Hydragyrum / evil-rmi-server
An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228
☆12Updated 3 years ago
Alternatives and similar repositories for evil-rmi-server:
Users that are interested in evil-rmi-server are comparing it to the libraries listed below
- This script implements the Proof of Concept attack from the Checkpoint research "NTLM Credentials Theft via PDF Files"☆26Updated 6 years ago
- All about CVE-2022-30190, aka follina, that is a RCE vulnerability that affects Microsoft Support Diagnostic Tools (MSDT) on Office apps …☆24Updated 2 years ago
- ☆16Updated 3 months ago
- Use rpc null sessions to retrieve machine list, domain admin list, domain controllers☆14Updated 2 years ago
- Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960☆2Updated 2 years ago
- Multithreaded spraying of a password on all accounts of a domain.☆19Updated last month
- A Golang implementation of clubby789's implementation of CVE-2021-4034☆11Updated 3 years ago
- A basic username enumeration and password spraying tool aimed at spraying Microsoft's DOM based authentication using selenium.☆34Updated last year
- Burp Extension that lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap☆36Updated 3 years ago
- ☆16Updated 3 years ago
- Generate image payloads in JS to bypass filters☆39Updated 4 years ago
- A malicious .cab creation tool for CVE-2021-40444☆12Updated 3 years ago
- Writeup of CVE-2020-15906☆47Updated 4 years ago
- Finding SSL Blindspots for Red Teams☆32Updated 4 years ago
- A python3 and bash PoC for CVE-2021-4034 by Kim Schulz☆21Updated 3 years ago
- Right-To-Left Override POC☆34Updated 3 years ago
- H&E- Burp Highlighter and Extractor☆18Updated 2 years ago
- Copy as XMLHttpRequest BurpSuite extension☆31Updated 4 years ago
- A little implant which SSH's back with a shell☆36Updated 3 years ago
- Multi-thread AzureAD Autologon SSO Password Sprayer.☆36Updated 3 years ago
- Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.☆14Updated 4 years ago
- A tool for check available dependency packages across npmjs, PyPI or RubyGems registry.☆28Updated 3 years ago
- Parallelized enumeration tool for red team engagements and bug bounty programs.☆18Updated 4 years ago
- A python script to check if URLs are allowed or disallowed by a robots.txt file.☆21Updated last month
- A Burp Suite extension for headless, unattended scanning.☆36Updated 4 years ago
- Dump LSASS like you mean it☆11Updated 7 months ago
- Query various sources for CVE proof-of-concepts☆51Updated last year
- Looking for JAR files that are vulnerable to Log4j RCE (CVE‐2021‐44228)?☆45Updated 3 years ago
- A Python script to find tenant id an region from a list of domain names.☆14Updated 2 months ago
- ☆10Updated 3 years ago