Exploit grafana Pre-Auth LFI
python3 grafana-exploit.py http://site.com /etc/passwd
Or
python3 grafana-exploit.py http://site.com:8080 /etc/passwd
Interesting files
/etc/passwd
/etc/hosts
/var/lib/grafana/grafana.db
client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it
springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin
Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works
log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione
Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release
vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu
Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.
Volatility-auto-hashdump Script for automatic dump and brute-force passwords using Volatility Framework
log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk
This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE Analyze Usage ------------------------------------------------------------- [*] CVE-2021-220
Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop
Braised-vegetables 将hw时信息收集以及简单的漏洞扫描操作步骤简单化 使用subfinder(被动子域名爆破收集) subdomain(主动域名爆破) nabbu(端口扫描) httpx(探测目录浏览) crawlergo(360深度爬虫) chorme(谷歌浏览器) xray(漏
StarUML_cracker Usage On Linux Clone the repo. git clone https://github.com/mana
Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, "Password", and even Iterable Keyspaces of a specified size.
sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify
DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI (link ) We a
Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (
9 Jun 05, 2022
105 Nov 26, 2022
92 Dec 29, 2022
307 Dec 24, 2022
137 Jan 02, 2023
1 Jan 14, 2022
13 Nov 03, 2022
11 Apr 11, 2022
431 Dec 22, 2022
26 Dec 26, 2022
224 Aug 05, 2022
3 Dec 30, 2021
19 Nov 15, 2022
9 Jun 20, 2022
65 Dec 22, 2022
9.4k Jan 04, 2023
5 Oct 08, 2022
5 Dec 03, 2022
580 Jan 09, 2023
59 Dec 01, 2022