Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (D…

Gather and update all available and newest CVEs with their PoC.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Empire is a PowerShell and Python 3.x post-exploitation framework.

vMass Bot 🪝 Vulnerability Scanner & Auto Exploiter Tool Written in Perl.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve…

DrayTek unauthenticated remote code execution vulnerability (CVE-2022-32548) in /cgi-bin/wlogin.cgi via username field

A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04)

A tool written in Go that scans files & directories for the Follina exploit (CVE-2022-30190)

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

A basic emulation of an "RPC Backdoor"

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.