Scanner to find .env file and .git repository exposure on multiple hosts
Because of the response code from some hosts, it may have some false positives.
requests and argparse
pip3 install -r requirements.txt
Be careful with the output filename as it can be deleted if duplicated
python3 git_scan.py -t hosts.txt -o results.txt -f git or env
CVE-2022-1388 CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE. POST /mgmt/tm/util/bash HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */
PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o
Confusing the ISP & Escaping the Supercookie
NexScanner NexScanner is a tool which helps you scan a website for sub-domains and also to find login pages in the website like the admin login panel
zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload
Discord-Ban-Immunity Discord exploit allowing you to be unbannable. 9/3/2021 Found in late August. Found by Passive and Me. Explanation If a user gets
Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or
RDPY Remote Desktop Protocol in twisted python. RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client a
Microsoft_Exchange_Server_SSRF_CVE-2021-26855 zoomeye dork:app:"Microsoft Exchange Server" 使用Seebug工具箱及pocsuite3编写的脚本Microsoft_Exchange_Server_SSRF_CV
Let's Take The Bridge Pattern To The Next Level This video covers how the bridge
This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u
licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py
Spring Cloud Gateway 3.0.7 & 3.1.1 Code Injection (RCE) CVE: CVE-2022-22947 CVSS: 10.0 (Vmware - https://tanzu.vmware.com/security/cve-2022-22947)
CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202
LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r
Bypass ReCaptcha Bypass ReCaptcha is a Python script for dealing with recaptcha.
Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i
Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu
kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.
81 Dec 12, 2022
16 Dec 03, 2022
2 Nov 22, 2022
8 Sep 03, 2022
6 Aug 18, 2022
9 Nov 23, 2022
1 Dec 20, 2021
1.6k Dec 30, 2022
37 Nov 12, 2022
11 Jun 14, 2022
2 Jan 04, 2022
1 Oct 28, 2021
35 Dec 28, 2022
7 Mar 08, 2022
500 Jan 06, 2023
315 Dec 18, 2022
1 Jan 11, 2022
116 Jan 08, 2023
368 Jan 04, 2023
46 Dec 21, 2022