Projects in Awesome Lists tagged with rce
A curated list of projects in awesome lists tagged with rce .
https://github.com/mr-xn/penetration_testing_poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp
Last synced: 27 Mar 2025
https://github.com/Mr-xn/Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp
Last synced: 13 Mar 2025
https://github.com/k8gege/k8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
0day brute-force bypass crack database exp exploit getshell hacking lpe netscan password pentest poc privilege-escalation rce scanner
Last synced: 13 May 2025
https://github.com/landgrey/springbootvulexploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
rce spring-actuator-vulnerability spring-boot-vulnerability spring-vulnerability springboot springboot-actuator-rce springcloud vulnerability
Last synced: 14 May 2025
https://github.com/LandGrey/SpringBootVulExploit
SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
rce spring-actuator-vulnerability spring-boot-vulnerability spring-vulnerability springboot springboot-actuator-rce springcloud vulnerability
Last synced: 21 Nov 2024
https://github.com/zhzyker/vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
cve cve-2016-4437 cve-2020-13942 cve-2020-14882 cve-2020-17518 cve-2020-2555 cve-2020-2883 cve-2021-21972 cve-2021-21975 cve-2021-26855 cve-2021-27065 cve-2021-3129 exploit pentest-tool pentesting rce scanner security security-tools vulnerabilities
Last synced: 15 May 2025
https://github.com/tarunkant/gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
fastcgi github-rce gopher memcache mysql postgresql rce redis smtp ssrf zabbix
Last synced: 15 May 2025
https://github.com/tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
fastcgi github-rce gopher memcache mysql postgresql rce redis smtp ssrf zabbix
Last synced: 02 Apr 2025
https://github.com/tr0uble-maker/poc-bomber
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
cve exp getshell poc poc-bomber rce redteam vulnerability-scanner
Last synced: 15 May 2025
https://github.com/tr0uble-mAker/POC-bomber
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
cve exp getshell poc poc-bomber rce redteam vulnerability-scanner
Last synced: 21 Nov 2024
https://github.com/insightglacier/dictionary-of-pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi
Last synced: 05 Apr 2025
https://github.com/insightglacier/Dictionary-Of-Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
bruteforce bugbounty bugbountytips bughunting-methodology database dictionary dns fingerprint fuzzing iot-security password payloads pentest pentesting rce regex-pattern spring-boot subdomain websecurity wifi
Last synced: 21 Nov 2024
https://github.com/jkornev/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
driver kernel malware-analysis rce registry rootkit security windows
Last synced: 15 May 2025
https://github.com/1n3/blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss
Last synced: 13 Apr 2025
https://github.com/1N3/BlackWidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
active application automated bugbounty csrf fuzzer lfi osint owasp passive python rce rfi scan scanner spider sqli vulnerability web xss
Last synced: 30 Mar 2025
https://github.com/nemesida-waf/waf-bypass
Check your WAF before an attacker does
api-security-testing bypass graphql-injection lfi nosql-injection path-traversal python python3 rce rfi sqli-injection ssti waf waf-bypass-tool waf-testing xss
Last synced: 14 May 2025
https://github.com/klezvirus/cve-2021-40444
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
0day cve-2021-40444 msword office rce remote-code-execution
Last synced: 23 Mar 2025
https://github.com/klezVirus/CVE-2021-40444
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
0day cve-2021-40444 msword office rce remote-code-execution
Last synced: 27 Mar 2025
https://github.com/vladko312/SSTImap
Automatic SSTI detection tool with interactive interface
information-security penetration-testing penetration-testing-tools pentest pentest-tool pentesting pentesting-tools python rce ssti
Last synced: 18 Apr 2025
https://github.com/landgrey/spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
rce spring-boot upload-file vulnerability
Last synced: 05 Apr 2025
https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
rce spring-boot upload-file vulnerability
Last synced: 21 Nov 2024
https://github.com/jm33-m0/mec
for mass exploiting
adapted-exploits baidu-search censys exploits google-search hacking-tool linux masscan mec parallelization prompt-toolkit python rce ssh-bruteforce weblogic zoomeye
