From af4391160eecbae1aa64d9fd5acfb8dbd00f34e2 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Fri, 19 Aug 2022 21:19:08 +0900 Subject: [PATCH] Auto Update 2022/08/19 12:19:08 --- 2001/CVE-2001-0550.json | 30 --------------------------- 2009/CVE-2009-4623.json | 32 +++++++++++++++++++++++++++++ 2011/CVE-2011-2894.json | 4 ++-- 2013/CVE-2013-2028.json | 8 ++++---- 2014/CVE-2014-0160.json | 12 +++++------ 2014/CVE-2014-6271.json | 8 ++++---- 2015/CVE-2015-3456.json | 2 +- 2017/CVE-2017-8759.json | 8 ++++---- 2018/CVE-2018-8581.json | 8 ++++---- 2019/CVE-2019-0708.json | 8 ++++---- 2019/CVE-2019-17558.json | 8 ++++---- 2019/CVE-2019-2729.json | 8 ++++---- 2019/CVE-2019-6447.json | 4 ++-- 2020/CVE-2020-14882.json | 8 ++++---- 2020/CVE-2020-14883.json | 4 ++-- 2021/CVE-2021-25646.json | 4 ++-- 2021/CVE-2021-3156.json | 8 ++++---- 2021/CVE-2021-3929.json | 8 ++++---- 2021/CVE-2021-4045.json | 4 ++-- 2021/CVE-2021-4154.json | 8 ++++---- 2021/CVE-2021-42278.json | 12 +++++------ 2021/CVE-2021-44228.json | 44 ++++++++++++++++++++-------------------- 2022/CVE-2022-1015.json | 4 ++-- 2022/CVE-2022-2022.json | 8 ++++---- 2022/CVE-2022-22947.json | 16 +++++++-------- 2022/CVE-2022-2588.json | 8 ++++---- 2022/CVE-2022-26134.json | 8 ++++---- 2022/CVE-2022-27255.json | 12 +++++------ 2022/CVE-2022-27925.json | 4 ++-- 2022/CVE-2022-32832.json | 12 +++++------ 2022/CVE-2022-33980.json | 8 ++++---- 2022/CVE-2022-36271.json | 8 ++++---- 2022/CVE-2022-37042.json | 8 ++++---- README.md | 16 +++++++-------- 34 files changed, 177 insertions(+), 175 deletions(-) delete mode 100644 2001/CVE-2001-0550.json create mode 100644 2009/CVE-2009-4623.json diff --git a/2001/CVE-2001-0550.json b/2001/CVE-2001-0550.json deleted file mode 100644 index 103c828120..0000000000 --- a/2001/CVE-2001-0550.json +++ /dev/null @@ -1,30 +0,0 @@ -[ - { - "id": 518704833, - "name": "Network-Filesystem-Forensics", - "full_name": "gilberto47831\/Network-Filesystem-Forensics", - "owner": { - "login": "gilberto47831", - "id": 60636483, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/60636483?v=4", - "html_url": "https:\/\/github.com\/gilberto47831" - }, - "html_url": "https:\/\/github.com\/gilberto47831\/Network-Filesystem-Forensics", - "description": "Reports on post-exploitation on honeypot exploiting vulnerable wu-ftpd (CVE-2001-0550)", - "fork": false, - "created_at": "2022-07-28T04:52:58Z", - "updated_at": "2022-07-28T04:52:58Z", - "pushed_at": "2022-08-08T21:40:20Z", - "stargazers_count": 0, - "watchers_count": 0, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0 - } -] \ No newline at end of file diff --git a/2009/CVE-2009-4623.json b/2009/CVE-2009-4623.json new file mode 100644 index 0000000000..2151b554f2 --- /dev/null +++ b/2009/CVE-2009-4623.json @@ -0,0 +1,32 @@ +[ + { + "id": 526549283, + "name": "CVE-2009-4623", + "full_name": "hupe1980\/CVE-2009-4623", + "owner": { + "login": "hupe1980", + "id": 24973437, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/24973437?v=4", + "html_url": "https:\/\/github.com\/hupe1980" + }, + "html_url": "https:\/\/github.com\/hupe1980\/CVE-2009-4623", + "description": "PoC Advanced Comment System 1.0 - Remote Command Execution (RCE) ", + "fork": false, + "created_at": "2022-08-19T09:46:03Z", + "updated_at": "2022-08-19T10:18:50Z", + "pushed_at": "2022-08-19T10:17:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve-2009-4623" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2011/CVE-2011-2894.json b/2011/CVE-2011-2894.json index 2b56f303c0..3fc5aedad1 100644 --- a/2011/CVE-2011-2894.json +++ b/2011/CVE-2011-2894.json @@ -17,13 +17,13 @@ "pushed_at": "2020-02-11T15:09:32Z", "stargazers_count": 32, "watchers_count": 32, - "forks_count": 18, + "forks_count": 19, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 18, + "forks": 19, "watchers": 32, "score": 0 } diff --git a/2013/CVE-2013-2028.json b/2013/CVE-2013-2028.json index c075be788f..f3e05730aa 100644 --- a/2013/CVE-2013-2028.json +++ b/2013/CVE-2013-2028.json @@ -97,10 +97,10 @@ "description": "CVE-2013-2028 python exploit", "fork": false, "created_at": "2020-06-27T15:08:26Z", - "updated_at": "2022-08-06T05:52:31Z", + "updated_at": "2022-08-19T07:46:08Z", "pushed_at": "2020-06-27T15:08:58Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 10, + "watchers_count": 10, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -113,7 +113,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 9, + "watchers": 10, "score": 0 }, { diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index f9e2f9a28b..64b06334e7 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -13,18 +13,18 @@ "description": "A checker (site and tool) for CVE-2014-0160", "fork": false, "created_at": "2014-04-07T23:03:09Z", - "updated_at": "2022-08-10T09:23:53Z", + "updated_at": "2022-08-19T10:42:39Z", "pushed_at": "2021-02-24T09:17:24Z", - "stargazers_count": 2280, - "watchers_count": 2280, - "forks_count": 484, + "stargazers_count": 2279, + "watchers_count": 2279, + "forks_count": 485, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 484, - "watchers": 2280, + "forks": 485, + "watchers": 2279, "score": 0 }, { diff --git a/2014/CVE-2014-6271.json b/2014/CVE-2014-6271.json index fc41e57062..1357b8b56d 100644 --- a/2014/CVE-2014-6271.json +++ b/2014/CVE-2014-6271.json @@ -1916,10 +1916,10 @@ "description": "### **Awesome Penetration Testing** [![Links Check](https:\/\/4.bp.blogspot.com\/-_NIGc5XKpSw\/WHt9d7wCXaI\/AAAAAAAAB0o\/OYIv8EWjIoYh44jfxIRSrRYbgrn3MZKEQCLcB\/s1600\/penetration%2Btesting.png)](http:\/\/kalitut.com) [![10 Common Hacking Techniques](http:\/\/img.youtube.com\/vi\/V3CTfJ2ZP7M\/0.jpg)](http:\/\/www.youtube.com\/watch?v=V3CTfJ2ZP7M \"10 Common Hacking Techniques\") A collection of awesome penetration testing resources - [Online Resources](#online-resources) - [Penetration Testing Resources](#penetration-testing-resources) - [Exploit development](#exploit-development) - [Social Engineering Resources](#social-engineering-resources) - [Lock Picking Resources](#lock-picking-resources) - [Tools](#tools) - [Penetration Testing Distributions](#penetration-testing-distributions) - [Basic Penetration Testing Tools](#basic-penetration-testing-tools) - [Docker for Penetration Testing](#docker-for-penetration-testing) - [Vulnerability Scanners](#vulnerability-scanners) - [Network Tools](#network-tools) - [Wireless Network Tools](#wireless-network-tools) - [SSL Analysis Tools](#ssl-analysis-tools) - [Web exploitation](#web-exploitation) - [Hex Editors](#hex-editors) - [Crackers](#crackers) - [Windows Utils](#windows-utils) - [Linux Utils](#linux-utils) - [DDoS Tools](#ddos-tools) - [Social Engineering Tools](#social-engineering-tools) - [OSInt Tools](#osint-tools) - [Anonymity Tools](#anonymity-tools) - [Reverse Engineering Tools](#reverse-engineering-tools) - [CTF Tools](#ctf-tools) - [Books](#books) - [Penetration Testing Books](#penetration-testing-books) - [Hackers Handbook Series](#hackers-handbook-series) - [Defensive Development](#defensive-development) - [Network Analysis Books](#network-analysis-books) - [Reverse Engineering Books](#reverse-engineering-books) - [Malware Analysis Books](#malware-analysis-books) - [Windows Books](#windows-books) - [Social Engineering Books](#social-engineering-books) - [Lock Picking Books](#lock-picking-books) - [Vulnerability Databases](#vulnerability-databases) - [Security Courses](#security-courses) - [Information Security Conferences](#information-security-conferences) - [Information Security Magazines](#information-security-magazines) ### Online Resources #### Penetration Testing Resources * [Metasploit Unleashed](https:\/\/www.offensive-security.com\/metasploit-unleashed\/) - Free Offensive Security Metasploit course * [PTES](http:\/\/www.pentest-standard.org\/) - Penetration Testing Execution Standard * [OWASP](https:\/\/www.owasp.org\/index.php\/Main_Page) - Open Web Application Security Project * [PENTEST-WIKI](https:\/\/github.com\/nixawk\/pentest-wiki) - A free online security knowledge library for pentesters \/ researchers. * [Vulnerability Assessment Framework](http:\/\/www.vulnerabilityassessment.co.uk\/Penetration%20Test.html) - Penetration Testing Framework. * [The Pentesters Framework](https:\/\/github.com\/trustedsec\/ptf) - PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install\/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. #### Exploit development * [Shellcode Tutorial](http:\/\/www.vividmachines.com\/shellcode\/shellcode.html) - Tutorial on how to write shellcode * [Shellcode Examples](http:\/\/shell-storm.org\/shellcode\/) - Shellcodes database * [Exploit Writing Tutorials](https:\/\/www.corelan.be\/index.php\/2009\/07\/19\/exploit-writing-tutorial-part-1-stack-based-overflows\/) - Tutorials on how to develop exploits * [shellsploit](https:\/\/github.com\/b3mb4m\/shellsploit-framework) - New Generation Exploit Development Kit * [Voltron](https:\/\/github.com\/snare\/voltron) - A hacky debugger UI for hackers #### Social Engineering Resources * [Social Engineering Framework](http:\/\/www.social-engineer.org\/framework\/general-discussion\/) - An information resource for social engineers #### Lock Picking Resources * [Schuyler Towne channel](https:\/\/www.youtube.com\/user\/SchuylerTowne\/) - Lockpicking videos and security talks * [\/r\/lockpicking](https:\/\/www.reddit.com\/r\/lockpicking) - Resources for learning lockpicking, equipment recommendations. ### Tools #### Penetration Testing Distributions * [Kali](https:\/\/www.kali.org\/) - A Linux distribution designed for digital forensics and penetration testing * [ArchStrike](https:\/\/archstrike.org\/) - An Arch Linux repository for security professionals and enthusiasts * [BlackArch](https:\/\/www.blackarch.org\/) - Arch Linux-based distribution for penetration testers and security researchers * [NST](http:\/\/networksecuritytoolkit.org\/) - Network Security Toolkit distribution * [Pentoo](http:\/\/www.pentoo.ch\/) - Security-focused livecd based on Gentoo * [BackBox](https:\/\/backbox.org\/) - Ubuntu-based distribution for penetration tests and security assessments * [Parrot](https:\/\/www.parrotsec.org\/) - A distribution similar to Kali, with multiple architecture * [Fedora Security Lab](https:\/\/labs.fedoraproject.org\/en\/security\/) - Provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies. #### Basic Penetration Testing Tools * [Metasploit Framework](https:\/\/www.metasploit.com\/) - World's most used penetration testing software * [Burp Suite](https:\/\/portswigger.net\/burp\/) - An integrated platform for performing security testing of web applications * [ExploitPack](http:\/\/exploitpack.com\/) - Graphical tool for penetration testing with a bunch of exploits * [BeeF](https:\/\/github.com\/beefproject\/beef) - The Browser Exploitation Framework Project * [faraday](https:\/\/github.com\/infobyte\/faraday) - Collaborative Penetration Test and Vulnerability Management Platform * [evilgrade](https:\/\/github.com\/infobyte\/evilgrade) - The update explotation framework * [commix](https:\/\/github.com\/stasinopoulos\/commix) - Automated All-in-One OS Command Injection and Exploitation Tool * [routersploit](https:\/\/github.com\/reverse-shell\/routersploit) - Automated penetration testing software for router * [redsnarf] (https:\/\/github.com\/nccgroup\/redsnarf) - Post-exploitation tool for grabbing credentials #### Docker for Penetration Testing * `docker pull kalilinux\/kali-linux-docker` [official Kali Linux](https:\/\/hub.docker.com\/r\/kalilinux\/kali-linux-docker\/) * `docker pull owasp\/zap2docker-stable` - [official OWASP ZAP](https:\/\/github.com\/zaproxy\/zaproxy) * `docker pull wpscanteam\/wpscan` - [official WPScan](https:\/\/hub.docker.com\/r\/wpscanteam\/wpscan\/) * `docker pull pandrew\/metasploit` - [docker-metasploit](https:\/\/hub.docker.com\/r\/pandrew\/metasploit\/) * `docker pull citizenstig\/dvwa` - [Damn Vulnerable Web Application (DVWA)](https:\/\/hub.docker.com\/r\/citizenstig\/dvwa\/) * `docker pull wpscanteam\/vulnerablewordpress` - [Vulnerable WordPress Installation](https:\/\/hub.docker.com\/r\/wpscanteam\/vulnerablewordpress\/) * `docker pull hmlio\/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https:\/\/hub.docker.com\/r\/hmlio\/vaas-cve-2014-6271\/) * `docker pull hmlio\/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed](https:\/\/hub.docker.com\/r\/hmlio\/vaas-cve-2014-0160\/) * `docker pull opendns\/security-ninjas` - [Security Ninjas](https:\/\/hub.docker.com\/r\/opendns\/security-ninjas\/) * `docker pull diogomonica\/docker-bench-security` - [Docker Bench for Security](https:\/\/hub.docker.com\/r\/diogomonica\/docker-bench-security\/) * `docker pull ismisepaul\/securityshepherd` - [OWASP Security Shepherd](https:\/\/hub.docker.com\/r\/ismisepaul\/securityshepherd\/) * `docker pull danmx\/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https:\/\/hub.docker.com\/r\/danmx\/docker-owasp-webgoat\/) * `docker-compose build && docker-compose up` - [OWASP NodeGoat](https:\/\/github.com\/owasp\/nodegoat#option-3---run-nodegoat-on-docker) * `docker pull citizenstig\/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https:\/\/hub.docker.com\/r\/citizenstig\/nowasp\/) * `docker pull bkimminich\/juice-shop` - [OWASP Juice Shop](https:\/\/github.com\/bkimminich\/juice-shop#docker-container--) #### Vulnerability Scanners * [Nexpose](https:\/\/www.rapid7.com\/products\/nexpose\/) - Vulnerability Management & Risk Management Software * [Nessus](http:\/\/www.tenable.com\/products\/nessus-vulnerability-scanner) - Vulnerability, configuration, and compliance assessment * [Nikto](https:\/\/cirt.net\/nikto2) - Web application vulnerability scanner * [OpenVAS](http:\/\/www.openvas.org\/) - Open Source vulnerability scanner and manager * [OWASP Zed Attack Proxy](https:\/\/www.owasp.org\/index.php\/OWASP_Zed_Attack_Proxy_Project) - Penetration testing tool for web applications * [Secapps](https:\/\/secapps.com\/) - Integrated web application security testing environment * [w3af](https:\/\/github.com\/andresriancho\/w3af) - Web application attack and audit framework * [Wapiti](http:\/\/wapiti.sourceforge.net\/) - Web application vulnerability scanner * [WebReaver](http:\/\/www.webreaver.com\/) - Web application vulnerability scanner for Mac OS X * [DVCS Ripper](https:\/\/github.com\/kost\/dvcs-ripper) - Rip web accessible (distributed) version control systems: SVN\/GIT\/HG\/BZR * [arachni](https:\/\/github.com\/Arachni\/arachni) - Web Application Security Scanner Framework #### Network Tools * [nmap](https:\/\/nmap.org\/) - Free Security Scanner For Network Exploration & Security Audits * [pig](https:\/\/github.com\/rafael-santiago\/pig) - A Linux packet crafting tool * [tcpdump\/libpcap](http:\/\/www.tcpdump.org\/) - A common packet analyzer that runs under the command line * [Wireshark](https:\/\/www.wireshark.org\/) - A network protocol analyzer for Unix and Windows * [Network Tools](http:\/\/network-tools.com\/) - Different network tools: ping, lookup, whois, etc * [netsniff-ng](https:\/\/github.com\/netsniff-ng\/netsniff-ng) - A Swiss army knife for for network sniffing * [Intercepter-NG](http:\/\/sniff.su\/) - a multifunctional network toolkit * [SPARTA](http:\/\/sparta.secforce.com\/) - Network Infrastructure Penetration Testing Tool * [dnschef](http:\/\/thesprawl.org\/projects\/dnschef\/) - A highly configurable DNS proxy for pentesters * [DNSDumpster](https:\/\/dnsdumpster.com\/) - Online DNS recon and search service * [dnsenum](https:\/\/github.com\/fwaeytens\/dnsenum\/) - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results * [dnsmap](https:\/\/github.com\/makefu\/dnsmap\/) - Passive DNS network mapper * [dnsrecon](https:\/\/github.com\/darkoperator\/dnsrecon\/) - DNS Enumeration Script * [dnstracer](http:\/\/www.mavetju.org\/unix\/dnstracer.php) - Determines where a given DNS server gets its information from, and follows the chain of DNS servers * [passivedns-client](https:\/\/github.com\/chrislee35\/passivedns-client) - Provides a library and a query tool for querying several passive DNS providers * [passivedns](https:\/\/github.com\/gamelinux\/passivedns) - A network sniffer that logs all DNS server replies for use in a passive DNS setup * [Mass Scan](https:\/\/github.com\/robertdavidgraham\/masscan) - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes. * [Zarp](https:\/\/github.com\/hatRiot\/zarp) - Zarp is a network attack tool centered around the exploitation of local networks * [mitmproxy](https:\/\/github.com\/mitmproxy\/mitmproxy) - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers * [mallory](https:\/\/github.com\/justmao945\/mallory) - HTTP\/HTTPS proxy over SSH * [Netzob](https:\/\/github.com\/netzob\/netzob) - Reverse engineering, traffic generation and fuzzing of communication protocols * [DET](https:\/\/github.com\/sensepost\/DET) - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time * [pwnat](https:\/\/github.com\/samyk\/pwnat) - punches holes in firewalls and NATs * [dsniff](https:\/\/www.monkey.org\/~dugsong\/dsniff\/) - a collection of tools for network auditing and pentesting * [tgcd](http:\/\/tgcd.sourceforge.net\/) - a simple Unix network utility to extend the accessibility of TCP\/IP based network services beyond firewalls * [smbmap](https:\/\/github.com\/ShawnDEvans\/smbmap) - a handy SMB enumeration tool * [scapy](https:\/\/github.com\/secdev\/scapy) - a python-based interactive packet manipulation program & library * [Dshell](https:\/\/github.com\/USArmyResearchLab\/Dshell) - Network forensic analysis framework * [Debookee (MAC OS X)](http:\/\/www.iwaxx.com\/debookee\/) - Intercept traffic from any device on your network * [Dripcap](https:\/\/github.com\/dripcap\/dripcap) - Caffeinated packet analyzer #### Wireless Network Tools * [Aircrack-ng](http:\/\/www.aircrack-ng.org\/) - a set of tools for auditing wireless network * [Kismet](https:\/\/kismetwireless.net\/) - Wireless network detector, sniffer, and IDS * [Reaver](https:\/\/code.google.com\/archive\/p\/reaver-wps) - Brute force attack against Wifi Protected Setup * [Wifite](https:\/\/github.com\/derv82\/wifite) - Automated wireless attack tool * [wifiphisher](https:\/\/github.com\/sophron\/wifiphisher) - Automated phishing attacks against Wi-Fi networks #### SSL Analysis Tools * [SSLyze](https:\/\/github.com\/nabla-c0d3\/sslyze) - SSL configuration scanner * [sslstrip](https:\/\/www.thoughtcrime.org\/software\/sslstrip\/) - a demonstration of the HTTPS stripping attacks * [sslstrip2](https:\/\/github.com\/LeonardoNve\/sslstrip2) - SSLStrip version to defeat HSTS * [tls_prober](https:\/\/github.com\/WestpointLtd\/tls_prober) - fingerprint a server's SSL\/TLS implementation #### Web exploitation * [WPScan](https:\/\/wpscan.org\/) - Black box WordPress vulnerability scanner * [SQLmap](http:\/\/sqlmap.org\/) - Automatic SQL injection and database takeover tool * [weevely3](https:\/\/github.com\/epinna\/weevely3) - Weaponized web shell * [Wappalyzer](https:\/\/wappalyzer.com\/) - Wappalyzer uncovers the technologies used on websites * [cms-explorer](https:\/\/code.google.com\/archive\/p\/cms-explorer\/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running. * [joomscan](https:\/\/www.owasp.org\/index.php\/Category:OWASP_Joomla_Vulnerability_Scanner_Project) - Joomla CMS scanner * [WhatWeb](https:\/\/github.com\/urbanadventurer\/WhatWeb) - Website Fingerprinter * [BlindElephant](http:\/\/blindelephant.sourceforge.net\/) - Web Application Fingerprinter * [fimap](https:\/\/github.com\/kurobeats\/fimap) - Find, prepare, audit, exploit and even google automatically for LFI\/RFI bugs * [Kadabra](https:\/\/github.com\/D35m0nd142\/Kadabra) - Automatic LFI exploiter and scanner * [Kadimus](https:\/\/github.com\/P0cL4bs\/Kadimus) - LFI scan and exploit tool * [liffy](https:\/\/github.com\/hvqzao\/liffy) - LFI exploitation tool #### Hex Editors * [HexEdit.js](https:\/\/hexed.it) - Browser-based hex editing * [Hexinator](https:\/\/hexinator.com\/) (commercial) - World's finest Hex Editor * [HxD - Freeware Hex Editor and Disk Editor](https:\/\/mh-nexus.de\/en\/hxd\/) #### Crackers * [John the Ripper](http:\/\/www.openwall.com\/john\/) - Fast password cracker * [Online MD5 cracker](http:\/\/www.md5crack.com\/) - Online MD5 hash Cracker * [Hashcat](http:\/\/hashcat.net\/hashcat\/) - The more fast hash cracker * [THC Hydra](http:\/\/sectools.org\/tool\/hydra\/) - Another Great Password Cracker #### Windows Utils * [Sysinternals Suite](https:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb842062) - The Sysinternals Troubleshooting Utilities * [Windows Credentials Editor](http:\/\/www.ampliasecurity.com\/research\/windows-credentials-editor\/) - security tool to list logon sessions and add, change, list and delete associated credentials * [mimikatz](http:\/\/blog.gentilkiwi.com\/mimikatz) - Credentials extraction tool for Windows OS * [PowerSploit](https:\/\/github.com\/PowerShellMafia\/PowerSploit) - A PowerShell Post-Exploitation Framework * [Windows Exploit Suggester](https:\/\/github.com\/GDSSecurity\/Windows-Exploit-Suggester) - Detects potential missing patches on the target * [Responder](https:\/\/github.com\/SpiderLabs\/Responder) - A LLMNR, NBT-NS and MDNS poisoner * [Bloodhound](https:\/\/github.com\/adaptivethreat\/Bloodhound\/wiki) - A graphical Active Directory trust relationship explorer * [Empire](https:\/\/github.com\/PowerShellEmpire\/Empire) - Empire is a pure PowerShell post-exploitation agent * [Fibratus](https:\/\/github.com\/rabbitstack\/fibratus) - Tool for exploration and tracing of the Windows kernel #### Linux Utils * [Linux Exploit Suggester](https:\/\/github.com\/PenturaLabs\/Linux_Exploit_Suggester) - Linux Exploit Suggester; based on operating system release number. #### DDoS Tools * [LOIC](https:\/\/github.com\/NewEraCracker\/LOIC\/) - An open source network stress tool for Windows * [JS LOIC](http:\/\/metacortexsecurity.com\/tools\/anon\/LOIC\/LOICv1.html) - JavaScript in-browser version of LOIC * [T50](https:\/\/sourceforge.net\/projects\/t50\/) - The more fast network stress tool #### Social Engineering Tools * [SET](https:\/\/github.com\/trustedsec\/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec #### OSInt Tools * [Maltego](http:\/\/www.paterva.com\/web7\/) - Proprietary software for open source intelligence and forensics, from Paterva. * [theHarvester](https:\/\/github.com\/laramies\/theHarvester) - E-mail, subdomain and people names harvester * [creepy](https:\/\/github.com\/ilektrojohn\/creepy) - A geolocation OSINT tool * [metagoofil](https:\/\/github.com\/laramies\/metagoofil) - Metadata harvester * [Google Hacking Database](https:\/\/www.exploit-db.com\/google-hacking-database\/) - a database of Google dorks; can be used for recon * [Censys](https:\/\/www.censys.io\/) - Collects data on hosts and websites through daily ZMap and ZGrab scans * [Shodan](https:\/\/www.shodan.io\/) - Shodan is the world's first search engine for Internet-connected devices * [recon-ng](https:\/\/bitbucket.org\/LaNMaSteR53\/recon-ng) - A full-featured Web Reconnaissance framework written in Python * [github-dorks](https:\/\/github.com\/techgaun\/github-dorks) - CLI tool to scan github repos\/organizations for potential sensitive information leak * [vcsmap](https:\/\/github.com\/melvinsh\/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information * [Spiderfoot](http:\/\/www.spiderfoot.net\/) - multi-source OSINT automation tool with a Web UI and report visualizations #### Anonymity Tools * [Tor](https:\/\/www.torproject.org\/) - The free software for enabling onion routing online anonymity * [I2P](https:\/\/geti2p.net\/en\/) - The Invisible Internet Project * [Nipe](https:\/\/github.com\/GouveaHeitor\/nipe) - Script to redirect all traffic from the machine to the Tor network. #### Reverse Engineering Tools * [IDA Pro](https:\/\/www.hex-rays.com\/products\/ida\/) - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger * [IDA Free](https:\/\/www.hex-rays.com\/products\/ida\/support\/download_freeware.shtml) - The freeware version of IDA v5.0 * [WDK\/WinDbg](https:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/hh852365.aspx) - Windows Driver Kit and WinDbg * [OllyDbg](http:\/\/www.ollydbg.de\/) - An x86 debugger that emphasizes binary code analysis * [Radare2](http:\/\/rada.re\/r\/index.html) - Opensource, crossplatform reverse engineering framework * [x64_dbg](http:\/\/x64dbg.com\/) - An open-source x64\/x32 debugger for windows * [Immunity Debugger](http:\/\/debugger.immunityinc.com\/) - A powerful new way to write exploits and analyze malware * [Evan's Debugger](http:\/\/www.codef00.com\/projects#debugger) - OllyDbg-like debugger for Linux * [Medusa disassembler](https:\/\/github.com\/wisk\/medusa) - An open source interactive disassembler * [plasma](https:\/\/github.com\/joelpx\/plasma) - Interactive disassembler for x86\/ARM\/MIPS. Generates indented pseudo-code with colored syntax code * [peda](https:\/\/github.com\/longld\/peda) - Python Exploit Development Assistance for GDB * [dnSpy](https:\/\/github.com\/0xd4d\/dnSpy) - dnSpy is a tool to reverse engineer .NET assemblies #### CTF Tools * [Pwntools](https:\/\/github.com\/Gallopsled\/pwntools) - CTF framework for use in CTFs ### Books #### Penetration Testing Books * [The Art of Exploitation by Jon Erickson, 2008](http:\/\/amzn.to\/2iqhK9S) * [Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011](http:\/\/amzn.to\/2jl5pUd) * [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014](http:\/\/amzn.to\/2jMfK8i) * [Rtfm: Red Team Field Manual by Ben Clark, 2014](http:\/\/amzn.to\/2iz9K4Y) * [The Hacker Playbook 2: Practical Guide To Penetration Testing](http:\/\/amzn.to\/2jMdNbU) * [The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013](http:\/\/amzn.to\/2jMgMkj) * [Professional Penetration Testing by Thomas Wilhelm, 2013](http:\/\/amzn.to\/2jMq9AI) * [Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012](http:\/\/amzn.to\/2jl6GKU) * [Violent Python by TJ O'Connor, 2012](http:\/\/amzn.to\/2jMbTYy) * [Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007](http:\/\/amzn.to\/2izbgDS) * [Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014](http:\/\/amzn.to\/2jl5FCk) * [Penetration Testing: Procedures & Methodologies by EC-Council, 2010](http:\/\/amzn.to\/2izaBmc) * [Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010](http:\/\/amzn.to\/2izcwqI) * [Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014](http:\/\/amzn.to\/2iqoyEj) * [Bug Hunter's Diary by Tobias Klein, 2011](http:\/\/amzn.to\/2jkYHO2) #### Hackers Handbook Series * [The Database Hacker's Handbook, David Litchfield et al., 2005](http:\/\/amzn.to\/2jlcqEB) * [The Shellcoders Handbook by Chris Anley et al., 2007](http:\/\/amzn.to\/2iudxwQ) * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http:\/\/amzn.to\/2jSUpxO) * [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http:\/\/amzn.to\/2jl0rGQ) * [iOS Hackers Handbook by Charlie Miller et al., 2012](http:\/\/amzn.to\/2jMpWO4) * [Android Hackers Handbook by Joshua J. Drake et al., 2014](http:\/\/amzn.to\/2jmN5tg) * [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http:\/\/amzn.to\/2jl9asy) * [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http:\/\/amzn.to\/2jMmtz1) * [Car Hacker's Handbook by Craig Smith, 2016](http:\/\/amzn.to\/2jldxnL) #### Defensive Development * [Holistic Info-Sec for Web Developers (Fascicle 0)](http:\/\/amzn.to\/2jmRqwB) * [Holistic Info-Sec for Web Developers (Fascicle 1)](https:\/\/leanpub.com\/holistic-infosec-for-web-developers-fascicle1-vps-network-cloud-webapplications) #### Network Analysis Books * [Nmap Network Scanning by Gordon Fyodor Lyon, 2009](http:\/\/amzn.to\/2izkmAN) * [Practical Packet Analysis by Chris Sanders, 2011](http:\/\/amzn.to\/2jn091H) * [Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012](http:\/\/amzn.to\/2jn4DFU) * [Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012](http:\/\/amzn.to\/2izaCXe) #### Reverse Engineering Books * [Reverse Engineering for Beginners by Dennis Yurichev](http:\/\/beginners.re\/) * [Hacking the Xbox by Andrew Huang, 2003](http:\/\/amzn.to\/2iudEbO) * [The IDA Pro Book by Chris Eagle, 2011](http:\/\/amzn.to\/2itYfbI) * [Practical