🐞
Log4Scan
Log4scan
针对header头和fuzz参数的主动批量扫描,用于大批量黑盒检测
先配置ceye信息
self.host = ""
self.token = ""
PassiveLog4Scan
burp suite 被动扫描插件,对每个参数、header头、Cookie做扫描
先配置ceye信息
self.host = ""
self.token = ""
A simple Log4Shell Scan with python
Overview
A set of blender assets created for the $yb NFT project.
fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on
1 May 06, 2022
Vulnerability Exploitation Code Collection Repository
Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2
263 Feb 14, 2022
A passive-recon tool that parses through found assets and interacts with the Hackerone API
Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to
4 Jan 13, 2022
CVE-2021-22986 & F5 BIG-IP RCE
Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management
85 Dec 02, 2022
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user
17 Nov 09, 2022
Cobalt Strike Beacon configuration extractor and parser.
Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co
102 Dec 18, 2022
SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.
SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effec
2 Mar 23, 2022
PoC for CVE-2021-26855 -Just a checker-
CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C
17 Dec 22, 2022
You can manage your password with this program.
You must have Python compilers in order to run this program. First of all, download the compiler in the link.
6 Aug 07, 2021
This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.
F2Amapper This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to
3 Sep 03, 2022
ProxyLogon Pre-Auth SSRF To Arbitrary File Write
ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\python proxylogon.py mail.evil.corp
A Python & JavaScript Obfuscator made in Python 3.
Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco
3 Mar 24, 2022
Zero-attacker is an multipurpose hacking tool with over 12 tools
Zero Attacker Zero Attacker is bunch of tools which we made for people.These all tools are for purpose of ethical hacking and discord tools. Who is th
300 Dec 28, 2022
The Devils Eye is an OSINT tool that searches the Darkweb for onion links and descriptions that match with the users query without requiring the use for Tor.
The Devil's Eye searches the darkweb for information relating to the user's query and returns the results including .onion links and their description
135 Dec 31, 2022
Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)
Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)
35 Dec 28, 2022
A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution
CVE-2012-2982 John Hammond | September 4th, 2021 Checking searchsploit for Webmin 1.580 I only saw a Metasploit module for the /file/show.cgi Remote C
25 Dec 08, 2022
TOOLS CRACK FACEBOOK
Installation $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ git clone https://github.com/Mark-Zuck/zafi $ cd zafi $ pip2 instal
50 Dec 26, 2022
Flutter Reverse Engineering Framework
This framework helps reverse engineer Flutter apps using patched version of Flutter library which is already compiled and ready for app repacking. There are changes made to snapshot deserialization p
910 Jan 01, 2023
Mr.Holmes is a information gathering tool (OSINT)
🔍 Mr.Holmes Mr.Holmes is a information gathering tool (OSINT). Is main purpose is to gain information about domains,username and phone numbers with t
534 Jan 08, 2023
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the
29.7k Jan 04, 2023