#Poc
Showing 60 of 92 repositories tagged #poc, ranked by stars
一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档
Gather and update all available and newest CVEs with their PoC.
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Modlishka. Reverse Proxy.
Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange
A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)
A Security Tool for Bug Bounty, Pentest and Red Teaming.
Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC
Miscellaneous exploit code
白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目
傻瓜式漏洞PoC测试框架
K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Automatically Collect POC or EXP from GitHub by CVE ID.
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
一个开源的、开箱即用的漏洞批量验证框架
🦄🔒 Awesome list of secrets in environment variables 🖥️
:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具
🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️
Recent CVE PoC & reproduction scripts. Focused on high-severity vulnerabilities across Linux kernel, Windows, macOS and more.
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.
Hacker, ready for more of our story ! 🚀
CMS渗透测试框架-A CMS Exploit Framework
🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip端口扫描,web服务链接爬取并发送给xray,对web服务进行POC漏洞扫描,对主机进行主机漏洞扫描。
Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
基于Burp插件开发打造渗透测试自动化
🔍 Github CVE POC 信息监控推送 🚀
3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
威胁情报-漏洞存储库
Tools for BugHunting
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Chromium Browser DoS Attack via document.title Exploitation
PoC_CVEs
Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)
Find CVE PoCs on GitHub
本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。
Hacking tools
Stop Learning, Start Hacking
phpMyAdmin XSS
Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G/LTE Routers
CVE-2025-68613: n8n RCE vulnerability exploit and documentation
CVE2PoC is a tool that helps penetration testers, bug hunters, and security researchers quickly find public exploits or PoCs related to a CVE ID
Proof of Concept (PoC) CVE-2021-4034
IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.
PoC: Blue-green deployment wih Docker Compose, Nginx, Consul and Registrator
CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation
Java Object Deserialization on Android
A penetration testing tool for odoo applications.
Wiki漏洞库管理系统&网络安全知识库-渗透测试常见漏洞知识库文档-该网站收集了Web应用层漏洞、中间件安全缺陷、系统配置不当、移动端(Android)安全问题、权限提升、RCE、网络设备及IOT安全。
Uses python3.10, Debian, python-Nmap, OpenaAI, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating.
GiveWP PHP Object Injection exploit
POC for a financial domain application.