https://github.com/wangyihang/exploit-framework
:fire: An Exploit framework for Web Vulnerabilities written in Python
https://github.com/wangyihang/exploit-framework
exploit-development exploit-framework exploits vulnerability
Last synced: 2 months ago
JSON representation
:fire: An Exploit framework for Web Vulnerabilities written in Python
- Host: GitHub
- URL: https://github.com/wangyihang/exploit-framework
- Owner: WangYihang
- License: gpl-3.0
- Created: 2017-12-12T17:26:10.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2020-08-01T08:57:06.000Z (almost 5 years ago)
- Last Synced: 2025-04-17T03:54:29.558Z (2 months ago)
- Topics: exploit-development, exploit-framework, exploits, vulnerability
- Language: Python
- Homepage:
- Size: 105 KB
- Stars: 170
- Watchers: 14
- Forks: 53
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Exploit-Framework
[](#backers)
[](#sponsors)
#### Exploits:
|Vendor|Vulnerability|Effected Version|Description|Author|
|:-:|:-:|:-:|:-:|:-:|
|[zblog](https://www.zblogcn.com/zblogphp/)|[NOT_CVE](https://gist.github.com/WangYihang/318020687b7e5f1efb38e9afd40c941b)|<=1.5.1|Zblog Authenticated LFI|[@Shutdown_r](http://www.jianshu.com/u/0876d51c215f)|
|[OpenSNS](http://www.opensns.cn/)|[NOT_CVE](http://0day5.com/archives/4280/)|<=3.31|OpenSNS UnAuthenticated GetShell|[@90sec](https://forum.90sec.org/)|
|[Joomla](https://www.joomla.org/)|[CVE-2015-8562](https://blog.sucuri.net/2015/12/joomla-remote-code-execution-the-details.html)|1.5<3.45|Joomla Header Unauthenticated RCE|[@Andrew McNicol](https://github.com/anarcoder)|
|[Codiad](https://github.com/Codiad/Codiad)|[CVE-2017-11366](https://nvd.nist.gov/vuln/detail/CVE-2017-11366)|<=2.8.3|Codiad Authenticated RCE|[@WangYihang](https://github.com/wangyihang)|
|[Codiad](https://github.com/Codiad/Codiad)|[CVE-2014-9581](https://nvd.nist.gov/vuln/detail/CVE-2014-9581)|<=2.4.3|Codiad Authenticated LFI|[@TaurusOmar](https://www.exploit-db.com/author/?a=7716)|
|[SeaCMS](http://www.seacms.net)|[CVE-2017-17561](https://nvd.nist.gov/vuln/detail/CVE-2017-17561)|<=6.56|SeaCMS Authenticated GetShell|[@WangYihang](https://github.com/wangyihang)|
|[SeaCMS](http://www.seacms.net)|[NOT_CVE](http://0day5.com/archives/4180/)|<=6.28|SeaCMS UnAuthenticated RCE|[@没穿底裤](http://0day5.com/author/1/)|
|[phpMoAdmin](http://www.phpmoadmin.com/)|[CVE-2015-2208](https://www.exploit-db.com/exploits/36251/)|<=1.1.2|phpMoAdmin UnAuthenticated RCE|Unknown|
|[WordPress](https://wordpress.org/)|[CVE-2017-5487](https://www.exploit-db.com/exploits/41497/)|<4.7.1|WordPress Username Enumeration|[@Dctor](https://www.facebook.com/hatbashbr/)|
|[DedeCMS](http://www.dedecms.com/)|[NOT_CVE](http://0day5.com/archives/1349/)|<=5.6|DedeCms recommend.php SQL injection|[@没穿底裤](http://0day5.com/author/1/)|
|[Kernel](https://www.kernel.org/)|[CVE-2016-5195](https://dirtycow.ninja/)|2.6.22<3.9|DirtyC0w Privilege Escalation|[@nowsecure](https://github.com/nowsecure)|
#### Video:
[](https://asciinema.org/a/152418)
#### WIKI:
> https://github.com/WangYihang/Exploit-Framework/wiki
#### Contribution:
> [1. Guidance of writing exploit module](https://github.com/WangYihang/Exploit-Framework/wiki/Contributing-to-Exploit-Framework)
#### TODO:
- [ ] 解析字符串
- [ ] 深层模块化
- [ ] 上下文栈维护
- [ ] 日志
- [ ] 自动补全
- [ ] Exploit 搜索
- [ ] Wiki
- [ ] Exploit 规范
- [ ] 维护 Reverse Shell (结合 Reverse-Shell-Manager)
- [ ] Payload 模块
- [ ] 免杀模块
- [ ] 维护一句话木马 (结合 Webshell-Sniper)
- [ ] 数据库
- [ ] Web 前端
## Contributors
This project exists thanks to all the people who contribute.
## Backers
Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/Exploit-Framework#backer)]
## Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/Exploit-Framework#sponsor)]
