Home / Python / Security related resources

Alibaba-Nacos-Unauthorized/ApacheDruid-RCE_CVE-2021-25646/MS-Exchange-SSRF-CVE-2021-26885/Oracle-WebLogic-CVE-2021-2109_RCE/RG-CNVD-2021-14536/RJ-SSL-VPN-UltraVires/Redis-Unauthorized-RCE/TDOA-V11.7-GetOnlineCookie/VMware-vCenter-GetAnyFile/yongyou-GRP-U8-XXE/Oracle-WebLogic-CVE-2020-14883/Oracle-WebLogic-CVE-2020-14882/Apache-Solr-GetAnyFile/F5-BIG-IP-CVE-2021-22986/Sonicwall-SSL-VPN-RCE/GitLab-Graphql-CNVD-2021-14193

关于POC 这里会把作者在各种环境中遇到的繁琐漏洞简化为POC工具,以便在后续中轻松发现与利用
Information
Category: Python / Security related resources
Watchers: 9
Star: 265
Fork: 60
Last update: Mar 29, 2021
Resource links
https://github.com/Yang0615777/PocList

雁不过衡阳的PocList

关于POC

这里会把作者在各种环境中遇到的繁琐漏洞简化为POC工具,以便在后续中轻松发现与利用
hdImg_1b0ab579408b4131cc236bb3cdfa67de16154477928

作者微信

mmqrcode1615447892452

关于使用

1.将收集到的地址放入txt文件,每行一个.

image

2.java -jar xx.jar

image

3.输入存放url的绝对路径

image

4.所有的POC都如此做即可

免责声明

此处提供的所有工具仅供授权状态下使用,如发生刑事案件,非授权攻击行为于本人无关.望大家熟知《网络安全法》.

感谢

最后别忘了给一些小星星,你的星星是我前进的动力.
u=3200983364,1634494944 fm=26 gp=0

编写的POC

Alibaba-Nacos-Unauthorized

ApacheDruid-RCE_CVE-2021-25646

MS-Exchange-SSRF-CVE-2021-26885

Oracle-WebLogic-CVE-2021-2109_RCE

RG-CNVD-2021-14536

RJ-SSL-VPN-UltraVires

Redis-Unauthorized-RCE

TDOA-V11.7-GetOnlineCookie

VMware-vCenter-GetAnyFile

yongyou-GRP-U8-XXE

Oracle-WebLogic-CVE-2020-14883

Oracle-WebLogic-CVE-2020-14882

Apache-Solr-GetAnyFile

F5-BIG-IP-CVE-2021-22986

Sonicwall-SSL-VPN-RCE

GitLab-Graphql-CNVD-2021-14193

Contents

    bluejoe2008 sql interface for solr cloud
    blake-fm Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228
    l0ggg VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
    omeroot Apache Solr nodejs wrapper
    r0ckysec CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
    darrenmartyn SonicWall SSL-VPN Exploit
    p0wershe11 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
    alibaba an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications.
    0nise weblogic-framework is the best tool for detecting weblogic vulnerabilities.
    SpiderMate Toolkit to detect and keep track on Blind XSS, XXE & SSRF
    Osyanina A vulnerability scanner that detects CVE-2021-21980 vulnerabilities.
    HariSekhon 450+ AWS, Hadoop, Cloud, Kafka, Docker, Elasticsearch, RabbitMQ, Redis, HBase, Solr, Cassandra, ZooKeeper, HDFS, Yarn, Hive, Presto, Drill, Impala, Consul, Spark, Jenkins, Travis CI, Git, MySQL, Linux, DNS, Whois, SSL Certs, Yum Security Updates, Kubernetes, Cloudera etc...
    apache Apache Lucene and Solr open-source search software
    r0eXpeR CVE-2021-22205 Unauthorized RCE
    ethicalhackingplayground SSRF plugin for burp Automates SSRF Detection in all of the Request
    alibaba Alibaba Dragonwell8 JDK
    aliyun Alibaba Cloud SDK for Go
    shmilylty vhost password decrypt
    jas502n gitlab version index
    Al1ex CVE-2020-36179~82 Jackson-databind SSRF&RCE
    jsdryan CVE-2021-26855 exp
    Share this repo

