A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Gather and update all available and newest CVEs with their PoC.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Open Source Vulnerability Management Platform

快速搭建各种漏洞环境(Various vulnerability environment)

面向网络安全从业者的知识文库🍃

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

✍️ A curated list of CVE PoCs.

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

A collection of JavaScript engine CVEs with PoCs

cve-search - a tool to perform local searches for known vulnerabilities

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.

CVE Alerting Platform

基于 docsify 部署，目前漏洞数量 1000+

傻瓜式漏洞PoC测试框架