95 Resources
Golang cve-2021-44228 Libraries
Simple webhook to block exploitation of CVE-2022-0811
webhook-cve-2022-0811 This is a really simple webhook that just blocks pod creation if malicious sysctl values are configured. Build go test CGO_ENABL
Vulnerability scanner for Spring4Shell (CVE-2022-22965)
go-scan-spring Vulnerability scanner to find Spring4Shell (CVE-2022-22965) vulnerabilities For more information: https://www.fracturelabs.com/posts/ef
A golang based exp for CVE-2021-4034 dubbed pwnkit (more features added......)
PwnKit-go-LPE (CVE-2021-4034) A golang based exp for CVE-2021-4034 dubbed pwnkit @@@@@@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@@
A pure-Go implementation of the CVE-2021-4034 PwnKit exploit
go-PwnKit A pure-Go implementation of the CVE-2021-4034 PwnKit exploit. Installation git clone [email protected]:OXDBXKXO/go-PwnKit.git cd go-PwnKit make
Pwnkit-go - Exploit for the PwnKit vulnerability, CVE-2021-4034, written in Go
Pwnkit-go This is a working exploit for the pwnkit vulnerability, CVE-2021-4034,
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034
CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C
Poc-cve-2021-4034 - PoC for CVE-2021-4034 dubbed pwnkit
poc-cve-2021-4034 PoC for CVE-2021-4034 dubbed pwnkit Compile exploit.go go buil
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205
My solutions for Advent of Code 2021.
My solutions for Advent of Code 2021 in go. The solution and input data (i.e. my custom input data) for day XX is contained in the subdirectory dayXX.
Discover and remediate Log4Shell vulnerability [CVE-2021-45105]
sakuraji_log4j This tool is used to discover and remedidate the Log4Shell vulnerability [CVE-2021-45105] by removing the 'JndiLookup.class' file from
A Smart Log4Shell/Log4j/CVE-2021-44228 Scanner
Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner Introduction While there have some excellent tools released to help organizations scan their envir
Advent of Code 2021 solutions using Go 1.18 Generics
advent-of-code-2021 Here are my solutions for Advent of Code 2021. This year, I chose to write my solutions using Go 1.18 with generics (by building t
Code and slides from the talk "A golang CLI to rule them all" at JavaZone 2021
A Golang CLI to rule them all This is a repo for the slides and the code that were showed at the presentation with the same title at the JavaZone conf
Detect and fix log4j log4shell vulnerability (CVE-2021-44228)
log4fix This tool is to detect and fix the log4j log4shell vulnerability (CVE-2021-44228) by looking and removing the JndiLookup class from .jar/.war/
A Log4J Version 2 Detector written in golang
Installation From source: go install github.com/juergenhoetzel/log4j2go/cmd/log4
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote
Check and exploit log4j2 vulnerability with single Go program.
Log4Shell Check and exploit log4j2 vulnerability with single Go program. You don't need to install anything except develop it. It supports ldaps and h
Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
log4j-remediation-tools Tools for finding and reproducing the CVE-2021-44228 log4j2 vulnerability Tools find-vulnerabilities: determine heuristically
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Minecraft Log4j Honeypot This honeypots runs fake Minecraft server (1.7.2 - 1.16.5 without snapshots) waiting to be exploited. Payload classes are sav
A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
LogMePwn A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability. With enough amo
A little repository for my Advent of Code 2021 solutions in Go
Advent of Code 2021 What's this repo all about? Well, this is a collection of code written in Golang to solve the daily problems presented in Advent o
Advent of code — Programming Christmas Puzzles
Advent-of-code-2021 Advent of code — Programming Christmas Puzzles ★ - both the first and the second parts are solved ☆ - only the first part is solve
Tool to check whether one of your applications is affected by a vulnerability in log4j: CVE-2021-44228
log4shell.tools log4shell.tools is a tool allows you to run a test to check whether one of your applications is affected by a vulnerability in log4j:
Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability (CVE-2021-44228)
scan4log4shell Scanner to send specially crafted requests and catch callbacks of systems that are impacted by Log4J Log4Shell vulnerability CVE-2021-4
Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS
log4j-scanner Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OS. Example Usage Usage .\log4j-scanner.exe Terminal is used to output resul
Pact: a consumer-driven contract testing framework
CDC Pact Pact is a consumer-driven contract testing framework. Born out of a microservices boom, Pact was created to solve the problem of integration
"From Zero to Hero with Go and Dapr" presented at GopherCon 2021
From Zero to Hero with Go and Dapr Slides This is a Go application demonstrating the key features of Dapr with a few different approaches. My goal is
Dockerized Go app for testing the CVE-2021-44228 vulnerability
docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr
Divd 2021 00038 log4j scanner
divd-2021-00038--log4j-scanner This scanner will recursively scan paths including archives for vulnerable log4j versions and org/apache/logging/log4j/
Simple local scanner for vulnerable log4j instances
Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find
A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.
