#Poc

Showing 60 of 92 repositories tagged #poc, ranked by stars

chaitin
chaitin
xray

一款长亭自研的完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

Score
94
★ 11.6k ⑂ 1.9k +4/day
Vue
trickest
trickest
cve

Gather and update all available and newest CVEs with their PoC.

Score
97
★ 7.9k ⑂ 976 +7/day
HTML
nomi-sec
nomi-sec
PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Score
98
★ 7.9k ⑂ 1.3k +4/day
Mr-xn
Mr-xn
Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Score
100
★ 7.4k ⑂ 2.0k +7/day
HTML
k8gege
k8gege
K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)

Score
92
★ 6.2k ⑂ 2.1k +5/day
PowerShell
ffffffff0x
ffffffff0x
1earn

ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

Score
91
★ 5.7k ⑂ 1.3k +1/day
C++
drk1wi
drk1wi
Modlishka

Modlishka. Reverse Proxy.

Score
100
★ 5.4k ⑂ 948 +9/day
Go
k8gege
k8gege
Ladon

Ladon大型内网渗透扫描器,PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell,支持批量A段/B段/C段以及跨网段扫描,支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)或方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等,大量高危漏洞检测模块MS17010、Zimbra、Exchange

Score
89
★ 5.3k ⑂ 881
C#
gommzystudio
gommzystudio
device-activity-tracker

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

Score
0
★ 5.0k ⑂ 693
TypeScript
zan8in
zan8in
afrog

A Security Tool for Bug Bounty, Pentest and Red Teaming.

Score
80
★ 4.3k ⑂ 474 +3/day
Go
adysec
adysec
nuclei_poc

Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC

Score
95
★ 2.1k ⑂ 474 +1/day
XiphosResearch
XiphosResearch
exploits

Miscellaneous exploit code

Score
83
★ 1.6k ⑂ 584
Python
BaizeSec
BaizeSec
bylibrary

白阁文库是白泽Sec安全团队维护的一个漏洞POC和EXP公开项目

Score
80
★ 1.5k ⑂ 385 +1/day
HTML
jweny
jweny
pocassist

傻瓜式漏洞PoC测试框架

Score
77
★ 1.4k ⑂ 246
Go
k8gege
k8gege
K8CScan

K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

Score
79
★ 1.3k ⑂ 330
Python
ycdxsb
ycdxsb
PocOrExp_in_Github

Automatically Collect POC or EXP from GitHub by CVE ID.

Score
100
★ 1.2k ⑂ 236
Python
Puliczek
Puliczek
CVE-2021-44228-PoC-log4j-bypass-words

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Score
73
★ 950 ⑂ 135
Java
bigblackhat
bigblackhat
oFx

一个开源的、开箱即用的漏洞批量验证框架

Score
50
★ 912 ⑂ 162 +912/day
Python
Puliczek
Puliczek
awesome-list-of-secrets-in-environment-variables

🦄🔒 Awesome list of secrets in environment variables 🖥️

Score
71
★ 909 ⑂ 77
yqcs
yqcs
prismx

:: Prism X · Automated Enterprise Network Security Risk Detection and Vulnerability Scanning Tool / 棱镜 X · 自动化企业网络安全风险检测、漏洞扫描工具

Score
60
★ 829 ⑂ 87 +3/day
Go
Puliczek
Puliczek
awesome-mcp-security

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

Score
88
★ 721 ⑂ 170 +3/day
Unclecheng-li
Unclecheng-li
poc-lab

Recent CVE PoC & reproduction scripts. Focused on high-severity vulnerabilities across Linux kernel, Windows, macOS and more.

Score
75
★ 717 ⑂ 114 +20/day
C
Spacial
Spacial
awesome-csirt

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Score
85
★ 638 ⑂ 109 +4/day
C
XiaomingX
XiaomingX
data-cve-poc

这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 This repository collects all CVE exploits found on GitHub.

Score
86
★ 614 ⑂ 134 +2/day
Java
LockGit
LockGit
Hacking

Hacker, ready for more of our story ! 🚀

Score
70
★ 587 ⑂ 172 +1/day
Python
CHYbeta
CHYbeta
cmsPoc

CMS渗透测试框架-A CMS Exploit Framework

Score
68
★ 582 ⑂ 161
Python
komomon
komomon
Komo

🚀Komo, a comprehensive asset collection and vulnerability scanning tool. Komo 一个综合资产收集和漏洞扫描工具,集成了20余款工具,通过多种方式对子域进行获取,收集域名邮箱,进行存活探测,域名指纹识别,域名反查ip,ip端口扫描,web服务链接爬取并发送给xray,对web服务进行POC漏洞扫描,对主机进行主机漏洞扫描。

