxercereverse-connectionbug-bountydnslogoobout-of-band
  Language:Go 488

• Mr-xn / sunlogin_rce

  向日葵 RCE

  sunloginclientrce
  Language:Go 472

• chennqqi / godnslog

  An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

  dnslogxssssrfrcexxerfiwebscanvulnerability
  Language:Go 468

• Dliv3 / redis-rogue-server

  Redis 4.x/5.x RCE

  rceredisredis-rogue-serverredis-unauthorized-accessremote-code-executionssrf
  Language:Python 455

• SummerSec / SpringExploit

  🚀 一款为了学习go而诞生的漏洞利用工具

  springfunctiongorcespelgatwwayspel-rcebigbig-f5
  Language:Go 441

• operatorequals / covertutils

  A framework for Backdoor development!

  agentcryptostegorceshellpythonpentestingpost-exploitationhandlerreverse-shellpayloadsteganographyencryptioncommunication-channelstream
  Language:Python 438

• swisskyrepo / DamnWebScanner

  Another web vulnerabilities scanner, this extension works on Chrome and Opera

  sql-injectionpolyglot-vectorweb-vulnerabilities-scannerpluginextensionwebbrowserxss-vulnerabilityrcelfiscans
  Language:Python 436

• brightio / penelope

  Penelope Shell Handler

  ptyttyctf-toolsrcectfpythonreverse-shellbind-shellshell-handler
  Language:Python 408

• tangxiaofeng7 / SecExample

  JAVA 漏洞靶场 (Vulnerability Environment For Java)

  dockerjavaspringbootxss-vulnerabilityvulnerabilityssrfrcefastjsoncorssqlinjectioncsrf
  Language:HTML 406

• xsscx / Commodity-Injection-Signatures

  Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

  xsshttpheaderpocexploitmaliciousinputrceinjectionjavascripthtmlinjection-signaturesrandomburpsuitefuzzingburp
  Language:HTML 378

• opsxcq / exploit-CVE-2017-7494

  SambaCry exploit and vulnerable container (CVE-2017-7494)

  sambasambacryexploitlinuxrce
  Language:C 369