This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

Last update: Aug 18, 2022

Overview

zip-symlink-payload-creator

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

usage: zip-symlink.py [-h] -f FILE [-g GET]

ZIP symlink payload generator

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Creates the ZIP payloads based on a wordlist
  -g GET, --get GET     Introduce the link filename to get the file to which it corresponds
  
Examples:

python3 zip-symlink.py -f wordlist

[+] Payloads have been created
--------------------------------------------------

python3 zip-symlink.py -f wordlist -g link6

The file is: /etc/mysql/my.cnf

Owner

stark0de

Infosec addict, aspirant red teamer and not so super-l33t

GitHub Repository

BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi

757 Jan 07, 2023

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

5 Sep 12, 2022

阿里云accesskey利用工具

aliyun-accesskey-Tools 此工具用于查询ALIYUN_ACCESSKEY的主机，并且远程执行命令。对于ALIYUN_ACCESSKEY利用方式可参考文章：记一次阿里云主机泄露Access Key到Getshell 工具截图安装模块 pip install -r require

826 Jan 01, 2023

Log4j vuln fuzz/scan with python

Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln. python3 log4jFuzz.py [option] optional arguments: -u URL,

3 Dec 22, 2021

This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Cryptographied Password Manager This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way without using external Service

3 Nov 23, 2022

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

CVE-2021-41773 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url Usage :- create a live urls file and use the flag "-l" p

12 Nov 09, 2022

GRR Rapid Response: remote live forensics for incident response

GRR Rapid Response is an incident response framework focused on remote live forensics. Build Type Status Tests End-to-end Tests Windows Templates Linu

4.3k Jan 05, 2023

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

567 Dec 30, 2022

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 08, 2022

Python sandbox runners for executing code in isolation aka snekbox.

164 Dec 20, 2022

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co

396 Jan 08, 2023

Monty Hall Problem simulation written in Python.

Monty Hall Problem Simulation monty_hall_sim is a brute-force method of determining the optimal strategy for the Monty Hall Problem. Usage Set boolean

1 Aug 29, 2022

The Devils Eye is an OSINT tool that searches the Darkweb for onion links and descriptions that match with the users query without requiring the use for Tor.

The Devil's Eye searches the darkweb for information relating to the user's query and returns the results including .onion links and their description

135 Dec 31, 2022

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

Related tags

Overview

zip-symlink-payload-creator

Owner

stark0de

BloodyAD is an Active Directory Privilege Escalation Framework

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

阿里云accesskey利用工具

Log4j vuln fuzz/scan with python

This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

GRR Rapid Response: remote live forensics for incident response

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Python sandbox runners for executing code in isolation aka snekbox.

This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

Monty Hall Problem simulation written in Python.

The Devils Eye is an OSINT tool that searches the Darkweb for onion links and descriptions that match with the users query without requiring the use for Tor.

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Raphael is a vulnerability scanning tool based on Python3.

S2-061 的payload，以及对应简单的PoC/Exp

Python library to remotely extract credentials on a set of hosts.

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

C++ fully undetected shellcode launcher