A tool to find good RCE From my series: A powerful Burp extension to make bounties rain
Well i got exactly what you need this burpsuite extension powered by a powerful AI engine, find good RCE and report it, all you need is to install it and browse sites like normal unsuspecting users (how cool is that).
Download and install
TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How β’ Install β’ Todo β’ Join Discord How it works
Python library to remotely extract credentials on a set of hosts.
Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202
log4j-Scanner scanner for log4j cat web-urls.txt | python3 log4j.py ID.burpcollaborator.net web-urls.txt http://127.0.0.1:8080 https://www.google.c
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.
The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.
Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc
OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M
IronNet Threat Research π΅οΈ Overview This repository contains IronNet's Threat Research. Research & Reporting π Project Description Cobalt Strike Res
Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)
CVE-2022-22536 SAP memory pipes desynchronization vulnerability(MPI) CVE-2022-22
Discord-keylogger Usage python dlogger.py -t [Time interval in sec] if not speci
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) This script allows to check and exploit missing authentication checks in
CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V
π Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? π² (example: apache"version" , php"version") ? In this code it is pos
We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams
CVE-2021-22911 Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 The getPasswordPolicy method is vulnerable to NoS
musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum
162 Nov 25, 2022
1.5k Dec 31, 2022
5 Mar 19, 2022
37 Dec 06, 2022
500 Jan 06, 2023
5 Jun 26, 2022
3 Feb 07, 2022
2 Jan 17, 2022
35 Dec 12, 2022
5 May 18, 2022
36 Dec 02, 2022
35 Dec 28, 2022
49 Nov 09, 2022
1 Jan 30, 2022
82 Nov 09, 2022
38 Aug 09, 2022
13 Jan 04, 2022
47 Nov 09, 2022
14 Jul 08, 2022