• Stars
    star
    2
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 1 year ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Finds CSP report urls and tests to see if they are vulnerable to log4j

More Repositories

1

CVE-2023-32243

CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Python
83
star
2

CVE-2023-2982

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
Python
81
star
3

grafana-ssrf

Authenticated SSRF in Grafana
Python
74
star
4

marshalsec-jar

marshalsec-0.0.3-SNAPSHOT-all compiled on X64
66
star
5

CVE-2023-7028

CVE-2023-7028
Python
58
star
6

phpunit-brute

Tool to try multiple paths for PHPunit RCE CVE-2017-9841
Python
25
star
7

wordpress-plugin-list

Wordpress Plugins List for Bruteforcing.
25
star
8

service-now

Service-Now Article Bruteforcer
Python
16
star
9

wp-file-manager

wp-file-manager RCE
Python
10
star
10

nuclei-drupal-sa

Nuclei templates for drupal vulns... far from perfect
8
star
11

CVE-2023-32117

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
7
star
12

CVE-2023-2732

MStore API <= 3.9.2 - Authentication Bypass
Python
7
star
13

kong-pwn

Use Exposed KongAPI to act like a proxy and get metadata urls or internal urls
Python
6
star
14

redash-reset

Python
5
star
15

CVE-2022-0952

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update
Python
5
star
16

CVE-2023-5412

Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
5
star
17

coldfusion-amf

Coldfusion AMF PWN
Shell
5
star
18

super-secret-finder

Burp Plugin for Secret Matching
Python
5
star
19

CVE-2023-5204

AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response
4
star
20

CVE-2024-22145

InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)
Python
4
star
21

simple-file-list-rce

Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE
Python
4
star
22

CVE-2023-47840

Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Python
4
star
23

Log4J-Exploits

Log4J Exploits for Different Systems
Python
3
star
24

wordpress-exploits

Random Wordpres Exploits May or May Not Work.
3
star
25

CVE-2022-3904

CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics
Python
3
star
26

woo

Exploit woocommerce SQLI and grab user and password hash
Python
2
star
27

SAP-brute

SAP Netweaver Login Bruteforcer.
Python
2
star
28

django-bruteforce

Django Admin Url Bruteforce tool.
Python
2
star
29

CVE-2020-12077

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions
Python
2
star
30

CVE-2023-6700

Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update
Python
2
star
31

wordpress-php-object-helper

Know a plugin has a php object exploit but need to find which lib to use?
Python
2
star
32

CVE-2023-2877

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
Python
2
star
33

CVE-2023-0630

CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection
Python
2
star
34

what-wordpress

Tool to extract all themes and plugins that are shown on the front page of a wordpress site.
Python
2
star
35

dom-brute

Domain TLD prefix finder / 3rd party hosted.
Python
2
star
36

CVE-2024-0679

ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
Python
2
star
37

CVE-2024-9593

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
1
star
38

juicy-php

Juicy-php - finds PHP info files with juicy information
Python
1
star
39

S3-from-csp

Extracts all S3 Buckets from CSP report headers and then tests for file upload vulns
Go
1
star
40

struts-splunk

Vuln Apache Struts with splunk
Dockerfile
1
star
41

wordpress-plugins-scraper

Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/
Python
1
star
42

dnn-cookie

DNN-Cookie Tester
Python
1
star
43

CVE-2022-1442

WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure
Shell
1
star
44

CVE-2023-45657

Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'
Python
1
star
45

CVE-2021-25032

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise
Python
1
star
46

CVE-2022-47615

LearnPress Plugin < 4.2.0 - Unauthenticated LFI Description
Python
1
star
47

static-file-checker

Checks Djangos /static/staticfiles.json for exposed creds using nuclei
Go
1
star
48

CVE-2021-24356

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation
Python
1
star
49

CVE-2023-5070

Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure
Python
1
star
50

CVE-2023-45828

RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest
1
star
51

CVE-2022-45808

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
1
star
52

CVE-2022-45354

Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API
Python
1
star
53

js-jobs

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation
Python
1
star
54

CVE-2023-36531

LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon
Python
1
star
55

CVE-2021-24647

CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
Python
1
star
56

CVE-2023-47529

Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File
1
star
57

CVE-2019-15896

LifterLMS <= 3.34.5 - Unauthenticated Options Import
Python
1
star
58

CVE-2023-47179

WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update (Subscriber+)
Python
1
star
59

e-signature-poc

e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
1
star
60

binary-edge-render-extract

Create a datatable output from a binaryedge render scan
Go
1
star
61

CVE-2022-0439

CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Python
1
star
62

wordpress-bf

Brute Force Wordpress Blogs.
Python
1
star
63

postgres-bruteforcer

This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.
Go
1
star
64

import-users-from-csv-with-meta

Import Users From CSV with Meta 1.15 - Unauthorised Authenticated Users Export
Python
1
star
65

CVE-2023-6985

10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description
Python
1
star
66

CVE-2024-4875

HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
Python
1
star
67

CVE-2023-46615

KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle
1
star
68

CVE-2024-25092

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Python
1
star
69

CVE-2020-36730

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)
Python
1
star
70

CVE-2023-51409

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload
1
star
71

learning-management-system

Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure
Python
1
star
72

CVE-2022-1203

Content Mask < 1.8.4 - Subscriber+ Arbitrary Options Update
Python
1
star
73

CVE-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
Python
1
star