438 Resources
poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil
shfz A scenario-based web application fuzzng tool that supports fuzz generation
Vishnu(The Hidden Backdoor) Taken from the Trimurit, the triple deity of supreme
volana (moon in malagasy) { Use it ; 🌚(hide from); 🌞(detected by) } Shell comm
shellcode go语言免杀 使用方法 1.将cs生成的C的shellcode转变成hex字符串,把\x全部替换成空字符即可 2.将字符串复制到变量shel
log4j2-exp Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and
ldap-get Utility to safely fetch Java class files being served by LDAP servers,
divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/
CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build
CVE-2021-41277 Usage 1. show help info ~/CVE-2021-41277 ❯ go run main.go -h Usage of main: -f string File containing li
CVE-2021-43798 Grafana 8.x Path Traversal (Pre-Auth) All credits go to j0v and his tweet https://twitter.com/j0v0x0/status/1466845212626542607 Disclai
TrojanSourceFinder TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an atta
CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流,切勿用于非授权测试,否则与作者无关 -R string VPS to load tools eg: -R 127.0.0.1:8083 -T string Tool nam
blackJack blackJack是由Lumos框架的核心侦查功能独立出来的小工具 用于从大量的资产中进行Web指纹探测,提取有用的系统 Usage help λ blackJack.exe -h
Usage Usage of ./build/generate-nuclei-templates: -clone-path string Path to clone Wappalyzer repository (default "./wappalyzer") -debug
CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework.
go-cheat users friendly linux hacking library
CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purpose
This is a test middleware for Ginonic powered by Coraza Web Application Firewall. You may check the WAF documentation at coraza.io Looking for contrib
NipeJS Read list of JS files and look for sensitive data via regex. ☕ Install go get github.com/i5nipe/nipejs ☕ Regular expressions Download the file
This is very similar to GenericPotato - I referenced it heavily while researching. Gotato starts a named pipe or web server and waits for input. Once
REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality
CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。
🐸 Frog For Automatic Scan 🐶 Doge For Defense Evasion&Offensive Security 🐶 Doge-Process-Injection Demo of process injection, using Nt, direct syscal
Squealer Telling tales on you for leaking secrets! Squealer scans a local git repository for secrets that are being leaked deep within the commit hist
golicense - Go Binary OSS License Scanner golicense is a tool that scans compiled Go binaries and can output all the dependencies, their versions, and
Grasp Create strong passwords using words that are easy for you to remember A way to circumvent password complexity rules and restrictions while only
go-xss 根据白名单过滤 HTML(防止 XSS 攻击) go-xss is a module used to filter input from users to prevent XSS attacks go-xss是一个用于对用户输入的内容进行过滤,以避免遭受 XSS 攻击的模块
PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p
log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:
carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har
Struts2Scanner 可快速检测struts2漏洞,也可以批量检测。还可以对已检测出漏洞的网站执行shell命令
Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir
go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community
go-mbw 一个通过user32.dll调用 Windows 平台的MessageBoxW函数的 Go 语言库 A Go lib for call windows platform function MessageBoxW from user32.dll. 安装(Install) go get g
senv - safer env Friends don't let friends leak secrets in terminal windows. 📺 Print your environment to the terminal without worry.
WAFLab 🐾 WAFLab is a web-based platform for testing WAFs. Live Demo https://waflab.org/ Architecture WAFLab contains 2 parts: Name Description Langua
rootcerts Package rootcerts provides an embedded copy of the Mozilla Included CA Certificate List, more specifically the PEM of Root Certificates in M
sig-716i A CLI tool written in Go that can be used to disrupt wireless connectivity in the area accessible to your wireless interface. This tool scans
Medusa Fastest recursive HTTP fuzzer, like a Ferrari. Usage Usage: medusa [options...] Options: -u Single URL -uL
A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.
Description This project provide a program brute forcing the passphrase of a private key (EC/RSA). ℹ️ This project was created to allow me to learn th
goFunctionStomping FunctionStomping using golang Description This is a brand-new technique for shellcode injection to evade AVs and EDRs. This techniq
k-amon-k - Yet another log4j scanner Quick-n-Dirty installation Assuming you hav
vulnz - Use golang.org/x/vuln to scan your dependencies vulnz uses golang.org/x/vuln to scan the dependencies in your go.mod. Install go install githu
Mobile Security Hash Generator Project scope This little script is my first experiment using Go. I wrote it for my friend @marcotrumpet because he nee
AreYouOK? A minimal, fast & easy to use URL health checker Who is AreYouOk made for ? OSS Package Maintainers 📦️
spg spg is a tool that generates Spring profiles based on the current environment. If you develop your micro services with real environments and your
jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2
linkinjs - A Go based program to find links from list of Js files quickly Installation go get -u github.com/rc4ne/linkinjs Efficient Usage with other
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.
GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar
naclpipe NaCL Pipe Go Package Purpose A simple experimental Go package providing an io.Reader/io.Writer interface with an NaCL (pronounced 'Salt') cry
goArgonPass Travis: Drone: All hashing and crypto is done by Go library packages. This is only a utility package to make the process described easier.