jndi-ldap-test-server This is a minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.
log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in
PoC for CVE-2021-41277
CVE-2021-41277 PoC Metabase is an open source data analytics platform. Local File Inclusion issue has been discovered in some versions of metabase. He
A small server for verifing if a given java program is succeptibel to CVE-2021-44228
CVE-2021-44228-Test-Server A small server for verifing if a given java program is succeptibel to CVE-2021-44228 Usage Build the program using go build
Advent of code 2021 solutions by: me :)
Advent of code 2021 These are my solutions for the advent of code 2021 event. My idea is to solve all the problems in go, but I may use another langua
Example ReSTFul Server in Golang - SBU-Snapp-School
students.go Introduction ReSTful API to create, update, retrieve and delete students from a datastore. Requests needs validation, package needs tests,
Solutions to Advent-of-Code 2021, in Go.
🎄 advent-of-code-2021 🎄 Solutions to 2021 Advent of code. Summary Advent of Code is an annual advent-calendar of programming puzzles. Here are my 20
Advent of Code 2021 (Go)
Advent of Code 2021 (Go) This project includes an implementation of the Advent of Code 2021 problems, implemented in Go. These are ports from my C# so
Explores GitHub Actions in Go Lab from GopherCon 2021
Gopher A Tweet An action that tweets. Gopher A Tweet was created based on GopherCon 2021s Gophers of Microsoft: GitHub Action in Go Lab to explore bui
🎄 My code for the Advent of Code of year 2021 in Go.
Advent of Code 2021 This repository contains all code that I wrote for the Advent of Code 2021. This year I chose to try and learn Go. Enjoy! Built wi
Grafana Unauthorized arbitrary file reading vulnerability
CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 8.3.1 (2021-12-07) Security: Fixes CVE-2021-43798 . For more information, see
Grafana Arbitrary File Reading Vulnerability
GrafanaArbitraryFileRead Usage 1. show info ❯ go run main.go -s [INF] VulnInfo: { "Name": "Grafana Ar
Blackwing FemtoCTF 2021
Blackwing FemtoCTF 2021 FemtoCTF is a tiny CTF we made to help us identify qualified candidates to join our team of security researchers. Unlike tradi
A non-go engineer tries to write Go to solve Advent of Code
Wherein an engineer (who primarily uses Kotlin, Java, Scala and C#) tries to teach themselves Go by solving Advent of Code challenges. It's... not pre
2021 pingcap talent-plan tinykv
The TinyKV Course The TinyKV course builds a key-value storage system with the Raft consensus algorithm. It is inspired by MIT 6.824 and TiKV Project.
CVE-2021-43798 - Grafana 8.x Path Traversal (Pre-Auth)
CVE-2021-43798 Grafana 8.x Path Traversal (Pre-Auth) All credits go to j0v and his tweet https://twitter.com/j0v0x0/status/1466845212626542607 Disclai
Govircon 2021 beginner's workshop: Pac Man from Scratch
Pac Man from Scratch Welcome to the Govircon 2021 beginner's workshop! In this course you will learn the basics of the Go programming language while b
A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
PewSWITCH A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157. Related blog: https://0xinfection.github.io/p
The GopherCon 2021 "Production AI with Go" workshop materials.
