• Stars
    star
    170
  • Rank 223,357 (Top 5 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 7 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔥 An Exploit framework for Web Vulnerabilities written in Python

Exploit-Framework

Backers on Open Collective Sponsors on Open Collective

Exploits:

Vendor Vulnerability Effected Version Description Author
zblog NOT_CVE <=1.5.1 Zblog Authenticated LFI @Shutdown_r
OpenSNS NOT_CVE <=3.31 OpenSNS UnAuthenticated GetShell @90sec
Joomla CVE-2015-8562 1.5<3.45 Joomla Header Unauthenticated RCE @Andrew McNicol
Codiad CVE-2017-11366 <=2.8.3 Codiad Authenticated RCE @WangYihang
Codiad CVE-2014-9581 <=2.4.3 Codiad Authenticated LFI @TaurusOmar
SeaCMS CVE-2017-17561 <=6.56 SeaCMS Authenticated GetShell @WangYihang
SeaCMS NOT_CVE <=6.28 SeaCMS UnAuthenticated RCE @没穿底裤
phpMoAdmin CVE-2015-2208 <=1.1.2 phpMoAdmin UnAuthenticated RCE Unknown
WordPress CVE-2017-5487 <4.7.1 WordPress Username Enumeration @Dctor
DedeCMS NOT_CVE <=5.6 DedeCms recommend.php SQL injection @没穿底裤
Kernel CVE-2016-5195 2.6.22<3.9 DirtyC0w Privilege Escalation @nowsecure

Video:

asciicast

WIKI:

https://github.com/WangYihang/Exploit-Framework/wiki

Contribution:

1. Guidance of writing exploit module

TODO:

  • 解析字符串
  • 深层模块化
  • 上下文栈维护
  • 日志
  • 自动补全
  • Exploit 搜索
  • Wiki
  • Exploit 规范
  • 维护 Reverse Shell (结合 Reverse-Shell-Manager)
  • Payload 模块
  • 免杀模块
  • 维护一句话木马 (结合 Webshell-Sniper)
  • 数据库
  • Web 前端

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

More Repositories

1

Platypus

🔨 A modern multiple reverse shell sessions manager written in go
Go
1,503
star
2

GitHacker

🕷️ A `.git` folder exploiting tool that is able to restore the entire Git repository, including stash, common branches and common tags.
Python
1,408
star
3

Webshell-Sniper

🔨 Manage your website via terminal
Python
419
star
4

SourceLeakHacker

🐛 A multi threads web application source leak scanner
Python
379
star
5

ccupp

基于社会工程学的弱口令密码字典生成工具
Python
340
star
6

UsbKeyboardDataHacker

USB键盘流量包取证工具 , 用于恢复用户的击键信息
Python
320
star
7

Reverse-Shell-Manager

🔨 A multiple reverse shell session/client manager via terminal
Python
237
star
8

USB-Mouse-Pcap-Visualizer

USB mouse traffic packet forensic tool, mainly used to draw mouse movements and dragging trajectories
JavaScript
233
star
9

Apache-HTTP-Server-Module-Backdoor

👺 A Simple Backdoor For Apache HTTP Server
C
151
star
10

MIT-6.031-Readings-zh-cn

麻省理工大学-18年春季学期-软件构造(6.031)课程阅读中文版
84
star
11

awesome-web-security

📓 Some notes and impressive articles of Web Security
74
star
12

Codiad-Remote-Code-Execute-Exploit

A simple exploit to execute system command on codiad
Python
64
star
13

Find-PHP-Vulnerabilities

🐛 A plug-in of sublime 2/3 which is able to find PHP vulnerabilities
Python
56
star
14

PwnMe

二进制渗透题目汇总
Python
54
star
15

IdiomsSolitaire

成语接龙
Python
48
star
16

sqli-labs

WriteUp of sqli-labs (GitBook : https://www.gitbook.com/book/wangyihang/sqli-labs/details)
39
star
17

12306

12306网站抢票Python脚本
Python
28
star
18

WebShellCracker

WebShell密码爆破工具
Python
19
star
19

LinuxShellScript

LinuxShell编程笔记
Shell
15
star
20

SQL-Hacker

简单SQL注入工具
Python
14
star
21

XorShellcode

Shellcode异或加密工具
Python
12
star
22

Subdomain-Crawler

A program for collecting subdomains of a list of given second-level domains (SLD)
Go
12
star
23

ShellcodeSpider

Shellcode Spider of Exploit-DB
C
12
star
24

HIT-Courses-Calendar

哈尔滨工业大学教务处课表Excel转换iCal脚本
Python
10
star
25

gojob

Go(od) Job is a simple job scheduler that supports task retries, logging, and task sharding.
Go
10
star
26

Proxy-Verifier

A set of tools designed to efficiently and effectively locate publicly available proxy server resources.
Go
9
star
27

PPT-Generator

Generate PPT via a simple summary
Python
9
star
28

tplayer

一个Linux终端播放器 , 使用字符绘制图片/视频 , 并按照帧率播放
Python
8
star
29

Presentations

8
star
30

t3sec-network-flow-analysis

6
star
31

acw-sc-v2.js

`acw_sc__v2` cookie generator
HTML
5
star
32

Docker-Container-Exposer

Expose docker containers to public network
Shell
5
star
33

pickle-pickle

A arbitary python code executer via python pickle
Python
5
star
34

CrackMe

CrackMe 汇总
Python
5
star
35

Platypus-Python

Python
5
star
36

SimpleEncrypter

简单shellcode加密工具(存在 0 字节)
Python
4
star
37

Markdown-URL-to-Title

Python
4
star
38

DBLP-Spider

A spider tool for downloading the DBLP search results into local BibTeX files.
Python
4
star
39

MovieSearcher

电影资源搜索工具
Python
3
star
40

Image-LSB-Stego

Python
3
star
41

http-grab

Go
2
star
42

tranco-go-package

Go
2
star
43

acw-sc-v2-py

Python requests.HTTPAdapter for `acw_sc__v2`
Python
2
star
44

dns-grab

Go
2
star
45

PrintableShellcodeCreator

可打印shellcode生成工具
C
2
star
46

DBAPPSecurity-Unified-Security-Management-Python-Connector

Python Connector for DBAPPSecurity Unified Security Management | 明御®运维审计与风险控制系统(堡垒机)
Python
1
star
47

bgphenet

Go
1
star
48

acw-sc-v2-go

Go
1
star
49

ModifyHeadersForChrome

ModifyHeadersForChrome
JavaScript
1
star
50

ProcessInjector

C
1
star
51

JBrowserWithPulgins

Java实现的一个简单的Web浏览器 , 提供了插件功能 , 目前插件有下载地址分析器
Java
1
star