Last synced: 04 Apr 2025
https://github.com/lintstar/About-Attack
一个旨在通过应用场景 / 标签对 Github 红队向工具 / 资源进行分类收集,降低红队技术门槛的手册【持续更新】
attack attack-defense automation intranet-penetration opensource rce redteam redteam-tools
Last synced: 21 Nov 2024
https://github.com/dliv3/redis-rogue-server
Redis 4.x/5.x RCE
rce redis redis-rogue-server redis-unauthorized-access remote-code-execution ssrf
Last synced: 05 Apr 2025
https://github.com/jamf/CVE-2020-0796-RCE-POC
CVE-2020-0796 Remote Code Execution POC
cve-2020-0796 poc rce remote-code-execution smbghost
Last synced: 02 Jan 2025
https://github.com/Dliv3/redis-rogue-server
Redis 4.x/5.x RCE
rce redis redis-rogue-server redis-unauthorized-access remote-code-execution ssrf
Last synced: 21 Nov 2024
https://github.com/Li4n0/revsuit
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
bug-bounty dnslog oob out-of-band pentest-tool rce reverse-connection ssrf xxe
Last synced: 21 Nov 2024
https://github.com/Whoopsunix/JavaRce
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
command expression inject java jdbc jndi memshell rce rceecho rmi serialization vul
Last synced: 04 Apr 2025
https://github.com/chennqqi/godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
dnslog rce rfi ssrf vulnerability webscan xss xxe
Last synced: 05 Apr 2025
https://github.com/swisskyrepo/damnwebscanner
Another web vulnerabilities scanner, this extension works on Chrome and Opera
extension lfi plugin polyglot-vector rce scans sql-injection web-vulnerabilities-scanner webbrowser xss-vulnerability
Last synced: 05 Apr 2025
https://github.com/swisskyrepo/DamnWebScanner
Another web vulnerabilities scanner, this extension works on Chrome and Opera
extension lfi plugin polyglot-vector rce scans sql-injection web-vulnerabilities-scanner webbrowser xss-vulnerability
Last synced: 21 Nov 2024
https://github.com/operatorequals/covertutils
A framework for Backdoor development!
agent communication-channel crypto encryption handler payload pentesting post-exploitation python rce reverse-shell shell steganography stego stream
Last synced: 29 Mar 2025
https://github.com/pen4uin/java-echo-generator
一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.
echo-response java payload rce
Last synced: 16 May 2025
https://github.com/brightio/penelope
Penelope Shell Handler
bind-shell ctf ctf-tools pty python rce reverse-shell shell-handler tty
Last synced: 21 Nov 2024
https://github.com/tangxiaofeng7/SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
cors csrf docker fastjson java rce springboot sqlinjection ssrf vulnerability xss-vulnerability
Last synced: 21 Nov 2024
https://github.com/xsscx/commodity-injection-signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
burp burpsuite exploit fuzzing header html http injection injection-signatures input javascript malicious poc random rce xss
Last synced: 05 Apr 2025
https://github.com/xsscx/Commodity-Injection-Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
burp burpsuite exploit fuzzing header html http injection injection-signatures input javascript malicious poc random rce xss
Last synced: 21 Nov 2024
https://github.com/safebreach-labs/sireprat
Remote Command Execution as SYSTEM on Windows IoT Core (releases available for Python2.7 & Python3)
exploit iot-core raspberry-pi raspberrypi rce windows-iot
Last synced: 06 Apr 2025
https://github.com/hktalent/spring-spel-0day-poc
spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963
0day cve-2022-22963 exp java poc rce spel spring spring-cloud-function
Last synced: 06 Apr 2025
https://github.com/aabysszg/docker-tcp-scan
旨在以攻促防,针对Docker TCP socket的开源利用工具
cloud-security cybersecurity cybersecurity-education docker docker-remote-api rce
Last synced: 05 Apr 2025
https://github.com/pikpikcu/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
bugbounty bugbounty-tool check-subdomains cors cors-scanner lfi rce recon scanners sqli ssrf subdomain-enumeration takeover-subdomain xss-scanner xss-vulnerability
Last synced: 21 Nov 2024
https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
cve cve-2019-1003000 exploit groovy information-security jenkins poc rce security security-1266
Last synced: 06 Apr 2025
https://github.com/leonjza/log4jpwn
log4j rce test environment and poc
cve-2021-44228 log4j log4shell rce
Last synced: 07 Apr 2025
https://github.com/petercunha/jenkins-rce
:smiling_imp: Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!
