影响版本:
Usage
python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog"
获取csrf-token:
通过 /users/sign_in 获取csrf-token 然后使用前面的 CVE-2021-22205 poc 进行构造上传包进行执行未经身份验证的上传请求,最终rce
ref:
Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.
CVE-2021-41773 Path Traversal for Apache 2.4.49
FTP-exploits FTP-exploits is a tool which is used for Penetration Testing that can run many kinds of exploits on port 21(FTP) Commands and Exploits Ex
Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py
gruvbox-factory 🏭 "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"
CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a
MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me
Data analysis Document here the project: DriverDrowsinessDetector Description: Project Description Data Source: Type of analysis: Please document the
There mainly three things here: MITMSDR spectrum Manual reverse shell MITMSDR Installation Clone the project and run the setup file: ./setup One of th
CVE-2021-26855 PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github Why does github remove this exploit because
Yobi Yara Based Detection for web browsers System Requirements Yobi requires python3 and and right now supports only firefox and other Gecko-based bro
FUD Keylogger That Reports To Discord This python script will capture all of the keystrokes within a given time frame and report them to a Discord Ser
ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,
Script hecho en python para sacar la informacion del numero de telefono, Hecha con el API de numverify
Python tool for enumerating directories and for fuzzing
Crowbar - A windows post exploitation tool Status - ✔️ This project is now considered finished. Any updates from now on will most likely be new script
CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill
Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol
5k Jan 05, 2023
37 Dec 06, 2022
3 Oct 20, 2021
1 Dec 26, 2021
39 May 24, 2022
430 Dec 27, 2022
10 Sep 25, 2022
1 Nov 12, 2021
22 Dec 29, 2022
3 Jul 03, 2022
2 Jul 26, 2022
58 Nov 15, 2022
44 Nov 20, 2022
36 Dec 20, 2022
18 Nov 22, 2021
5 Dec 03, 2022
5 Feb 21, 2022
29 Nov 20, 2022
7 Oct 06, 2021
1 Jan 13, 2022