We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
PrivEsc - A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
- 45
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits. For pre-compiled local linux exploits, check out https://www.kernel-exploits.com.
https://crowdshield.comhttps://github.com/1N3/PrivEsc
| Tags | exploits privesc sql mysql hacking pentesting bugbounty |
| Implementation | C |
| License | Public |
| Platform |
Related Projects
unix-privesc-check - Automatically exported from code.google.com/p/unix-privesc-check
Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files).
pspy - Monitor linux processes without root permissions
pspy is a command line tool designed to snoop on processes without need for root permissions. It allows you to see commands run by other users, cron jobs, etc. as they execute. Great for enumeration of Linux systems in CTFs. Also great to demonstrate your colleagues why passing secrets as arguments on the command line is a bad idea. The tool gathers it's info from procfs scans. Inotify watchers placed on selected parts of the file system trigger these scans to catch short-lived processes.
ctf pentesting privesc enumerationwindows-privesc-check - Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
Windows-privesc-check is standalone executable that runs on Windows systems. It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written in python and converted to an executable using pyinstaller so it can be easily uploaded and run (as opposed to unzipping python + other dependencies). It can run either as a normal user or as Administrator (obviously it does a better job when running as Administrator because it can read more files).
traitor - Automatic Linux privesc via exploitation of low-hanging fruit e
Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell. It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent polkit CVE-2021-3560. More routes to root will be added over time too.
exploit infosec privilege-escalation security-tools privesc hackthebox gtfobins redteam-tools cve-2021-3560Goohak - Automatically Launch Google Hacking Queries Against A Target Domain
Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
osint google hacking queries ghdb pentesting pentest automatedsecurity_whitepapers - Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
hacking bugbounty whitepapers webappsec pentesting itsecurityReverseAPK - Quickly analyze and reverse engineer Android packages
Quickly analyze and reverse engineer Android applications. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
android apk reverse-engineering hacking mobile decompile analyze pentest pentesting smaliNoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".
nosql nosql-databases penetration-testing scanner security-audit security-tools security-toolset offensive-security enumeration databases mongodb couchdb web-application-security bugbounty redis mongodb-database sql-injection hacking hacking-tool hacktoberfestInfosec_Reference - An Information Security Reference That Doesn't Suck
An Information Security Reference That Doesn't Suck
infosec infosec-reference reverse-engineering hacking pentesting penetration-testing references privilege-escalation exfiltration information-security blueteam red-team osx forensics hacking-simulator privilege-escalation-exploits mitre-attack-dbtools - security and hacking tools, exploits, proof of concepts, shellcodes, scripts
This section offers a selection of our fully featured security and hacking tools. We also provide some exploits, proof of concept code, shellcodes and snippets. That means some tools are not tested and may not have the feature set. If you find some bugs or if you have any questions, ideas or criticism regarding to this section, feel free to message us.
hacking shellcode exploitshabu - Python Network Hacking Toolkit
I'm developing Habu to teach (and learn) some concepts about Python and Network Hacking. These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
network-analysis networking scapy python3 security-tools hacking penetration-testing pentesting pentest pentest-tool pentesting-networks security-audit security-testingFindsploit - Find exploits in local and online databases instantly
Findsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c). This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
exploits metasploit nmap pentest hackers exploitdb find searchh4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more
This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.
hacking penetration-testing hacking-series video-course cybersecurity ethical-hacking ethicalhacking hacker exploit exploits exploit-development vulnerability vulnerability-scanners vulnerability-assessment vulnerability-management vulnerability-identification awesome-lists awesome-list training hackerslinux-exploit-suggester - Linux privilege escalation auditing tool
Often during the penetration test engagement the security analyst faces the problem of identifying privilege escalation attack vectors on tested Linux machine(s). One of viable attack vectors is using publicly known Linux exploit to gain root privileges on tested machine. Of course in order to do that the analyst needs to identify the right PoC exploit, make sure that his target is affected by the associated vulnerability and finally modify the exploit to suit his target. The linux-exploit-suggester.sh tool is designed to help with these activities. In this mode the analyst simply provides kernel version (--kernel switch) or uname -a command output (--uname switch) and receives list of candidate exploits for a given kernel version.
exploits privilege-escalation-exploits kernel-exploitation applicable-exploits security-tools hacking-tool linux-exploitsIntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads
A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
burpsuite intruder payloads fuzz-lists fuzzing fuzzFree-Security-eBooks - Free Security and Hacking eBooks
A curated list of free Security and Pentesting related E-Books available on the Internet. If you want to contribute to this list (please do), send a pull request. All contributors will be recognized and appreciated.
security hacking penetration-testing hacking-ebooks forensics hackers-handbook cloud-security kali-linux cyber-security ebooksOne-Lin3r - Gives you one-liners that aids in penetration testing operations
One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. The payloads database is not big now because this the first edition but it will get bigger with updates and contributions.
hacking hacking-tool web-delivery metasploit one-liners one-liner pentest-tool pentesting-windows penetration-testing web-based-attacks web-attacks kali-linux windows-hacking multiplatformCloakify - CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography using lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination. For a quick start on CloakifyFactory, see the cleverly titled file "README_GETTING_STARTED.txt" in the project for a walkthrough.
cipher data-exfiltration hacking pentesting exfiltration steganography cryptography dlp av-evasion privacy security security-tools infosec red-team pentest pentest-tool hacking-tool hacking-tools pentest-tools stegoDumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events
The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.
pentesting hacking hacking-tool pentest-tool automation security security-tools infosec pentest red-team blue-team red-teams blue-teams pentest-tools hacking-toolsVHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.
security-audit penetration-testing penetration-test virtual-hosts web-application-security discovery-service hacking hacking-tool virtual-host vhost vhosts security-tools security hackthebox oscp ctf-tools offensive-security bugbounty reverse-lookups scanner
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
