Skip to content

Latest commit

 

History

History
104 lines (68 loc) · 2.77 KB

ProofofConcept_Exploit.md

File metadata and controls

104 lines (68 loc) · 2.77 KB

漏洞库及工具(POC,EXP)

Snyk漏洞库 https://github.com/snyk/vulndb

哈希长度扩展攻击EXP https://github.com/citronneur/rdpy

JAVA反序列化漏洞相关资源列表 https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

JBOSS verify & exp tool https://github.com/joaomatosf/jexboss

安卓十月漏洞POC https://github.com/jiayy/android_vuln_poc-exp

在sebug提交的漏洞详情及poc https://github.com/ganliuzhuo/Sebug

ExploitDB官方git版本 https://github.com/offensive-security/exploit-database

php漏洞代码分析 https://github.com/80vul/phpcodz

Parse: PHP安全扫码器 https://github.com/psecio/parse

NodeJsScan-Node.js应用静态安全代码扫码器 https://github.com/ajinabraham/NodeJsScan

CVE-2016-2107简单test程序 https://github.com/FiloSottile/CVE-2016-2107

CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547

JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial

JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits

Jenkins cli漏洞 https://github.com/CaledoniaProject/jenkins-cli-exploit

CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe

web攻击的范例docker环境(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp

php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override

XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost

scap安全指导 https://github.com/OpenSCAP/scap-security-guide

相对偏学术方向,有不少书籍、会议、报告等推荐 https://github.com/re-pronin/awesome-vulnerability-research

偏Web向的常见漏洞类型案例指导 https://github.com/ngalongc/bug-bounty-reference

13年到现在数十个CVE漏洞的PoC https://github.com/qazbnm456/awesome-cve-poc

恶意软件脚本集 https://github.com/seifreed/malware-scripts

一大波常见Web攻击Payloads https://github.com/foospidy/payloads

常见Web攻击Payloads https://github.com/swisskyrepo/PayloadsAllTheThings

OS X命令行、PowerShell命令行、Google Dorks、Shodan、exploit开发、Java反序列化等列表 https://github.com/coreb1t/awesome-pentest-cheat-sheets

EXP编写框架及工具:

漏洞赏金计划集合和著名赏金猎人博客列表 https://github.com/djadmin/awesome-bug-bounty

Exploit开发学习资源 https://github.com/FabioBaroni/awesome-exploit-development

二进制EXP编写工具 https://github.com/t00sh/rop-tool

CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools

python写的pwning开发IO库 https://github.com/zTrix/zio

跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida