Pinned Repositories
CVE-2018-11788
Apache Karaf XXE Vulnerability (CVE-2018-11788)
HackRequests
It is a dedicated requests lib that supports cookie, headers, get/post, etc. And it also supports rendering the response (e.g. Javascript, CSS, etc.) of GET requests by using PhantomJs enginee.
hackUtils
It is a hack tool kit for pentest and web security research.
myPadBuster
It is a Python+Perl script to exploit ASP.net Padding Oracle vulnerability.
RootHelper
A Bash script that downloads and unzips scripts that will aid with privilege escalation on a Linux system.
S2-053-CVE-2017-12611
A simple script for exploit RCE for Struts 2 S2-053(CVE-2017-12611)
SambaHunter
It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
WinSystemHelper
A tool that checks and downloads scripts that will aid with privilege escalation on a Windows system.
WordPress_4.9.8_RCE_POC
A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
brianwrf's Repositories
brianwrf/hackUtils
It is a hack tool kit for pentest and web security research.
brianwrf/WordPress_4.9.8_RCE_POC
A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.
brianwrf/SambaHunter
It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).
brianwrf/CVE-2018-11788
Apache Karaf XXE Vulnerability (CVE-2018-11788)
brianwrf/RTEmulation
It is a repository for Red Team emulation based on MITRE ATT&CK.
brianwrf/S2-057-CVE-2018-11776
A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776)
brianwrf/CVE-2018-11761
Apache Tika Denial of Service Vulnerability (CVE-2018-11761)
brianwrf/openvpn-easy-config
openvpn easy config for Ubuntu ONLY
brianwrf/TechArticles
A set of tech articles.
brianwrf/CVE-2019-6690
It is a simple PoC of Improper Input Validation in python-gnupg 0.4.3 (CVE-2019-6690).
brianwrf/awesome-jenkins-rce-2019
There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
brianwrf/BlueKeep
Proof of concept for CVE-2019-0708
brianwrf/NagaScan
NagaScan is a distributed passive vulnerability scanner for Web application.
brianwrf/Awsome-Redis-Rogue-Server
Redis-Rogue-Server Implement
brianwrf/CDK
CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.
brianwrf/CVE-2020-0683
CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
brianwrf/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
brianwrf/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
brianwrf/red-team-scripts
A collection of Red Team focused tools, scripts, and notes
brianwrf/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
brianwrf/CloudResetPwdAgent
CloudResetPwdAgent for CloudOS(Windows and Linux) Password Resetting.
brianwrf/csp_security_mistakes
Cloud service provider security mistakes
brianwrf/CVE-2021-4034
CVE-2021-4034 1day
brianwrf/files-CVE-2018-8629
CVE-2018-8629
brianwrf/MicrosoftSecurity
Microsoft Security Guidance
brianwrf/POC-bomber
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
brianwrf/red_team_tool_countermeasures
brianwrf/redis-rogue-server
Redis(<=5.0.5) RCE
brianwrf/Rogue-MySql-Server
MySQL fake server for read files of connected clients
brianwrf/vt-cli
VirusTotal Command Line Interface