一款辅助探测Orderby注入漏洞的BurpSuite插件,Python3编写,适用于上xray等扫描器被ban的场景
注意:如想测试其他数据库软件PostgreSQL、Oracle,请使用相应的pg_sleep()、dbms_lock.sleep(),未测试,简单替换payload可能不好使,由此造成的漏测本人概不负责
测试demo可参考我的上一个仓库(https://github.com/ce-automne/OrderbyInjectionDemo)
A denial of service (DoS) vulnerability (CVE-2021-36798) was found in Cobalt Strike. The vulnerability was fixed in the scope of the 4.4 release. More
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanni
CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popul
Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.
Attraction Finder Developers: Riyon Praveen, Aaron Bijoy, & Yash Vora How It Wor
CVE-2022-23967 In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbprot
Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl
BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone
Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste
dnspooq DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) For educational purposes only Requirements Docker compo
FUD Keylogger That Reports To Discord This python script will capture all of the keystrokes within a given time frame and report them to a Discord Ser
Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat
NSGenCS What Is? An extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Installation Requirements Currently
GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password
threat-intel This repository contains IoCs related to Volexity public threat intelligence blog posts. They are organised by year, and within each year
FeatureHasher Convert a collection of features to a fixed-dimensional matrix using the hashing trick. Note, this requires Jina=2.2.4. Example Here I
CVE-2021-44228-log4j discovery (Download the MKP package) This plugin discovers vulnerable files for the CVE-2021-44228-log4j issue. To discover this
Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (
CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V
104 Nov 09, 2022
12 Dec 02, 2022
247 Jan 02, 2023
1 Jan 02, 2022
2 Feb 09, 2022
15 Jul 11, 2022
2 Nov 20, 2021
5 Apr 09, 2022
81 Dec 27, 2022
80 Nov 28, 2022
36 Dec 20, 2022
56 Mar 03, 2021
123 Dec 19, 2022
352 Jan 02, 2023
27 Dec 20, 2022
130 Dec 29, 2022
5 Mar 15, 2022
4 Jan 08, 2022
59 Dec 01, 2022
9 Aug 31, 2022