ProxyLogon is the formally generic name for CVE-2021-26855, a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin. We have also chained this bug with another post-auth arbitrary-file-write vulnerability, CVE-2021-27065, to get code execution.
☆32May 1, 2021Updated 4 years ago
Alternatives and similar repositories for ProxyLogon
Users that are interested in ProxyLogon are comparing it to the libraries listed below
Sorting:
- Proof-of-concept exploit for CVE-2021-26855 and CVE-2021-27065. Unauthenticated RCE in Exchange.☆51Mar 24, 2021Updated 4 years ago
- PoC exploit code for CVE-2021-26855☆17Mar 9, 2021Updated 5 years ago
- EmailSecCheck is a lightweight Python utility used to check for common SPF/DMARC misconfigurations that may allow for email spoofing.☆19May 9, 2025Updated 10 months ago
- This script helps to identify CVE-2021-26855 ssrf Poc☆22Mar 10, 2021Updated 5 years ago
- ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)☆123Mar 17, 2021Updated 5 years ago
- ☆297Jul 2, 2024Updated last year
- proxyshell payload generate☆75Aug 14, 2021Updated 4 years ago
- A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impers…☆163Mar 2, 2022Updated 4 years ago
- A tool for bypass certify pinning in Android apps☆25Apr 11, 2020Updated 5 years ago
- ☆384Aug 19, 2021Updated 4 years ago
- This is just a simple data recovery for Foxmail(http://foxmail.com.cn/)☆18Oct 16, 2015Updated 10 years ago
- gosec动态规则修改版☆12Jun 29, 2021Updated 4 years ago
- Poc script for ProxyShell exploit chain in Exchange Server☆24Feb 24, 2022Updated 4 years ago
- LDAP library for auditing MS AD☆13Nov 28, 2023Updated 2 years ago
- ☆14Nov 15, 2020Updated 5 years ago
- ☆100Mar 9, 2021Updated 5 years ago
- Lazy SPL to detect Spring4Shell exploitation☆12Jul 8, 2022Updated 3 years ago
- ProxyLogon Pre-Auth SSRF To Arbitrary File Write☆125Nov 8, 2023Updated 2 years ago
- AADInternals Authenticator Android App☆11Jul 2, 2020Updated 5 years ago
- Sechead is a powerful security tool developed in Python that allows users to audit the security headers of any website. With Sechead, use…☆13May 22, 2023Updated 2 years ago
- Miscellaneous examples for use with Cobalt Strike Beacon☆10Nov 19, 2020Updated 5 years ago
- RCE exploit for Microsoft Exchange Server (CVE-2021-26855).☆22Apr 23, 2022Updated 3 years ago
- ☆11Mar 18, 2021Updated 5 years ago
- Clone of the original project https://sourceforge.net/projects/sqsh/☆14Dec 8, 2023Updated 2 years ago
- Vulnerable LLM Application☆14Jan 1, 2024Updated 2 years ago
- Timestomping module: overwrite file create/modify times in .NET (no pinvoke)☆27Dec 13, 2021Updated 4 years ago
- CVE-2021-40444 Sample☆12Sep 10, 2021Updated 4 years ago
- PoC of CVE-2022-24707☆13May 3, 2022Updated 3 years ago
- Create machine images containing the Nessus vulnerability scanner☆13Mar 13, 2026Updated last week
- CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability☆30Aug 16, 2021Updated 4 years ago
- ☆13Aug 19, 2015Updated 10 years ago
- A Couple of Python Scripts Leveraging MS365's GraphAPI to Send Custom Calendar Events / Emails from Cheap O365 Accounts☆18Apr 19, 2024Updated last year
- CVE-2021-1675 Detection Info☆215May 20, 2023Updated 2 years ago
- Exploitation Script for CVE-2020-0688 "Microsoft Exchange default MachineKeySection deserialize vulnerability"☆11Apr 1, 2020Updated 5 years ago
- 以太坊白皮書台灣繁體中文版本☆14Oct 31, 2016Updated 9 years ago
- SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files☆11Mar 29, 2021Updated 4 years ago
- CVE-2020-5902☆10Jul 11, 2020Updated 5 years ago
- Automatically deploy preconfigured SSL ready GoPhish instances into Azure using Terraform.☆17Apr 30, 2021Updated 4 years ago
- A tool to convert Windows evtx files (Windows Event Log Files) into JSON format and log to Splunk (optional) using HTTP Event Collector.☆58Apr 8, 2022Updated 3 years ago