Hacking Windows through iTunes  - Local Privilege Escalation 0-day

Materials for CVE-2024-30052.

通过Dump内存读取ToDesk设备代码、连接密码

PoC for the CVE-2022-41080 , CVE-2022-41082 and CVE-2022-41076 Vulnerabilities Affecting Microsoft Exchange Servers

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

i will upload all the books that helped me in learning in this repo

writeup on stealing roblox accounts with Solara

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

The best tools and resources for forensic analysis.

Proof of Concept Exploit for CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability

Create tar/zip archives that try to exploit zipslip vulnerability.

Awesome-Cellular-Hacking

漏洞文库 wiki.wy876.cn

UEditor编辑器批量GetShell / Code By:Tas9er

主流供应商的一些攻击性漏洞汇总

Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

Tomcat常见漏洞GUI利用工具。CVE-2017-12615 PUT文件上传漏洞、tomcat-pass-getshell 弱认证部署war包、弱口令爆破、CVE-2020-1938 Tomcat AJP文件读取/包含

JNDI 注入利用工具, 支持 RMI, LDAP 和 LDAPS 协议, 包含多种高版本 JDK 绕过方式 | A JNDI injection exploit tool that supports RMI, LDAP and LDAPS protocols, including a variety of methods to bypass higher-version JDK

泛微最近的漏洞利用工具（PS：2023）

FunJni(JNITrace & hook ,So分析神器 )

此项目为su18大佬的仓库镜像

一款Spring综合漏洞的利用工具，工具支持多个Spring相关漏洞的检测以及利用

【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。

vshell 是一款安全对抗模拟、红队工具。提供隧道代理和隐蔽通道，模拟长期潜伏攻击者的策略和技术