Reverse Engineering by Bruce Dang et al., 2014](http:\/\/amzn.to\/2jMnAyD) * [Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015](http:\/\/amzn.to\/2iua6q7) #### Malware Analysis Books * [Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012](http:\/\/amzn.to\/2izon8f) * [The Art of Memory Forensics by Michael Hale Ligh et al., 2014](http:\/\/amzn.to\/2iuh1j8) * [Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010](http:\/\/amzn.to\/2jnag6W) #### Windows Books * [Windows Internals by Mark Russinovich et al., 2012](http:\/\/amzn.to\/2jl4zGJ) #### Social Engineering Books * [The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002](http:\/\/amzn.to\/2jMhgXQ) * [The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005](http:\/\/amzn.to\/2jl287p) * [Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011](http:\/\/amzn.to\/2izbuuV) * [No Tech Hacking by Johnny Long & Jack Wiles, 2008](http:\/\/amzn.to\/2iudb9G) * [Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010](http:\/\/amzn.to\/2iu62WZ) * [Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014](http:\/\/amzn.to\/2izf4W5) * [Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014](http:\/\/amzn.to\/2izlww9) #### Lock Picking Books * [Practical Lock Picking by Deviant Ollam, 2012](http:\/\/amzn.to\/2jmQeJy) * [Keys to the Kingdom by Deviant Ollam, 2012](http:\/\/amzn.to\/2izcvDg) * [CIA Lock Picking Field Operative Training Manual](http:\/\/amzn.to\/2jMrw2c) * [Lock Picking: Detail Overkill by Solomon](https:\/\/www.dropbox.com\/s\/y39ix9u9qpqffct\/Lockpicking%20Detail%20Overkill.pdf?dl=0) * [Eddie the Wire books](https:\/\/www.dropbox.com\/sh\/k3z4dm4vyyojp3o\/AAAIXQuwMmNuCch_StLPUYm-a?dl=0) ### Vulnerability Databases * [NVD](https:\/\/nvd.nist.gov\/) - US National Vulnerability Database * [CERT](https:\/\/www.us-cert.gov\/) - US Computer Emergency Readiness Team * [OSVDB](https:\/\/blog.osvdb.org\/) - Open Sourced Vulnerability Database * [Bugtraq](http:\/\/www.securityfocus.com\/) - Symantec SecurityFocus * [Exploit-DB](https:\/\/www.exploit-db.com\/) - Offensive Security Exploit Database * [Fulldisclosure](http:\/\/seclists.org\/fulldisclosure\/) - Full Disclosure Mailing List * [MS Bulletin](https:\/\/technet.microsoft.com\/en-us\/security\/bulletins) - Microsoft Security Bulletin * [MS Advisory](https:\/\/technet.microsoft.com\/en-us\/security\/advisories) - Microsoft Security Advisories * [Inj3ct0r](http:\/\/www.1337day.com\/) - Inj3ct0r Exploit Database * [Packet Storm](https:\/\/packetstormsecurity.com\/) - Packet Storm Global Security Resource * [SecuriTeam](http:\/\/www.securiteam.com\/) - Securiteam Vulnerability Information * [CXSecurity](http:\/\/cxsecurity.com\/) - CSSecurity Bugtraq List * [Vulnerability Laboratory](http:\/\/www.vulnerability-lab.com\/) - Vulnerability Research Laboratory * [ZDI](http:\/\/www.zerodayinitiative.com\/) - Zero Day Initiative * [Vulners](https:\/\/vulners.com) - Security database of software vulnerabilities ### Security Courses * [Offensive Security Training](https:\/\/www.offensive-security.com\/information-security-training\/) - Training from BackTrack\/Kali developers * [SANS Security Training](http:\/\/www.sans.org\/) - Computer Security Training & Certification * [Open Security Training](http:\/\/opensecuritytraining.info\/) - Training material for computer security classes * [CTF Field Guide](https:\/\/trailofbits.github.io\/ctf\/) - everything you need to win your next CTF competition * [ARIZONA CYBER WARFARE RANGE](http:\/\/azcwr.org\/) - 24x7 live fire exercises for beginners through real world operations; capability for upward progression into the real world of cyber warfare. * [Cybrary](http:\/\/cybrary.it) - Free courses in ethical hacking and advanced penetration testing. Advanced penetration testing courses are based on the book 'Penetration Testing for Highly Secured Enviroments'. * [Computer Security Student](http:\/\/computersecuritystudent.com) - Many free tutorials, great for beginners, $10\/mo membership unlocks all content * [European Union Agency for Network and Information Security](https:\/\/www.enisa.europa.eu\/topics\/trainings-for-cybersecurity-specialists\/online-training-material) - ENISA Cyber Security Training material ### Information Security Conferences * [DEF CON](https:\/\/www.defcon.org\/) - An annual hacker convention in Las Vegas * [Black Hat](http:\/\/www.blackhat.com\/) - An annual security conference in Las Vegas * [BSides](http:\/\/www.securitybsides.com\/) - A framework for organising and holding security conferences * [CCC](https:\/\/events.ccc.de\/congress\/) - An annual meeting of the international hacker scene in Germany * [DerbyCon](https:\/\/www.derbycon.com\/) - An annual hacker conference based in Louisville * [PhreakNIC](http:\/\/phreaknic.info\/) - A technology conference held annually in middle Tennessee * [ShmooCon](http:\/\/shmoocon.org\/) - An annual US east coast hacker convention * [CarolinaCon](http:\/\/www.carolinacon.org\/) - An infosec conference, held annually in North Carolina * [CHCon](https:\/\/chcon.nz) - Christchurch Hacker Con, Only South Island of New Zealand hacker con * [SummerCon](http:\/\/www.summercon.org\/) - One of the oldest hacker conventions, held during Summer * [Hack.lu](https:\/\/2016.hack.lu\/) - An annual conference held in Luxembourg * [HITB](https:\/\/conference.hitb.org\/) - Deep-knowledge security conference held in Malaysia and The Netherlands * [Troopers](https:\/\/www.troopers.de) - Annual international IT Security event with workshops held in Heidelberg, Germany * [Hack3rCon](http:\/\/hack3rcon.org\/) - An annual US hacker conference * [ThotCon](http:\/\/thotcon.org\/) - An annual US hacker conference held in Chicago * [LayerOne](http:\/\/www.layerone.org\/) - An annual US security conference held every spring in Los Angeles * [DeepSec](https:\/\/deepsec.net\/) - Security Conference in Vienna, Austria * [SkyDogCon](http:\/\/www.skydogcon.com\/) - A technology conference in Nashville * [SECUINSIDE](http:\/\/secuinside.com) - Security Conference in [Seoul](https:\/\/en.wikipedia.org\/wiki\/Seoul) * [DefCamp](http:\/\/def.camp\/) - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania * [AppSecUSA](https:\/\/appsecusa.org\/) - An annual conference organised by OWASP * [BruCON](http:\/\/brucon.org) - An annual security conference in Belgium * [Infosecurity Europe](http:\/\/www.infosecurityeurope.com\/) - Europe's number one information security event, held in London, UK * [Nullcon](http:\/\/nullcon.net\/website\/) - An annual conference in Delhi and Goa, India * [RSA Conference USA](https:\/\/www.rsaconference.com\/) - An annual security conference in San Francisco, California, USA * [Swiss Cyber Storm](https:\/\/www.swisscyberstorm.com\/) - An annual security conference in Lucerne, Switzerland * [Virus Bulletin Conference](https:\/\/www.virusbulletin.com\/conference\/index) - An annual conference going to be held in Denver, USA for 2016 * [Ekoparty](http:\/\/www.ekoparty.org) - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina * [44Con](https:\/\/44con.com\/) - Annual Security Conference held in London * [BalCCon](https:\/\/www.balccon.org) - Balkan Computer Congress, annualy held in Novi Sad, Serbia * [FSec](http:\/\/fsec.foi.hr) - FSec - Croatian Information Security Gathering in Varaždin, Croatia ### Information Security Magazines * [2600: The Hacker Quarterly](https:\/\/www.2600.com\/Magazine\/DigitalEditions) - An American publication about technology and computer \"underground\" * [Phrack Magazine](http:\/\/www.phrack.org\/) - By far the longest running hacker zine Please have a look at * [Top Hacking Books](http:\/\/www.kalitut.com\/2016\/12\/best-ethical-hacking-books.html) * [Top Reverse Engineering Books](http:\/\/www.kalitut.com\/2017\/01\/Best-reverse-engineering-books.html) * [Top Machine learning Books](http:\/\/www.kalitut.com\/2017\/01\/machine-learning-book.html) * [Top 5 books Programming Books](http:\/\/www.kalitut.com\/2017\/01\/Top-Programming-Books.html) * [Top Java Books](http:\/\/www.kalitut.com\/2017\/01\/Best-Java-Programming-Books.html)", "fork": false, "created_at": "2022-08-15T13:40:44Z", - "updated_at": "2022-08-16T16:59:27Z", + "updated_at": "2022-08-19T10:47:47Z", "pushed_at": "2022-08-15T13:41:52Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -1927,7 +1927,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2015/CVE-2015-3456.json b/2015/CVE-2015-3456.json index 688017a1fb..2a876323d8 100644 --- a/2015/CVE-2015-3456.json +++ b/2015/CVE-2015-3456.json @@ -13,7 +13,7 @@ "description": "Experiments related to CVE-2015-3456", "fork": false, "created_at": "2015-05-17T20:14:47Z", - "updated_at": "2022-08-18T07:17:35Z", + "updated_at": "2022-08-19T11:11:54Z", "pushed_at": "2015-05-27T13:58:46Z", "stargazers_count": 12, "watchers_count": 12, diff --git a/2017/CVE-2017-8759.json b/2017/CVE-2017-8759.json index df24b84046..94526095fd 100644 --- a/2017/CVE-2017-8759.json +++ b/2017/CVE-2017-8759.json @@ -186,10 +186,10 @@ "description": "Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit \/ meterpreter \/ other payload to victim without any complex configuration.", "fork": false, "created_at": "2017-09-14T10:04:39Z", - "updated_at": "2022-07-27T07:08:27Z", + "updated_at": "2022-08-19T07:36:50Z", "pushed_at": "2018-09-10T16:25:12Z", - "stargazers_count": 316, - "watchers_count": 316, + "stargazers_count": 317, + "watchers_count": 317, "forks_count": 124, "allow_forking": true, "is_template": false, @@ -197,7 +197,7 @@ "topics": [], "visibility": "public", "forks": 124, - "watchers": 316, + "watchers": 317, "score": 0 }, { diff --git a/2018/CVE-2018-8581.json b/2018/CVE-2018-8581.json index 9b98b5569f..8f8343bcfe 100644 --- a/2018/CVE-2018-8581.json +++ b/2018/CVE-2018-8581.json @@ -13,10 +13,10 @@ "description": "CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability", "fork": false, "created_at": "2018-12-27T06:30:32Z", - "updated_at": "2022-07-29T07:40:59Z", + "updated_at": "2022-08-19T06:45:04Z", "pushed_at": "2018-12-30T11:53:08Z", - "stargazers_count": 328, - "watchers_count": 328, + "stargazers_count": 329, + "watchers_count": 329, "forks_count": 115, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 115, - "watchers": 328, + "watchers": 329, "score": 0 }, { diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index e1014386cf..f7cda690aa 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -1123,10 +1123,10 @@ "description": "dump", "fork": false, "created_at": "2019-05-21T06:57:19Z", - "updated_at": "2022-07-28T13:40:48Z", + "updated_at": "2022-08-19T07:38:37Z", "pushed_at": "2019-06-01T05:15:11Z", - "stargazers_count": 479, - "watchers_count": 479, + "stargazers_count": 480, + "watchers_count": 480, "forks_count": 189, "allow_forking": true, "is_template": false, @@ -1134,7 +1134,7 @@ "topics": [], "visibility": "public", "forks": 189, - "watchers": 479, + "watchers": 480, "score": 0 }, { diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index c9f9100a84..cd599aa943 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -41,10 +41,10 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2022-08-19T04:50:29Z", + "updated_at": "2022-08-19T09:57:20Z", "pushed_at": "2021-04-04T09:13:57Z", - "stargazers_count": 3492, - "watchers_count": 