Displaying 1 to 20 from 33 results

awesome-cve-poc - ✍️ A curated list of CVE PoCs.

  •    

✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.

ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization

  •    Java

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. Originally released as part of AppSecCali 2015 Talk "Marshalling Pickles: how deserializing objects will ruin your day" with gadget chains for Apache Commons Collections (3.x and 4.x), Spring Beans/Core (4.x), and Groovy (2.3.x). Later updated to include additional gadget chains for JRE <= 1.7u21 and several other libraries.

Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a

  •    C++

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.




CVE-2018-7600 - 💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

  •    Python

IMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

react-demandware-examples - Using React framework on server-side with Demandware

  •    Javascript

This is just a proof-of-concept to see if we can get react work on server-side but it should not be used on production as performance for react is very poor.

hbase-mr-pof - A proof of concept prototype of new HBase + Hadoop Map Reduce integration

  •    Scala

A proof of concept prototype of new HBase + Hadoop Map Reduce integration


mysql-unsha1 - Authenticate against a MySQL server without knowing the cleartext password

  •    C

Authenticate against a MySQL server without knowing the cleartext password. This PoC shows how it is possible to authenticate against a MySQL server under certain circumstances without knowing the cleartext password when the Secure Password Authentication authentication plugin (aka mysql_native_password, the default method) is used.

go-modbus - DONT USE IT: A free modbus library for go

  •    Go

a free Modbus library for Go. This library is inspired by this modbus library.

arp-spoof - Minimal ARP-Spoofing tool written in Rust

  •    Rust

This is a minimal ARP-Spoofing tool written in Rust language using pcap. This tool allows intercepting Ipv4 traffic between two hosts on the same network. Typically between one machine and the internet gateway.

malware-research - Samples, research and documents about any kind of malware and misc source which should be released for the public

  •    C

Collection of malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it. Collection of Malware samples, research and guides to understand it and to practice, learn and build mechanism to defeat it.

proof-of-concepts - A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability

  •    HTML

A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability. Clone this repository to a website you use for testing purposes, publish everything, and you will be able to use all of the proof of concepts under the /proof-of-concepts/ directory (e.g. http://example.com/proof-of-concepts/pastejacking_reflected_xss_payload.html).

isf - ISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python.

  •    Python

ISF(Industrial Security Exploitation Framework) is a exploitation framework based on Python. It's based on NSA Equation Group Fuzzbunch toolkit which is realsed by Shadow Broker. It's developed by the ICSMASTER Security Team. Please use them only for researching purposes.

bluetoothdPoC - CVE-2018-4087 PoC

  •    Objective-C

Depends, Got any kernel vulnerability? You're welcome chain them together. This one allow you to have huge attack surface from within the sandbox.

flutter_videoplayer - Experimental Flutter "on-top" native videoplayer for iOS (swift implementation)

  •    Objective-C

⚠️ this example is not up to date with the last version of flutter platform API. Same principles but somes method names changed. An example of native ios swift videoplayer on top of a flutter app using the Platform messaging API.

vnf-asterisk - Documentation, configuration, reference material and other information around an Asterisk-based VNF

  •    Python

In this repository you'll end up finding a mish-mash of information around a project that @dougbtv and @leifmadsen are working on. For this project, we intend to build out an Asterisk-based VNF (virtual network function). This VNF will not be intended to be deployed to production, but rather provide a set of reference material and examples of how you might go about building one. You can think of this as more of a demo or research project.

mkaas - mkaas: minikube on Kubernetes with CRDs

  •    Go

mkaas provides a declarative way to create Kubernetes clusters using minikube within 1-2 minutes each. This is a Proof-of-Concept Kubernetes Operator providing Minikube-as-a-Service or mkaas through the use of CRDs and the Operator Framework from CoreOS.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.