poc

There are 2492 repositories under poc topic.

  • xray

    chaitin/xray

    一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

    Language:Vue10.4k2104701.8k
  • ysoserial

    frohoff/ysoserial

    A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

    Language:Java7.8k2131051.8k

  • Mr-xn/Penetration_Testing_POC

    渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

    Language:HTML6.6k25572k

  • trickest/cve

    Gather and update all available and newest CVEs with their PoC.

    Language:HTML6.6k34850837

  • nomi-sec/PoC-in-GitHub

    📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

    6.5k432291.2k
  • K8tools

    k8gege/K8tools

    K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

    Language:PowerShell5.8k210272.1k
  • 1earn

    ffffffff0x/1earn

    ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

    Language:C++5.3k143101.2k
  • Ladon

    k8gege/Ladon

    Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

    Language:PowerShell4.9k9080862

  • zhzyker/exphub

    Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340

    Language:Python4.1k14961.1k

  • wy876/POC

    收集整理漏洞EXP/POC,大部分漏洞来源网络,目前收集整理了1200多个poc/exp,长期更新。

    4.1k18012874

  • Threekiii/Awesome-POC

    一个漏洞POC知识库 目前数量 1000+

    3.7k812770

  • zan8in/afrog

    A Security Tool for Bug Bounty, Pentest and Red Teaming.

    Language:Go3.5k53112395

  • qazbnm456/awesome-cve-poc

    ✍️ A curated list of CVE PoCs.

    3.3k3233722

  • Notselwyn/CVE-2024-1086

    Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

    Language:C2.3k2316298

  • tr0uble-mAker/POC-bomber

    利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点

    Language:Python2.3k3839379

  • Ascotbe/Medusa

    :cat2:Medusa是一个红队武器库平台,目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能,持续开发中

    Language:Python2.2k4451338
  • LadonGo

    k8gege/LadonGo

    Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

    Language:Go1.6k3219297

  • XiphosResearch/exploits

    Miscellaneous exploit code

    Language:Python1.5k13813587

  • Lucifer1993/AngelSword

    Python3编写的CMS漏洞检测框架

    Language:Python1.5k6011517

  • jweny/pocassist

    傻瓜式漏洞PoC测试框架

    Language:Go1.4k2949245

  • BaizeSec/bylibrary

    白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

    Language:HTML1.4k447378

  • danigargu/CVE-2020-0796

    CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

    Language:C1.3k347343

  • c0ny1/FastjsonExploit

    Fastjson vulnerability quickly exploits the framework(fastjson漏洞快速利用框架)

    Language:Java1.3k158170
  • K8CScan

    k8gege/K8CScan

    K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

    Language:Python1.3k349341

  • tenable/poc

    Proof of Concepts

    Language:Python1.2k1140313

  • bit4woo/Fiora

    Fiora:漏洞PoC框架Nuclei的图形版。快捷搜索PoC、一键运行Nuclei。即可作为独立程序运行,也可作为burp插件使用。

    Language:Java1.2k1621142

  • Lucifer1993/SatanSword

    红队综合渗透框架

    Language:Python1.2k186212

  • 1n7erface/PocList

    Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193/D-Link-DCS-CVE-2020-25078/WLAN-AP-WEA453e-RCE/360TianQing-Unauthorized/360TianQing-SQLinjection/FanWeiOA-V8-SQLinjection/QiZhiBaoLeiJi-AnyUserLogin/QiAnXin-WangKangFirewall-RCE/金山-V8-终端安全系统/NCCloud-SQLinjection/ShowDoc-RCE

    Language:Java1.1k363319

  • 1n7erface/Template

    Next generation RedTeam heuristic intranet scanning | 下一代RedTeam启发式内网扫描

    1.1k1834120

  • arthepsy/CVE-2021-4034

    PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

    Language:C1.1k154305

  • Puliczek/CVE-2021-44228-PoC-log4j-bypass-words

    🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

    Language:Java935255142

  • ycdxsb/PocOrExp_in_Github

    Automatically Collect POC or EXP from GitHub by CVE ID. If you are unable to find the POC/EXP on GitHub, you can also check here: https://pocorexps.nsa.im/

    Language:Python924424199

  • Puliczek/awesome-list-of-secrets-in-environment-variables

    🦄🔒 Awesome list of secrets in environment variables 🖥️

    86720475

  • tenable/routeros

    RouterOS Security Research Tooling and Proof of Concepts

    Language:C++8671130383

  • 100apps/charles-hacking

    Hacking Charles Web Debugging Proxy

    8276922162

  • bigblackhat/oFx

    漏洞批量验证框架

    Language:Python8102310160