Score
61
★ 565 ⑂ 65
Python
raphaelsc
raphaelsc
Am-I-affected-by-Meltdown

Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

Score
59
★ 541 ⑂ 68
C++
pr0v3rbs
pr0v3rbs
CVE-2025-32463_chwoot

Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463

Score
100
★ 527 ⑂ 96
Shell
dongfangyuxiao
dongfangyuxiao
BurpExtend

基于Burp插件开发打造渗透测试自动化

Score
55
★ 420 ⑂ 78
HTML
sari3l
sari3l
Poc-Monitor

🔍 Github CVE POC 信息监控推送 🚀

Score
40
★ 413 ⑂ 69 +1/day
Go
k8gege
k8gege
CVE-2019-0708

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

Score
65
★ 389 ⑂ 188
Python
TeraSecTeam
TeraSecTeam
ary

Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。

Score
53
★ 339 ⑂ 54
adminlove520
adminlove520
Poc-Monitor_v1.0.1

威胁情报-漏洞存储库

Score
20
★ 251 ⑂ 29
Go
thehackingsage
thehackingsage
bughunter

Tools for BugHunting

Score
48
★ 249 ⑂ 75 +1/day
Python
c0r0n3r
c0r0n3r
dheater

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)

Score
82
★ 216 ⑂ 29 +1/day
Python
1N3
1N3
Exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

Score
50
★ 208 ⑂ 102
Python
k8gege
k8gege
PowerLadon

Ladon hacking Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC

Score
47
★ 199 ⑂ 59 +1/day
PowerShell
jofpin
jofpin
brash

Chromium Browser DoS Attack via document.title Exploitation

Score
56
★ 179 ⑂ 6
JavaScript
tg12
tg12
PoC_CVEs

PoC_CVEs

Score
76
★ 172 ⑂ 23
Shell
yevh
yevh
VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Score
100
★ 166 ⑂ 24
trickest
trickest
find-gh-poc

Find CVE PoCs on GitHub

Score
42
★ 163 ⑂ 26
Go
xu-xiang
xu-xiang
awesome-security-vul-llm

本项目通过大模型联动爬虫,检索Github上所有存有有价值漏洞信息与漏洞POC或规则信息的项目,并自动识别项目的目录结构、Readme信息后进行总结分析并分类,所汇总的项目可以帮助安全行业从业者收集漏洞信息、POC信息、规则等。

Score
41
★ 161 ⑂ 21
YasserGersy
YasserGersy
cazador_unr

Hacking tools

Score
45
★ 149 ⑂ 57
onealmond
onealmond
hacking-lab

Stop Learning, Start Hacking

Score
39
★ 142 ⑂ 26
Python
dipakpanchal05
dipakpanchal05
CVE-2022-23808

phpMyAdmin XSS

Score
36
★ 114 ⑂ 23
actuator
actuator
DEFCON-33

Hacking Hotspots: Pre-Auth Remote Code Execution, Arbitrary SMS & Adjacent Attacks on 5G & 4G/LTE Routers

Score
74
★ 102 ⑂ 18
wioui
wioui
n8n-CVE-2025-68613-exploit

CVE-2025-68613: n8n RCE vulnerability exploit and documentation

Score
58
★ 101 ⑂ 22
0liverFlow
0liverFlow
CVE2PoC

CVE2PoC is a tool that helps penetration testers, bug hunters, and security researchers quickly find public exploits or PoCs related to a CVE ID

Score
25
★ 99 ⑂ 20
Python
luijait
luijait
PwnKit-Exploit

Proof of Concept (PoC) CVE-2021-4034

Score
33
★ 98 ⑂ 18
C
Esonhugh
Esonhugh
ingressNightmare-CVE-2025-1974-exps

IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.

Score
0
★ 97 ⑂ 14
Go
Sinkler
Sinkler
docker-nginx-blue-green

PoC: Blue-green deployment wih Docker Compose, Nginx, Consul and Registrator

Score
25
★ 91 ⑂ 31
Shell
kljunowsky
kljunowsky
CVE-2022-41040-POC

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

Score
27
★ 91 ⑂ 12
Python
l4rm4nd
l4rm4nd
CVE-2025-55182

Docker poc lab for CVE-2025-55182 / CVE-2025-66478 (React2Shell) detection and exploitation

Score
75
★ 86 ⑂ 27
JavaScript
modzero
modzero
modjoda

Java Object Deserialization on Android

Score
0
★ 86 ⑂ 12
Java
MohamedKarrab
MohamedKarrab
odoomap

A penetration testing tool for odoo applications.

Score
62
★ 85 ⑂ 12
Python
SecNN
SecNN
SecNN-Wiki

Wiki漏洞库管理系统&网络安全知识库-渗透测试常见漏洞知识库文档-该网站收集了Web应用层漏洞、中间件安全缺陷、系统配置不当、移动端(Android)安全问题、权限提升、RCE、网络设备及IOT安全。

Score
50
★ 83 ⑂ 22
morpheuslord
morpheuslord
Nmap-API

Uses python3.10, Debian, python-Nmap, OpenaAI, and flask framework to create a Nmap API that can do scans with a good speed online and is easy to deploy. This is a implementation for our college PCL project which is still under development and constantly updating.

Score
29
★ 81 ⑂ 19
HTML
EQSTLab
EQSTLab
CVE-2024-5932

GiveWP PHP Object Injection exploit

Score
18
★ 77 ⑂ 10
Python
gustavofreze
gustavofreze
financial

POC for a financial domain application.

Score
100
★ 77 ⑂ 3
Kotlin
Related Topics
#security#exploit#vulnerability#hacking#cve#pentesting#pentest#bugbounty#penetration-testing#security-tools#exp#scanner

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly