Red-Team LKM

Robson is a simple LKM rootkit that uses the Linux kernel's kprobes tracing feature as a hooking mechanism.

Possible paths for Java-specific path traversal, etc.

CVEs collection

Scrapts Scrapts Scrapts

Proof of Concept Exploit for PrimeFaces 5.x EL Injection (CVE-2017-1000486)

You can read the writeup on this script here

Enemies Of Symfony - Debug mode Symfony looter

HTTP parameter discovery suite.

This tool can be used to brute discover GET and POST parameters

encrypted-linux-kernel-modules

Various tips & tricks

PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) POC in Python

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.

Reverse Shell Cheat Sheet TooL

Zimbra Weak Password Scanner

ScanT3r - Module based Bug Bounty Automation Tool ( use Lotus instead github.com/bugBlocker/lotus )

Tool to try multiple paths for PHPunit RCE CVE-2017-9841

GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep

扫描网站是否存在SpringBoot API信息泄漏或阿里云存储OSSKEY泄漏

Awesome list of GraphQL

Linux and Windows basic privileges escalation

CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE

A one liner Bash command which finds CORS in every possible endpoint.

Spring Boot Actuator未授权访问【XXE、RCE】单/多目标检测

Various kernel exploits