exploit hacking jenkins orangetw rce unauthenticated
Last synced: 09 Apr 2025
https://github.com/XiphosResearch/netelf
Run executables from memory, over the network, on Windows, Linux, OpenVMS... routers... spaceships... toasters etc.
dll hacking in-memory linux memfd openvms rce remote-shell win32
Last synced: 30 Mar 2025
https://github.com/hacksysteam/CVE-2023-21608
Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
adobe adobe-reader aslr-bypass cfg-bypass cve-2023-21608 dep-bypass exploit rce use-after-free
Last synced: 02 Jan 2025
https://github.com/adilsoybali/Log4j-RCE-Scanner
Remote command execution vulnerability scanner for Log4j.
checker cve-2021-44228 log4j log4j2 log4shell rce scanner vulnerability-scanners
Last synced: 21 Nov 2024
https://github.com/virb3/apk-utilities
🛠 Tools and scripts to manipulate Android APKs
adb android apk app rce reverse-engineering reversing
Last synced: 10 Apr 2025
https://github.com/ViRb3/apk-utilities
🛠 Tools and scripts to manipulate Android APKs
adb android apk app rce reverse-engineering reversing
Last synced: 13 Apr 2025
https://github.com/voidsec/exploit-development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
0day aslr aslr-bypass eop exploit kernel lpe poc rce rop rop-chain rop-exploitation rop-gadgets shellcode windows
Last synced: 13 Apr 2025
https://github.com/avilum/secimport
The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.
3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing
Last synced: 16 May 2025
https://github.com/VainlyStrain/Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
directory-traversal exploitation filter-evasion information-leak lfi lfi-exploitation lfi-shells local-file-inclusion path-traversal penetration-testing pentest-tool pentesting rce security takeover vulnerability-assessment vulnerability-detection vulnerability-scanners websec websecurity
Last synced: 21 Nov 2024
https://github.com/Y4er/CVE-2020-2883
Weblogic coherence.jar RCE
cve-2020-2883 java rce weblogic
Last synced: 21 Nov 2024
https://github.com/herwonowr/exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
cve-2021-26855 cve-2021-27065 microsoft-exchange microsoft-exchange-proxylogon poc proxylogon rce ssrf
Last synced: 12 Apr 2025
https://github.com/sickcodes/no-sandbox
No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/
0day bug bugbounty chrome chromium exploit rce research
Last synced: 24 Mar 2025
https://github.com/alexandre-lavoie/python-log4rce
An All-In-One Pure Python PoC for CVE-2021-44228
cli cve-2021-44228 log4j python rce
Last synced: 21 Nov 2024
https://github.com/sec-report/secreport
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
ai chatgpt collaboration collaborations docker openai pentest privacy rce report retest sec security security-tools sql-injection vulnerabilities web-security xss
Last synced: 05 Apr 2025
https://github.com/landgrey/cve-2019-7609
exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts
Last synced: 30 Apr 2025
https://github.com/dotPY-hax/gitlab_RCE
RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1
ctf cve cve-2018-19571 cve-2018-19585 cve-2020-10977 exploit gitlab gitlab-rce lfi rce
Last synced: 21 Nov 2024
https://github.com/sec-report/SecReport
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
ai chatgpt collaboration collaborations docker openai pentest privacy rce report retest sec security security-tools sql-injection vulnerabilities web-security xss
Last synced: 02 Jan 2025
https://github.com/jmousqueton/poc-cve-2022-30190
POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina
cve follina msoffice poc proof-of-concept rce vulnerability
Last synced: 24 Apr 2025
https://github.com/ghosttroops/go4hacker
Automated penetration and auxiliary systems, providing XSS, XXE, DNS log, SSRF, RCE, web netcat and other Servers,gin-vue-admin,online https://51pwn.com
exp exploits framework gin gin-vue-admin hacker penetration pentest poc rce vue
Last synced: 05 Apr 2025
https://github.com/YasserGersy/cazador_unr
Hacking tools