GopherCon 2021 "Production AI with Go" Workshop Machine learning and artificial intelligence (ML/AI) applications are increasingly colliding with the
CVE 2021 41277
CVE-2021-41277 Usage 1. show help info ~/CVE-2021-41277 ❯ go run main.go -h Usage of main: -f string File containing li
Advent of code solutions in Golang
Advent of Code go solutions This repo contains my solutions in Golang for advent of code (P.S: I am using this opportunity to learn new language most
My solutions for 2021's Advent of Code
Advent of Code 2021 These are my solutions to this year's Advent of Code. I used it as an excuse to practice with a language which I'm not yet very fa
Advent of Code 2021, this time in Go
Go Lang Notes Advent of Code Day 3 The distinction between chars and bytes is a bit annoying. I got tripped up by doing: int(str[pos]) which gives yo
Advent of Code 2021, experiment in learning Go
aoc_2021 Advent of Code 2021, experiment in learning Go To run, open a terminal in the root folder of the project and run with go run . day to run
Advent of Code 2021 example implementation
Advent of Code 2021 example implementation Structure assets/puzzles/day.txt contains the puzzle inputs. cmd/day/main.go contains the source code d
CVE-2021-22205 RCE
CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流,切勿用于非授权测试,否则与作者无关 -R string VPS to load tools eg: -R 127.0.0.1:8083 -T string Tool nam
Advent of Code 2021 - Time to learn Go
aoc2021 Advent of Code 2021 - Time to learn Go Will contain my solutions for aoc2021, so avoid reading the files in .src/aoc2021/ unless you want spoi
Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like.
Advent of Code 2021 Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved
Finished snippets I did for Advent of Code 2021.
Advent of Code 2021 This repository includes my Go code for the Advent of Code 2021. If you want to solve the puzzles yourself first, do so, then look
Alexandra Ocasio-Cortez, 2021
AOC 2021 These are my solutions for the Advent of Code 2021 challenge. I don't have any particular goals but I'll be writing my solutions in Go to pra
Advent of Code 2021 https://adventofcode.com/2021
AOC 2021 How to use Not sure yet. Maybe cd into your day folder and go run, or maybe better to try go test Dev environment Open in VSCode, enable (Rem
A CVE-2021-22205 Gitlab RCE POC written in Golang
Golang-CVE-2021-22205-POC A bare bones CVE-2021-22205 Gitlab RCE POC written in Golang which affects Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitl
Distributed Systems 2021 -- Miniproject 3
Mini_Project3 == A Distributed Auction System == You must implement a distributed auction system using replication: a distributed component which hand
Distributed Systems 2021 - Miniproject 3
Distributed Systems 2021 -- Miniproject 3 Hand-in Date: 1 December 2021 (at 23:59) What to submit on learnit: a single zip-compressed file containing:
An easy-to-use Map Reduce Go parallel-computing framework inspired by 2021 6.824 lab1. It supports multiple workers on a single machine right now.
MapReduce This is an easy-to-use Map Reduce Go framework inspired by 2021 6.824 lab1. Feature Multiple workers on single machine right now. Easy to pa
Go beyond your proxy
"Go" beyond your proxy 必要なもの Docker 問題 以下のイメージを実行すると 8000 番ポートで HTTP サーバが起動します。起動するサーバは本リポジトリに含まれる main.go の実装です。HTTP リクエストを投げて flag.txt に含まれる秘密の答えを見つ
An annual Advent calendar of programming puzzles
🎄 Advent of Code 2021 🎄 Summary Advent of Code is an annual Advent calendar of programming puzzles. This year I am doing it in Go and Python. Runnin
Entry for 2021 Game Off
Cr1ck_t Still very WIP! Entry for 2021 Game Off, themed "BUG". I'll add a link to the submission when it's published. You may be interested in help fo
Advent of Code 2021 Solutions
Advent of Code 2021 Solutions for the 2021 Advent of Code Building This project makes use of Go 1.17. go mod download go test ./... Running the Soluti
UCSD CSE 124 Fall 2021 Project 3 Starter Code
Surfstore This is the starter code for Module 3: Surfstore. Before you get started, make sure you understand the following 2 things about Go. (These w
PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS
CVE-2015-1635 PoC for CVE-2015-1635 / MS15-034 - HTTP.sys Allows Remote Code Execution / Check & DOS ./MS15-034 URL RESOURCE FLAG [0 or 18] Note
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.
CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant [email protected] Background Today GuidePoint
Unofficial but convenient Go wrapper around the NVD API
NVD API The NVD API is an unofficial Go wrapper around the NVD API. Supports: CVE CPE How to use The following shows how to basically use the wrapper
Code for the keycloak demo for the talk I gave at blablaconf 2021
This demo illustrates the usage of keycloak to secure several service accross different clients using roles. How to Run: From a terminal you need to r
The NVD API is an unofficial Go wrapper around the NVD API.