    Related Repos


    Security related res
    4
    CVE-2021-32099 SQLi allow attacker bypass login. From HTB with love
    l3eol3eo CVE-2021-32099 SQLi Bypass login Useful when trying to read User Flag on Pandora.htb CVE-2021-32099 SQLi allow attacker bypass login. Target Exploit o
     
    Security related res
    291
    HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907
    antx-code CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP
     
    Security related res
    40
    Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel cra...
    p0dalirius CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he
     
    Security related res
    8
    Methods & Tools for Mobile Malware Spyware & Forensics
    jonathandata1 Mobile & IOT Malware, Spyware, & Forensic Analysis Author: Jonathan Scott Twitter: @jonathandata1 Version 1.0 This repository contains methods, and to
     
    Security related res
    4
    Android Hacking Method 2022
    attakercyebr Program Features - 📌 Hack all Android phones. - 📌 Failure to detect antivirus. - 📌 Superior encryption - 📌 Source provided - 📌 100 ٪ FUD - 📌 It
     
    Security related res
    4
    Fast and easy way to rollout on multiple GitLab project file a particular content.
    Lujeni Volatile Fast and easy way to rollout on multiple GitLab project file a particular content. Why ? After looking for a tool to simply enforce a develop
     
    Security related res
    3
    Ultimate phishing tool ,A beginners friendly, Automated phishing tool in python. Author is...
    kumarvicku 🅼🅰🅳🅴 🆆🅸🆃🅷 🅿 🆈🆃🅷🅾🅽 🆅 🅿 🅷🅸🆂🅷🅴🆁 [+] 𝕯𝖊𝖘𝖈𝖗𝖎𝖕𝖙𝖎𝖔𝖓 : Ultimate phishing tool ,A beginners friendly, Automated phishing tool
     
    Security related res
    47
    A list of open source web security scanners
    psiinon open-source-web-scanners A list of open source web security scanners on GitHub. General Purpose Web Scanners Main Site Last Commit Committers Stars Ar
     
    Security related res
    9
    This is a Password database I made for myself, as I want to keep all my passwords in the s...
    vapen-hem This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password database, that can encrypt, decrypt files, and generate Passwords, pin codes, and encryption keys. It took me about 4 - 6 months to make (Total I spent like 2 - 3 making it, but there were a lot of times where I did not work on the program) It is not 100% fine-tuned, but it works very well as is.
     
    Security related res
    292
    Cuckoo 3 is a Python 3 open source automated malware analysis system.
    cert-ee Cuckoo 3 Cuckoo 3 is a Python 3 open source automated malware analysis system. For setup instructions, please refer to our documentation. This is a de
     
    Security related res
    30
    Useful resources about phishing email analysis
    LetsDefend Phishing Email Analysis Useful tools MX Lookup Online URL/Attachment Analysis Tools AnyRun Browserling Hybrid Analysis urlscan Reputation Check Virust
     
    Security related res
    13
    A small script I made that takes any standard Decklist of magic the gathering cards and pu...
    izzitmichaela README This small script takes any decklist from an MTGO list and pulls all card images as jpg or png files into your directory. If you like this pr
     
    Security related res
    6
    Automated tool to find & created Exploit Poc for Clickjacking Vulnerability
    Raiders0786 ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i
     
    Security related res
    4
    A passive-recon tool that parses through found assets and interacts with the Hackerone API...
    elbee-cyber Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to
     
    Security related res
    7
    Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.
    puzzlepeaches Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. Crossing the Log4j Horizon - A Vulnerability With No Retu