Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Common Vulnerabilities and Exposures (CVE)

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States’ National Cybersecurity FFRDC, operated by The Mitre Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security

https://github.com/Mr-xn/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp

Last synced: 25 Oct 2024

https://github.com/mr-xn/penetration_testing_poc

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

authentication-bypass bypass cobalt-strike csrf csrf-webshell cve cve-cms exploit getshell oa-getshell penetration-testing penetration-testing-poc php-bypass poc poc-exp rce sql-getshell sql-poc thinkphp

Last synced: 15 Oct 2024

https://github.com/nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

cve exploit poc security vulnerability

Last synced: 01 Nov 2024

https://github.com/nomi-sec/poc-in-github

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

cve exploit poc security vulnerability

Last synced: 15 Oct 2024

https://github.com/PeiQi0/PeiQi-WIKI-Book

面向网络安全从业者的知识文库🍃

0day 1day cve peiqi-wiki redteam vuln

Last synced: 05 Nov 2024

https://github.com/peiqi0/peiqi-wiki-book

面向网络安全从业者的知识文库🍃

0day 1day cve peiqi-wiki redteam vuln

Last synced: 15 Oct 2024

https://github.com/Medicean/VulApps

快速搭建各种漏洞环境(Various vulnerability environment)

cve docker struts vulnerabilities vulnhub

Last synced: 09 Nov 2024

https://github.com/medicean/vulapps

快速搭建各种漏洞环境(Various vulnerability environment)

cve docker struts vulnerabilities vulnhub

Last synced: 26 Sep 2024

https://github.com/Ascotbe/Kernelhub

:palm_tree:Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

cve cve-2021-26868 cve-2021-33739 cve-2021-34486 cve-2021-36934 cve-2021-40444 cve-2021-40449 cve-2021-42278 cve-2021-42287 cve-2022-21882 cve-2022-26937 cve-2022-30206 cve-2022-33679 cve-2022-34718 exploits kernel linux pentest tool windows

Last synced: 05 Nov 2024

https://github.com/tunz/js-vuln-db

A collection of JavaScript engine CVEs with PoCs

cve javascript vulnerability

Last synced: 15 Oct 2024

https://github.com/Notselwyn/CVE-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

cve cve-2024-1086 exploit lpe poc

Last synced: 30 Oct 2024

https://github.com/notselwyn/cve-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

cve cve-2024-1086 exploit lpe poc

Last synced: 15 Oct 2024

https://github.com/tr0uble-maker/poc-bomber

利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

cve exp getshell poc poc-bomber rce redteam vulnerability-scanner

Last synced: 15 Oct 2024

https://github.com/TH3xACE/SUDO_KILLER

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

abuse-sudo ctf cve exploits linux-exploits misconfiguration oscp oscp-journey oscp-prep oscp-tools pentest pentest-tool privilege-escalation sudo sudo-exploitation

Last synced: 07 Nov 2024

https://github.com/th3xace/sudo_killer

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

abuse-sudo ctf cve exploits linux-exploits misconfiguration oscp oscp-journey oscp-prep oscp-tools pentest pentest-tool privilege-escalation sudo sudo-exploitation

Last synced: 15 Oct 2024

https://github.com/tr0uble-mAker/POC-bomber

利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

cve exp getshell poc poc-bomber rce redteam vulnerability-scanner

Last synced: 04 Aug 2024

https://github.com/ascotbe/medusa

:cat2:Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中

cobaltstrike cve dnslog email exp mail medusa metasploit-framework payload poc readteam virus xss

Last synced: 14 Oct 2024

https://github.com/Ascotbe/Medusa

:cat2:Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中

cobaltstrike cve dnslog email exp mail medusa metasploit-framework payload poc readteam virus xss

Last synced: 29 Oct 2024

https://github.com/Threekiii/Vulnerability-Wiki

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

cve docker docsify vulnerability wiki

Last synced: 05 Nov 2024

https://github.com/threekiii/vulnerability-wiki

基于 docsify 快速部署 Awesome-POC 中的漏洞文档

cve docker docsify vulnerability wiki

Last synced: 15 Oct 2024

https://github.com/mufeedvh/moonwalk

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

cve exploit exploitation infosec infosectools linux privilege-escalation red-teaming redteam redteam-tools security security-tools

Last synced: 29 Oct 2024

https://github.com/nixawk/labs

Vulnerability Labs for security analysis

cve exploit security vulnerability

Last synced: 01 Nov 2024

https://github.com/intel/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 15 Oct 2024

https://github.com/arthepsy/cve-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

cve cve-2021-4034 poc

Last synced: 09 Oct 2024

https://github.com/arthepsy/CVE-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

cve cve-2021-4034 poc

Last synced: 05 Nov 2024

https://github.com/SabyasachiRana/WebMap

WebMap-Nmap Web Dashboard and Reporting

cve cybersecurity infosec nmap webmap

Last synced: 06 Nov 2024

https://github.com/topscoder/nuclei-wordfence-cve

The EXCLUSIVE Collection of 40,000+ Nuclei templates based on Wordfence intel. Daily updates for bulletproof WordPress security.