NVD API The NVD API is an unofficial Go wrapper around the NVD API. Supports: CVE CPE How to use The following shows how to basically use the wrapper
Exploit for remote command execution in Golang go get command.
CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta
Golang Clean Architecture based on Uncle Bob's Clean Architecture and Summer internship in 2021
clean-architecture-api Description This is an example of implemention of Clean Architecture in Golang projects. This project has 4 layer : Infrastruct
Bot para o discord escrito em Golang durante o workshop ministrado na Codecon 2021
Codecon Bot Bot para o discord escrito em Golang durante o workshop ministrado na Codecon 2021 Primeiramente no arquivo main.go coloque o TOKEN do bot
System Design course at HSE (2021)
System Design course at HSE (2021) Wiki-страница курса Структура репозитория: slides - директория с презентациями с занятий tasks - материалы для выпо
Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs.
CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework.
CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE)
CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purpose
Confluence OGNL Injection [CVE-2021-26084].
CVE-2021-26084 this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084]. git clone https://github.com/march0s1as/CVE-
CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻💻
CVE-2021-3449 OpenSSL 1.1.1k DoS exploit Usage: go run . -host hostname:port This program implements a proof-of-concept exploit of CVE-2021-3449 affe
bytecamp 2021 project
Calldiff 背景 复杂项目的日常迭代中,研发同学想了解某个改动的影响点,往往需要深入代码细节才能获得尽可能全的 checklist 。然而,由于项目的复杂性,我们获得的 checklist 又难免会有一些遗漏。 为了减轻研发同学的心智负担,辅助同学们更有效地保证服务稳定性,本项目应运而生。 本
Một script nho nhỏ viết bằng Go để crawl toàn bộ điểm thi THPTQG-2021
Crawl toàn bộ điểm thi THPTQG-2021 Một script nho nhỏ viết bằng Go để crawl toàn bộ điểm thi THPTQG-2021, mình đã crawl sẵn toàn bộ ở đây: https://dri
Exploit for HiveNightmare - CVE-2021–36934
HiveNightmare this is a quick and dirty exploit for HiveNightmare (or SeriousSam) - CVE-2021–36934 This allows non administrator users to read the SAM
全新的开源漏洞测试框架,实现poc在线编辑、运行、批量测试。使用文档:
pocassist是一个 Golang 编写的全新开源漏洞测试框架。 简单易用 只需要在前端编辑,即可生成poc对批量目标进行测试 单二进制文件,无依赖,也无需安装 性能优秀 支持高并发,通过使用 ants实例化协程池,复用 goroutine 多重内存复用,尽可能小的内存占用 规则体系 完全兼容x
CVE-2021-26855 exp
CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不
vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????)
REALITY_SMASHER vRealize RCE + Privesc (CVE-2021-21975, CVE-2021-21983, CVE-0DAY-?????) "As easy to stop as it is to comprehend." What is it? "Reality
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •
CVE-2021-26855 exp
CVE-2021-26855 CVE-2021-26855 ssrf 简单利用 golang 练习 影响版本 Exchange Server 2013 小于 CU23 Exchange Server 2016 小于 CU18 Exchange Server 2019 小于 CU7 利用条件 该漏洞不
CVE-2021-21978 exp
CVE-2021-21978 CVE-2021-21978 RCE exp 影响版本 VMware View Planner Harness 4.X 与 CVE-2021-21978 类似,该漏洞可以在未授权访问的情况下,上传任意文件,并通过修改自带 py 脚本实现远程代码执行。
Auto Judger for BUAA-SE-OOP Course (2021 Spring)
patpat Auto Judger for BUAA-SE-OOP Course (2021 Spring) 1. 评测机使用方法 1.1. 一些准备工作 1.1.1. 下载评测机 见 GitHub 中的 Releases,下载对应版本即可。目前提供 Windows, Linux, MacOS(I
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson
Wprecon, is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go.
WPrecon (Wordpress Recon) Hello! Welcome. Wprecon (Wordpress Recon), is a vulnerability recognition tool in CMS Wordpress, 100% developed in Go. Featu