There are no reviews yet. Be the first to send feedback to the community and the maintainers!
gcp-dhcp-takeover-code-exec
Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agentcurlshell
reverse shell using curlADB-Backup-APK-Injection
Android ADB backup APK Injection POCdfwfw
Docker Firewall Frameworkjackson-rce-via-spel
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressionsCVE-2020-1313
Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege VulnerabilityCVE-2020-0728
Proof of Concept code for CVE-2020-0728apache-openoffice-rce-via-uno-links
php-bypass-disable-functions
Demo project how to bypass the disable_functions security control of PHP on Linuxmicrosoft-diagcab-rce-poc
Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code executionCVE-2020-1967
Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)lgosp-poc
LG On Screen Phone authentication bypass PoC (CVE-2014-8757)struts-any-results
Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.golang-insecureskipverify-patch
Simple patcher tool to turn off TLS handshake validation in golang binariesgoogle-osconfig-privesc
Proof of concept about the privilege escalation flaw identified in Google's OsconfigCVE-2022-20128
Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.microsoft-diaghub-case-sensitivity-eop-cve
Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerabilitytcp-http-proxy
A potential solution for OpenWRT + Mitmproxygnu-patch-vulnerabilities
The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.mysql-load-data-local-abuse
Abusing MySQL's LOAD DATA LOCAL featuregolang-http2debug-onthefly
Tool to activate http2debug feature of golang on the fly.go-reproto
An experimental tool to reconstruct proto definitions based on golang binariescloud-sql-auth-proxy-iam-mitm
PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.pcap-proxy
A simple userland TCP proxy application that captures the network flow into a .pcap fileCVE-2022-3168-adb-unexpected-reverse-forwards
Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinationsicedtea-web-vulnerabilities
Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.postgres-proxy-cloudsql-iam-vuln
A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.cloud-shell-ssrf
Google Cloud Shell SSRF feature PoC toolgrpcurl-for-android
gRPCurl precompiled binaries for Androidrdiff-backup
Simple docker image around rdiff-backupraiffeisen-direktnet
Transaction parser for the Raiffeisen Direktnet banking websitehikvision-motion
SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.p1x1
Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.proftpd-mysql-password
Support for MySQL PASSWORD() in Proftpd's SQLAuthTypesLove Open Source and this site? Check out how you can help us