• Stars
    star
    188
  • Rank 205,563 (Top 5 %)
  • Language
    Python
  • Created about 9 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity

A collection of exploits developed by @xer0dayz @Sn1perSecurity https://sn1persecurity.com

  • Vulnserver.exe GMON SEH Overflow Exploit
  • FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass)
  • CoolPlayer+ Portable 2.19.6 Stack Overflow (ASLR Bypass)
  • HTTPoxy Exploit/PoC Scanner
  • Ability FTP 2.34 Buffer Overflow Exploit
  • Aruba AP-205 Buffer Overflow Denial of Service PoC
  • Brainpan1 CTF Buffer Overflow Exploit
  • CesarFTP 0.99g Buffer Overflow Exploit
  • Apache 2.2.x Range Header Denial of Service Exploit
  • GHOST Glibc Gethostbyname Buffer Overflow Exploit
  • PHP Serialization Injection Remote Code Execution Exploit
  • CrikeyConCTF Koala Gallery Exploit
  • Webmin 1.920 Unauthenticated RCE Metasploit Exploit

Bug Bounty Profiles

Public Exploits

Blogs

Social Media

Websites

Public Exploits/PoC's/CVE's/Bug Bounties/CTF's

2018:

2017:

  • Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
  • Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
  • Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
  • Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
  • Systemic Local File Inclusion in DEMO HomeKit Android Application ($3,000 bounty) 9/2017
  • Placed 7th in ToorConCTF CTF 8/2017
  • Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
  • Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
  • Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
  • Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
  • PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
  • Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
  • Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
  • Listed on the BugCrowd 2016 MVP list 1/2017

2016:

2015:

  • Made the top 10 researcher list on BugCrowd 11/2015
  • Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
  • Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
  • Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
  • Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
  • Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
  • HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
  • Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
  • WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
  • Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
  • CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
  • Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
  • Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015

2014:

More Repositories

1

Sn1per

Attack Surface Management Platform
Shell
7,009
star
2

BruteX

Automatically brute force all services running on a target.
Shell
1,741
star
3

Findsploit

Find exploits in local and online databases instantly
Shell
1,499
star
4

BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python
1,354
star
5

PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
913
star
6

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain
Shell
679
star
7

ReverseAPK

Quickly analyze and reverse engineer Android packages
Shell
645
star
8

Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Python
431
star
9

MassBleed

MassBleed SSL Vulnerability Scanner
Shell
235
star
10

PRISM-AP

An automated Wireless RogueAP MITM attack framework.
Shell
156
star
11

XSSTracer

A small python script to check for Cross-Site Tracing (XST)
Python
137
star
12

HTTPoxyScan

HTTPoxy Exploit Scanner by 1N3 @CrowdShield
Python
104
star
13

PowerExfil

A collection of data exfiltration scripts for Red Team assessments.
PowerShell
86
star
14

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Shell
66
star
15

SuperMicro-Password-Scanner

Supermicro IPMI/BMC Cleartext Password Scanner
Shell
40
star
16

CloudHunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them
Python
33
star
17

1N3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
22
star
18

CTF-Writeups

CTF Writeups
17
star