cve-2022-23131
cve-2022-23131 zabbix-saml-bypass-exp
- replace [zbx_signed_session] to [cookie]
- sign in with Single Sign-On (SAML)
link: https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp
Overview
CVE 2020-14871 Solaris exploit
CVE 2020-14871 Solaris exploit This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems. The act
2 Oct 25, 2022
web指纹识别工具
前言 一直苦于没有用的顺手的web指纹识别工具,学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。
966 Dec 26, 2022
Mr.Holmes is a information gathering tool (OSINT)
🔍 Mr.Holmes Mr.Holmes is a information gathering tool (OSINT). Is main purpose is to gain information about domains,username and phone numbers with t
534 Jan 08, 2023
Extendable payload obfuscation and delivery framework
NSGenCS What Is? An extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Installation Requirements Currently
123 Dec 19, 2022
A tool to brute force a gmail account. Use this tool to crack multiple accounts
A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts
12 Dec 30, 2022
使用golang重写开源工具wafw00f
GO-WAFW00F 介绍 WAFW00F是一款优秀的web应用防火墙识别开源工具:https://github.com/EnableSecurity/wafw00f 使用Golang重写的原因:Python环境配置不便利,Golang打包生成可执行文件直接运行 目前还在开发阶段,规则解析存在小问题
80 Dec 30, 2021
Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率。
0x00 介绍 tig Threat Intelligence Gathering 威胁情报收集,旨在提高蓝队拿到攻击 IP 后对其进行威胁情报信息收集的效率,目前已集成微步、IP 域名反查、Fofa 信息收集、ICP 备案查询、IP 存活检测五个模块,现已支持以下信息的查询: ✅ 微步标签 ✅ I
698 Dec 09, 2022
Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use
Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use. Will try to add atleast 10 more tools currently use 7 sources to gather domains.
7 Jan 03, 2022
Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA
nds2elf Requirements nds2elf.py uses LIEF and template.elf to form a new binary. LIEF is available via pip: pip3 install lief Usage DSi and DSi-enhan
17 Aug 14, 2022
This is a simple Port Flooder written in Python 3.
This is a simple Port Flooder written in Python 3. Use this tool to quickly stress test your network devices and measure your router's or server's load.
4 Feb 20, 2022
Log4j command generator: Generate commands for CVE-2021-44228
Log4j command generator Generate commands for CVE-2021-44228. Description The vulnerability exists due to the Log4j processor's handling of log messag
1 Jan 03, 2022
The probability of having the password you want in the PassMaker is +90%!!
PasswordMaker Strong listing password Introduction The probability of having the password you want in the tool is +90%!! How to Install Open the termi
4 Sep 05, 2021
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network
NIVOS is a hacking tool that allows you to scan deeply , crack wifi, see people on your network. It applies to all linux operating systems. And it is improving every day, new packages are added. Than
263 Jan 01, 2023
Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems
KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for
35 Oct 25, 2022
Client script for the fisherman phishing tool
Client script for the fisherman phishing tool
1 Feb 23, 2022
A set of blender assets created for the $yb NFT project.
fyb-blender A set of blender assets created for the $yb NFT project. Install just as you would any other Blender Add-on (via Edit-Preferences-Add-on
1 May 06, 2022
Python APK Reverser & Patcher Tool
DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (
10 Oct 31, 2022
PoC encrypted diary in Python 3
Encrypted diary Sample program to store confidential data. Provides encryption in the form of AES-256 with bcrypt KDF. Does not provide authentication
1 Dec 25, 2021
A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability
log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java loggin
1.5k Jan 04, 2023
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature
rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate
33 Sep 23, 2022