/Exploit-Framework

:fire: An Exploit framework for Web Vulnerabilities written in Python

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Exploit-Framework

Backers on Open Collective Sponsors on Open Collective

Exploits:

Vendor Vulnerability Effected Version Description Author
zblog NOT_CVE <=1.5.1 Zblog Authenticated LFI @Shutdown_r
OpenSNS NOT_CVE <=3.31 OpenSNS UnAuthenticated GetShell @90sec
Joomla CVE-2015-8562 1.5<3.45 Joomla Header Unauthenticated RCE @Andrew McNicol
Codiad CVE-2017-11366 <=2.8.3 Codiad Authenticated RCE @WangYihang
Codiad CVE-2014-9581 <=2.4.3 Codiad Authenticated LFI @TaurusOmar
SeaCMS CVE-2017-17561 <=6.56 SeaCMS Authenticated GetShell @WangYihang
SeaCMS NOT_CVE <=6.28 SeaCMS UnAuthenticated RCE @没穿底裤
phpMoAdmin CVE-2015-2208 <=1.1.2 phpMoAdmin UnAuthenticated RCE Unknown
WordPress CVE-2017-5487 <4.7.1 WordPress Username Enumeration @Dctor
DedeCMS NOT_CVE <=5.6 DedeCms recommend.php SQL injection @没穿底裤
Kernel CVE-2016-5195 2.6.22<3.9 DirtyC0w Privilege Escalation @nowsecure

Video:

asciicast

WIKI:

https://github.com/WangYihang/Exploit-Framework/wiki

Contribution:

1. Guidance of writing exploit module

TODO:

  • 解析字符串
  • 深层模块化
  • 上下文栈维护
  • 日志
  • 自动补全
  • Exploit 搜索
  • Wiki
  • Exploit 规范
  • 维护 Reverse Shell (结合 Reverse-Shell-Manager)
  • Payload 模块
  • 免杀模块
  • 维护一句话木马 (结合 Webshell-Sniper)
  • 数据库
  • Web 前端

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]