RmiTaste – Allows Security Professionals To Detect, Enumerate, Interact And Exploit RMI Services By Calling Remote Methods With Gadgets From Ysoseria

RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial. It also allows to call remote method with specific parameters. Disclaimer RmiTaste was written to aid security professionals in identifying insecure RMI services on systems which the user has prior permission to attack. Unauthorised accessRead More

PwnXSS – Vulnerability XSS Scanner Exploit

A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone 755 -R PwnXSScd PwnXSSpython3 –help Usage Basic usage: python3 -u Advanced usage: python3 –help Main features crawling all links on a website ( crawler engine ) POSTRead More

EternalBlueC – EternalBlue Suite Remade In C/C++ Which Includes: MS17-010 Exploit, EternalBlue Vulnerability Detector, DoublePulsar Detector And DoublePulsar Shellcode & DLL Uploader

[*]EternalBlue suite remade in C which includes: MS17-010 Exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector and DoublePulsar UploadDLL & Shellcode[*] ms17_vuln_status.cpp – This program sends 4 SMB packets. 1 negociation packet and 3 requests. This program reads the NT_STATUS response from a TransNamedPipeRequest ( PeekNamedPipe request ) and determines if NT_STATUS = 0xC0000205 ( STATUS_INSUFF_SERVER_RESOURCES ).Read More

hackerEnv – An Automation Tool That Quickly And Easily Sweep IPs And Scan Ports, Vulnerabilities And Exploit Them

hackerEnv is an automation tool that quickly and easily sweep IPs and scan ports, vulnerabilities and exploit them. Then, it hands you an interactive shell for further testing. Also, it generates HTML and docx reports. It uses other tools such as nmap, nikto, metasploit and hydra. Works in kali linux and Parrot OS. Do notRead More

RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities

RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers, any known RMI signature using non-primitive types (e.g., java.lang.String), can be exploited by replacing the object with a serialized payload. This is a fairly common misconfiguration (e.g., VMWare vSphere Data Protection + vRealize Operations Manager,Read More

Tentacle – A POC Vulnerability Verification And Exploit Framework

Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets. (Still in DEV…)Install pip3 install -r requestment.txt UsageWhen you run it for the first time, the configuration fileRead More

CVE-2020-0796 – Windows SMBv3 LPE Exploit #SMBGhost

Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez (@danigargu) Manuel Blanco Parajón (@dialluvioso_) References Download CVE-2020-0796

R00Kie-Kr00Kie – PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability

[*] DisclaimerThis is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.This project is intended for educational purposes only and cannot be used for law violation or personal gain.The author of this project is not responsible for any possible harm caused by the materials. RequirementsTo use these scripts, you will need a WiFi card supporting theRead More

XXExploiter – Tool To Help Exploit XXE Vulnerabilities

I wrote this tool to help me testing XXE vulnerabilities.It generates the XML payloads, and automatically starts a server to serve the needed DTD’s or to do data exfiltration.IMPORTANT: This tool is still under development and although most of its features are already working, some may have not been tested properly.Building & RunningThis is aRead More

xShock – Shellshock Exploit

xShock ShellShock (CVE-2014-6271)This tool exploits shellshock. Written by Hulya KarabagVersion 1.0.0Instagram: Capture the RootScreenshots How to use Read MeAll founded directories will be saved in vulnurl.txt file. The results of the executed commands are saved in response.txt. FeaturesThis tool include: CGI VULNERABILITY DIRECTORY SCAN RUN COMMAND WITH FOUNDED CGI SHOW VULNERABLE URLS UPDATE PROXY InstallationRead More