bugbounty cve exploits nuclei nuclei-templates pentesting projectdiscovery scanner security vulnerability vulnerability-scanning wordfence wordpress

Last synced: 13 Nov 2024

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 04 Nov 2024

https://github.com/ycdxsb/PocOrExp_in_Github

聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

cve exploit poc vulnerabilities

Last synced: 04 Aug 2024

https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

audit cve cve-2017-5715 cve-2017-5753 cve-2017-5754 cve-2018-3639 cve-2018-3640 cve-2018-3665 cve-2018-3693 guidance meltdown nessus spectre vulnerability

Last synced: 03 Nov 2024

https://github.com/StarCrossPortal/scalpel

scalpel是一款命令行漏洞扫描工具,支持深度参数注入,拥有一个强大的数据解析和变异算法,可以将常见的数据格式(json, xml, form等)解析为树结构,然后根据poc中的规则,对树进行变异,包括对叶子节点和树结构 的变异。变异完成之后,将树结构还原为原始的数据格式。

cve exploits fuzzing poc scanner vulnerabilities vulnerability

Last synced: 04 Aug 2024

https://github.com/b1tg/cve-2023-38831-winrar-exploit

CVE-2023-38831 winrar exploit generator

0day cve exploit

Last synced: 12 Nov 2024

https://github.com/metnew/uxss-db

🔪Browser logic vulnerabilities :skull_and_crossbones:

browser cve javascript security vulnerability xss

Last synced: 03 Nov 2024

https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

ES File Explorer Open Port Vulnerability - CVE-2019-6447

cve cve-2019-6447 infosec vulnerability

Last synced: 02 Nov 2024

https://github.com/fs0c131y/esfileexploreropenportvuln

ES File Explorer Open Port Vulnerability - CVE-2019-6447

cve cve-2019-6447 infosec vulnerability

Last synced: 03 Nov 2024

https://github.com/u21h2/nacs

事件驱动的渗透测试扫描器 Event-driven pentest scanner

cve exploit fofa fscan golang log4j nuclei pentest redteam scanner security shiro xray

Last synced: 04 Aug 2024

https://github.com/Coalfire-Research/java-deserialization-exploits

A collection of curated Java Deserialization Exploits

cve deserialization-rce exploits java

Last synced: 25 Oct 2024

https://github.com/coalfire-research/java-deserialization-exploits

A collection of curated Java Deserialization Exploits

cve deserialization-rce exploits java

Last synced: 03 Aug 2024

https://github.com/aboutcode-org/vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

cpe cve cvss nvd ossindex osv package-url purl security security-tools snyk vulndb vulnerability vulnerability-database vulnerability-databases vulnerability-detection vulnerability-identification vulnerability-scanners

Last synced: 22 Aug 2024

https://github.com/rip1s/cve-2018-8120

CVE-2018-8120 Windows LPE exploit

cve cve-2018-8210 exploit

Last synced: 07 Nov 2024

https://github.com/manifoldfinance/defi-threat

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

advisories blockchain cve defi defi-threat erc20 erc721 ethereum evm infosec kill-chain nfts smart-contracts smart-contracts-audit solidity threat threat-matrix

Last synced: 03 Aug 2024

https://github.com/nexB/vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

cpe cve cvss nvd ossindex osv package-url purl security security-tools snyk vulndb vulnerability vulnerability-database vulnerability-databases vulnerability-detection vulnerability-identification vulnerability-scanners

Last synced: 03 Aug 2024

https://github.com/nix-community/vulnix

Vulnerability (CVE) scanner for Nix/NixOS.

cve nix nixos security vulnerabilities vulnerability

Last synced: 31 Oct 2024

https://github.com/sule01u/SBSCAN

SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]

cve cve-2018-1273 cve-2019-3799 cve-2020-5410 cve-2021-21234 cve-2022-22947 cve-2022-22963 cve-2022-22965 pentest-tool poc scanner security security-tools spring spring-boot springboot

Last synced: 10 Sep 2024

https://github.com/flyingcircusio/vulnix

Vulnerability (CVE) scanner for Nix/NixOS.

cve nix nixos security vulnerabilities vulnerability

Last synced: 15 Aug 2024

https://github.com/ucsb-seclab/bootstomp

BootStomp: a bootloader vulnerability finder

android binary-analysis bootloader cve decompilation vulnerability-detection

Last synced: 03 Nov 2024

https://github.com/kac89/vulnrepo

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, issues import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, methodologies and much more!

angular bugbounty burpsuite cve cwe end-to-end-encryption mitre-attack nessus nmap openvas pci-dss pentesting security security-team security-tool trivy vulnerability-assessment vulnerability-management vulnerability-report vulnerability-research

Last synced: 04 Nov 2024

https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

bugbounty bugbounty-writeups bugbountytips cve cve-2022-0337 cybersecurity exploit hacking payload pentest pentesting red-team security security-writeups writeups

Last synced: 03 Nov 2024

https://github.com/mudongliang/linuxflaw

The vm images in this repo are lost, we recommend our new project: https://github.com/hust-open-atom-club/S2VulnHub

cve edb linux reproduction vulnerability

Last synced: 07 Nov 2024

https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

cve cve-2019-1003000 exploit groovy information-security jenkins poc rce security security-1266

Last synced: 14 Nov 2024

https://github.com/edoardottt/missing-cve-nuclei-templates

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

automation bug-bounty bug-hunting bugbounty bugbounty-tool bugbountytips cve cve-scanning hacking nuclei nuclei-engine nuclei-templates penetration-testing pentesting projectdiscovery security security-tools vulnerability-detection vulnerability-scanners

Last synced: 26 Oct 2024

https://github.com/CervantesSec/cervantes

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.

audit burpsuite collaboration collaboration-platform collaborative cve hacking nessus nmap penetration-testing penetration-testing-tools pentesters pentesting red-team red-teaming report reporting security vulnerability vulnerability-management

Last synced: 04 Aug 2024

https://github.com/albuch/sbt-dependency-check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

appsec cve devops devsecops infosec nvd owasp owasp-dependencycheck sbt sbt-plugin scala security security-audit security-automation software-composition-analysis software-security static-analysis vulnerabilities vulnerability-scanners

Last synced: 04 Aug 2024

https://github.com/psecio/versionscan

A PHP version scanner for reporting possible vulnerabilities

cve php risk scans security

Last synced: 01 Nov 2024

https://github.com/CnHack3r/Goby_PoC_RedTeam

致力于收集Goby PoC,请勿用于非法操作,后果自负。

bypass cve exp goby poc redteam

Last synced: 04 Aug 2024

https://github.com/karimhabush/cyberowl

A daily updated summary of the most frequent types of security advisories currently being reported from different sources.

cisa cve security security-alerts vulnerability

Last synced: 08 Nov 2024

https://github.com/peass-ng/botpeass

Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.

bot cve cves monitoring peass privesc slack telegram

Last synced: 14 Nov 2024

https://github.com/center-for-threat-informed-defense/attack_to_cve

🚨ATTENTION🚨 The CVE mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

ctid cve cybersecurity mitre-attack threat-informed-defense

Last synced: 04 Aug 2024

https://github.com/dbarzin/mercator

Mapping the information system / Cartographie du système d'information

anssi assets assets-management cartographie cartography cmdb cpe cve gdpr it-management itil oiv security-tools urbanisation

Last synced: 04 Aug 2024

https://github.com/stevespringett/nist-data-mirror

A simple Java command-line utility to mirror the CVE JSON data from NIST.

appsec cpe cve java nist nvd sca software-composition-analysis software-security

Last synced: 11 Nov 2024

https://github.com/ttonys/Scrapy-CVE-CNVD

漏洞监控,基于scrapy,scrapy-redis,获取每日最新的CVE和CNVD漏洞,邮件通知

cnvd cve scrapy

Last synced: 04 Aug 2024

https://github.com/1n3/exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

0day 1n3 bug-bounties crowdshield ctf cve exploits poc

Last synced: 09 Nov 2024

https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

🐱‍💻 👍 Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...

bugbounty bugbounty-writeups bugbountytips cve cybersecurity exploit hacking payload pentesing pentest red-team security security-writeups writeups

Last synced: 03 Nov 2024

https://github.com/Vulnogram/Vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

cve cve-json cvss cvssv3 cwe json nvd security security-automation security-tools security-vulnerability vulnerability

Last synced: 11 Nov 2024

https://github.com/dotPY-hax/gitlab_RCE

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

ctf cve cve-2018-19571 cve-2018-19585 cve-2020-10977 exploit gitlab gitlab-rce lfi rce

Last synced: 04 Aug 2024

https://github.com/yevh/VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

android api application-security appsec-tutorials appsecurity bugbounty code codesecurity cve ios owasp owasp-top-10 pentesting poc security vulnerabilities vulnerability waf web2 web3

Last synced: 07 Sep 2024

https://github.com/jmousqueton/poc-cve-2022-30190

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina

cve follina msoffice poc proof-of-concept rce vulnerability

Last synced: 10 Nov 2024

https://github.com/trimstray/massh-enum

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

accounts cve cve-2018-15473 enumeration openssh ssh users vulnerability

Last synced: 04 Aug 2024

https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc

A script to automate privilege escalation with CVE-2023-22809 vulnerability

cve cve-2023-22809 exploit privesc script sudo sudoedit vulnerability

Last synced: 25 Oct 2024

https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc

A script to automate privilege escalation with CVE-2023-22809 vulnerability

cve cve-2023-22809 exploit privesc script sudo sudoedit vulnerability

Last synced: 10 Sep 2024

https://github.com/ossf-cve-benchmark/ossf-cve-benchmark

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

benchmark cve open-source security vulnerability

Last synced: 03 Aug 2024