Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists by RandomRobbieBF
A curated list of projects in awesome lists by RandomRobbieBF .
https://github.com/randomrobbiebf/grafana-ssrf
Authenticated SSRF in Grafana
Last synced: 20 Nov 2024
https://github.com/RandomRobbieBF/grafana-ssrf
Authenticated SSRF in Grafana
Last synced: 03 Nov 2024
https://github.com/randomrobbiebf/cve-2023-32243
CVE-2023-32243
cve-2023-32243 wordpress-exploit wordpress-plugin
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/marshalsec-jar
marshalsec-0.0.3-SNAPSHOT-all compiled on X64
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/phpunit-brute
Tool to try multiple paths for PHPunit RCE CVE-2017-9841
bugbounty cve-2017-9841 phpunit
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/wordpress-plugin-list
Wordpress Plugins List for Bruteforcing.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/service-now
Service-Now Article Bruteforcer
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/nuclei-drupal-sa
Nuclei templates for drupal vulns... far from perfect
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/kong-pwn
Use Exposed KongAPI to act like a proxy and get metadata urls or internal urls
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/simple-file-list-rce
Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/woo
Exploit woocommerce SQLI and grab user and password hash
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/sap-brute
SAP Netweaver Login Bruteforcer.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/wordpress-exploits
Random Wordpres Exploits May or May Not Work.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-22145
InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)
cve-2024-22145 exploit instawp-connect wordpress
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-0679
ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
cve-2024-0679 exploit wordpress
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-6624
JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation
Last synced: 01 Dec 2024
https://github.com/randomrobbiebf/s3-from-csp
Extracts all S3 Buckets from CSP report headers and then tests for file upload vulns
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/binary-edge-render-extract
Create a datatable output from a binaryedge render scan
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/log4j-exploits
Log4J Exploits for Different Systems
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/juicy-php
Juicy-php - finds PHP info files with juicy information
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/wordpress-plugins-scraper
Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-6700
Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/wordpress-php-object-helper
Know a plugin has a php object exploit but need to find which lib to use?
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/django-bruteforce
Django Admin Url Bruteforce tool.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/dom-brute
Domain TLD prefix finder / 3rd party hosted.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-6985
10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description
ai-assistant-by-10web cve-2023-6985 wordpress
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-0952
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/postgres-bruteforcer
This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/super-secret-finder
Burp Plugin for Secret Matching
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-9234
GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/csp-log4j
Finds CSP report urls and tests to see if they are vulnerable to log4j
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2020-12077
MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-5412
Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-5070
Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-25092
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2020-36730
CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/static-file-checker
Checks Djangos /static/staticfiles.json for exposed creds using nuclei
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/health-check
Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-47529
Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-47668
Restrict Content <= 3.2.7 - Information Exposure via legacy log file
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-46197
Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-45808
LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-45828
RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-47615
LearnPress Plugin < 4.2.0 - Unauthenticated LFI Description
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2019-15896
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2021-34621
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2021-25032
PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-1442
WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2021-24356
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation
cve-2021-24356 wordpress-exploit wordpress-plugin
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-3904
CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-2877
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-10586
Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-0630
CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-45354
Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/what-wordpress
Tool to extract all themes and plugins that are shown on the front page of a wordpress site.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/learning-management-system
Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/js-jobs
JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/e-signature-poc
e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-36531
LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/chart-down
Extracts all the chart lists from ChartMuseum
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-0439
CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-2732
MStore API <= 3.9.2 - Authentication Bypass
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/struts-splunk
Vuln Apache Struts with splunk
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/whatismyip-serverless
PHP - serverless IP grabber for testing SSRF
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/wordpress-bf
Brute Force Wordpress Blogs.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/redis-checker
Checks for exposed Redis servers
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2021-24507
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/be-targets-gen
Reads a Binaryedge.io JSON blob and outputs the IP:PORT to a text file for parsing.
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/grafana-bruteforce
Grafana Bruteforce tool
brute-force bugbounty grafana red-team
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2022-1203
Content Mask < 1.8.4 - Subscriber+ Arbitrary Options Update
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-10728
PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-10629
GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-9935
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50473
Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-10924
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-2242
Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50427
SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-49681
WP Sessions Time Monitoring Full Automatic <= 1.0.9 - Unauthenticated SQL Injection
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-10470
WPLMS Learning Management System for WordPress <= 4.962 – Unauthenticated Arbitrary File Read and Deletion
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2023-41652
RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50477
Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass via Account Takeover
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-51665
Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50488
Token Login <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50482
Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-9932
Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50493
Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50476
GRÜN spendino Spendenformular <= 1.0.1 - Unauthenticated Arbitrary Options Update
Last synced: 20 Nov 2024
https://github.com/randomrobbiebf/cve-2024-50450
WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution
Last synced: 20 Nov 2024