红队评估
tr0uble-maker / poc-bomber Goto Github PK
View Code? Open in Web Editor NEW利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
License: GNU General Public License v3.0
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
License: GNU General Public License v3.0
红队评估
大佬可以优化一下s2_009的漏洞判断,有些没有这个漏洞的,他网页响应会包含请求的内容就是整个payload的链接都包含进去,因此网页返回内容包含也包含hash_flag这个串字符串。
BP捕获的数据包中http协议版本为1.0,没有host头,导致在漏洞探测时,回显404,加上host头正常。大家有遇到这种问题吗?怎么把HTTP版本设置为1.1呢?
POST / HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept-Encoding: gzip, deflate
Accept: /
Connection: close
看了issues,很多poc检查不出,用nuclei可以
我扫描了很多网址,也检测除了许多的洞~但是用 --attack 还没成功过 ....
批量导入url扫描 -f , 输入命令无效果
判断是否存在漏洞使用了两个if,但只有一个else,导致返回空置报错
致远OA6 sql注入和通达OA任意用户登录,扫描时会卡住
找了好久的框架,都准备写nuclei的yaml格式的POC来用了,今晚突然翻到一个你这个框架,真是我所需要的,求个好友位,QQ已添加,望回复
目标几十万域名,扫着扫着就卡住不动了,我也在定位中,大家也帮看下。
我这个在windows不能运行
vps上如何启动dnslog服务,这里没有说明
建议添加POC模糊识别搜索利用,比如我需要利用jboss漏洞的时候,只需要 --poc="jboss"即可利用jboss所有的exp进行检测和利用
添加个在线检测POC是否有更新,如果有更新下载POC的功能
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.