automation bugbounty bugcrowd bughunting csrf directory-lister dns fuzzing hackerone hacking http information-gathering-tools owasp poc pocgenerator rce sqli subdomains tcp xss
Last synced: 21 Nov 2024
https://github.com/nemo-wq/PrintNightmare-CVE-2021-34527
PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits
cve-2021-1675 cve-2021-34527 howto-tutorial printnightmare rce windowsexploits
Last synced: 21 Nov 2024
https://github.com/ignis-sec/cve-2023-38831-rarce
An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23
archive exploit exploit-development rce security winrar
Last synced: 06 May 2025
https://github.com/p0dalirius/cve-2022-36446-webmin-software-package-updates-rce
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
cve-2022-36446 exploit package rce software update webmin
Last synced: 05 Apr 2025
https://github.com/aigptcode/wordpress-auto-admin-account-and-reverse-shell-cve-2024-27956
WordPress Auto Admin Account Creation and Reverse Shell cve-2024-27956 automates the process of creating a new administrator account in a WordPress site and executing a reverse shell on the target server. It utilizes the wp-automatic plugin's CSV injection vulnerability to execute SQL queries
android backdoor backdoors cve exploit hack hacking html nuclei nuclei-templates php ransomware rce reverse-shell shell website windows wordpress wordpress-plugin
Last synced: 11 Apr 2025
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
Zimbra <9.0.0.p27 RCE
cpio cve cve-2022-41352 python3 rce zimbra
Last synced: 21 Nov 2024
https://github.com/jbaines-r7/badblood
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)
Last synced: 21 Nov 2024
https://github.com/flast101/php-8.1.0-dev-backdoor-rce
PHP 8.1.0-dev Backdoor System Shell Script
backdoor code code-injection exploit exploit-development pentest pentest-tool php-810-dev php8 php810-dev python python3 rce remote-code-execution security shell shell-script shell-scripts user-agent user-agentt
Last synced: 15 Apr 2025
https://github.com/nollium/cve-2024-9264
Exploit for Grafana arbitrary file-read and RCE (CVE-2024-9264)
authenticated cve cve-2024-9264 exploit file-read-vulnerability grafana poc rce rce-exploit security vulnerability
Last synced: 06 Apr 2025
https://github.com/blackhatruby/BHR_Labs
Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT
api blackhat blackhat-ruby burpsuite exploits hacking metasploit rails rce ruby xss
Last synced: 28 Mar 2025
https://github.com/al1ex/cve-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
cve-2020-36179 jackson-databind rce ssrf
Last synced: 18 Mar 2025
https://github.com/p0dalirius/CVE-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
crash cve-2022-21907 iis-server poc python rce
Last synced: 18 Jan 2025
https://github.com/p0dalirius/cve-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
crash cve-2022-21907 iis-server poc python rce
Last synced: 30 Dec 2024
https://github.com/Al1ex/CVE-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
cve-2020-36179 jackson-databind rce ssrf
Last synced: 21 Nov 2024
https://github.com/Swordfish-Security/Pentest-In-Docker
Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
devsecops docker escape pentesting rce shellshock vulnerable-container
Last synced: 21 Nov 2024
https://github.com/chocapikk/cve-2023-6553
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
cve cve-2023-6553 cybersecurity exploit hacking infosec php python rce security security-research vulnerability wordpress
Last synced: 19 Apr 2025
https://github.com/noraj/umbraco-rce
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
exploit poc proof-of-concept rce remote-code-execution umbraco umbraco-cms umbraco-v7 umbraco7
Last synced: 12 Apr 2025
https://github.com/err0r-ica/scanter
Websites Vulnerability Scanner
rce rce-exploit rce-scanner scanner server-side-template-injection sql-injection sql-scanner sqli ssti ssti-payloads xss xss-attacks xss-detection xss-exploitation xss-scanner xss-vulnerability
Last synced: 09 Apr 2025
