CVE-2020-14756
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
README
project base on https://github.com/Y4er/CVE-2020-2555 and weblogic_cmd
test on 12.2.1.4.0 and jdk 1.8.0_221
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar
Overview
A Python wrapper around the OpenSSL library
pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where
795 Dec 29, 2022
Proof of Concept Exploit for vCenter CVE-2021-21972
CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972
210 Dec 31, 2022
Cobalt Strike Beacon configuration extractor and parser.
Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co
102 Dec 18, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.
SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m
9k Jan 08, 2023
Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.
GoodHound ______ ____ __ __ / ____/___ ____ ____/ / / / /___ __ ______ ____/ / / / __/ __ \/ __ \/ __
352 Jan 02, 2023
The self-hostable proxy tunnel
TTUN Server The self-hostable proxy tunnel. Running Running: docker run -e TUNNEL_DOMAIN=Your tunnel domain -e SECURE=True if using SSL ghcr.io/to
2 Jan 11, 2022
Show apps recorded storage files by jailbreak
0x101 Show registered storage files of apps by jailbreak Legal disclaimer: Usage of insTof for attacking targets without prior mutual consent is illeg
4 Oct 24, 2022
client attack remotely , this script was written for educational purposes only
client attack remotely , this script was written for educational purposes only, do not use against to any victim, which you do not have permission for it
9 Jun 05, 2022
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor
DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m
1 Jan 11, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than F
3 Nov 16, 2021
Provides script to download and format public IP lists related to the Log4j exploit.
Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.
1 Jan 02, 2022
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
MassDNS A high-performance DNS stub resolver MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amou
2.5k Jan 07, 2023
TCP/UDP port scanner on python, usong scapy and multiprocessin
Port Scanner TCP/UDP port scanner on python, usong scapy and multiprocessing. Usage python3 scanner.py [OPTIONS] IP_ADDRESS [{tcp|udp}[/[PORT|PORT-POR
1 Dec 05, 2021
自动化爆破子域名,并遍历所有端口寻找http服务,并使用crawlergo、dirsearch、xray等工具扫描并集成报告;支持动态添加扫描到的域名至任务;
AutoScanner AutoScanner是什么 AutoScanner是一款自动化扫描器,其功能主要是遍历所有子域名、及遍历主机所有端口寻找出所有http服务,并使用集成的工具进行扫描,最后集成扫描报告; 工具目前有:oneforall、masscan、nmap、crawlergo、dirse
633 Dec 30, 2022
Log4jake works by spidering a web application for GET/POST requests
Log4jake Log4jake works by spidering a web application for GET/POST requests. It will then automatically execute the GET/POST requests, filling any di
16 May 09, 2022
A web-app helping to create strong passwords that are easy to remember.
This is a simple Web-App that demonstrates a method of creating strong passwords that are still easy to remember. It also provides time estimates how long it would take an attacker to crack a passwor
2 Jun 04, 2021
A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals.
A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals. All your favorite hits in a simplified format.
2 Aug 03, 2022
This script allows you to make a onion host instantly.
Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct
4 Feb 22, 2022
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.
RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T
823 Dec 21, 2022
Dahua IPC/VTH/VTO devices auth bypass exploit
CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri
23 Dec 02, 2022