3492, + "stargazers_count": 3493, + "watchers_count": 3493, "forks_count": 1030, "allow_forking": true, "is_template": false, @@ -72,7 +72,7 @@ ], "visibility": "public", "forks": 1030, - "watchers": 3492, + "watchers": 3493, "score": 0 }, { diff --git a/2019/CVE-2019-2729.json b/2019/CVE-2019-2729.json index 35a3c69d73..29ef8fccb1 100644 --- a/2019/CVE-2019-2729.json +++ b/2019/CVE-2019-2729.json @@ -41,10 +41,10 @@ "description": "CVE-2019-2729 Exploit Script", "fork": false, "created_at": "2020-02-19T03:49:51Z", - "updated_at": "2022-06-17T01:45:03Z", + "updated_at": "2022-08-19T10:14:38Z", "pushed_at": "2020-02-19T08:48:02Z", - "stargazers_count": 32, - "watchers_count": 32, + "stargazers_count": 33, + "watchers_count": 33, "forks_count": 17, "allow_forking": true, "is_template": false, @@ -52,7 +52,7 @@ "topics": [], "visibility": "public", "forks": 17, - "watchers": 32, + "watchers": 33, "score": 0 }, { diff --git a/2019/CVE-2019-6447.json b/2019/CVE-2019-6447.json index ceecd9a0f2..af63b6dd8d 100644 --- a/2019/CVE-2019-6447.json +++ b/2019/CVE-2019-6447.json @@ -17,7 +17,7 @@ "pushed_at": "2021-09-01T08:56:40Z", "stargazers_count": 647, "watchers_count": 647, - "forks_count": 138, + "forks_count": 137, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -28,7 +28,7 @@ "vulnerability" ], "visibility": "public", - "forks": 138, + "forks": 137, "watchers": 647, "score": 0 }, diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index ceea6278cb..55868b7f42 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -13,10 +13,10 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2022-08-19T04:50:29Z", + "updated_at": "2022-08-19T09:57:20Z", "pushed_at": "2021-04-04T09:13:57Z", - "stargazers_count": 3492, - "watchers_count": 3492, + "stargazers_count": 3493, + "watchers_count": 3493, "forks_count": 1030, "allow_forking": true, "is_template": false, @@ -44,7 +44,7 @@ ], "visibility": "public", "forks": 1030, - "watchers": 3492, + "watchers": 3493, "score": 0 }, { diff --git a/2020/CVE-2020-14883.json b/2020/CVE-2020-14883.json index 4eb5650b41..ca4d5b60e5 100644 --- a/2020/CVE-2020-14883.json +++ b/2020/CVE-2020-14883.json @@ -129,7 +129,7 @@ "pushed_at": "2021-07-30T03:28:00Z", "stargazers_count": 984, "watchers_count": 984, - "forks_count": 313, + "forks_count": 314, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -139,7 +139,7 @@ "poc" ], "visibility": "public", - "forks": 313, + "forks": 314, "watchers": 984, "score": 0 } diff --git a/2021/CVE-2021-25646.json b/2021/CVE-2021-25646.json index 912ce52dce..fa2897caca 100644 --- a/2021/CVE-2021-25646.json +++ b/2021/CVE-2021-25646.json @@ -129,7 +129,7 @@ "pushed_at": "2021-07-30T03:28:00Z", "stargazers_count": 984, "watchers_count": 984, - "forks_count": 313, + "forks_count": 314, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -139,7 +139,7 @@ "poc" ], "visibility": "public", - "forks": 313, + "forks": 314, "watchers": 984, "score": 0 }, diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 74eb81cd59..58e8304317 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -1004,10 +1004,10 @@ "description": "Sudo Baron Samedit Exploit", "fork": false, "created_at": "2021-03-15T17:37:02Z", - "updated_at": "2022-08-17T11:39:13Z", + "updated_at": "2022-08-19T09:22:10Z", "pushed_at": "2022-01-13T05:48:01Z", - "stargazers_count": 528, - "watchers_count": 528, + "stargazers_count": 529, + "watchers_count": 529, "forks_count": 145, "allow_forking": true, "is_template": false, @@ -1015,7 +1015,7 @@ "topics": [], "visibility": "public", "forks": 145, - "watchers": 528, + "watchers": 529, "score": 0 }, { diff --git a/2021/CVE-2021-3929.json b/2021/CVE-2021-3929.json index a51480343e..3dd7e6920e 100644 --- a/2021/CVE-2021-3929.json +++ b/2021/CVE-2021-3929.json @@ -13,10 +13,10 @@ "description": "Recursive MMIO VM Escape PoC", "fork": false, "created_at": "2022-05-13T05:33:28Z", - "updated_at": "2022-08-15T15:42:25Z", + "updated_at": "2022-08-19T08:53:37Z", "pushed_at": "2022-05-13T05:37:41Z", - "stargazers_count": 139, - "watchers_count": 139, + "stargazers_count": 140, + "watchers_count": 140, "forks_count": 22, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 22, - "watchers": 139, + "watchers": 140, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-4045.json b/2021/CVE-2021-4045.json index 08e7a1d26c..ab4796d947 100644 --- a/2021/CVE-2021-4045.json +++ b/2021/CVE-2021-4045.json @@ -17,13 +17,13 @@ "pushed_at": "2022-04-19T10:30:13Z", "stargazers_count": 7, "watchers_count": 7, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 7, "score": 0 } diff --git a/2021/CVE-2021-4154.json b/2021/CVE-2021-4154.json index a12e45370a..6a988eb169 100644 --- a/2021/CVE-2021-4154.json +++ b/2021/CVE-2021-4154.json @@ -13,10 +13,10 @@ "description": "CVE-2021-4154 exploit", "fork": false, "created_at": "2022-08-11T05:46:27Z", - "updated_at": "2022-08-18T01:13:52Z", + "updated_at": "2022-08-19T10:49:11Z", "pushed_at": "2022-08-11T06:00:10Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 6, + "watchers": 7, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index 9aab330b94..74830c09bc 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -13,10 +13,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-11T15:10:30Z", - "updated_at": "2022-08-16T00:16:09Z", + "updated_at": "2022-08-19T09:25:18Z", "pushed_at": "2022-07-10T22:23:13Z", - "stargazers_count": 830, - "watchers_count": 830, + "stargazers_count": 832, + "watchers_count": 832, "forks_count": 175, "allow_forking": true, "is_template": false, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 175, - "watchers": 830, + "watchers": 832, "score": 0 }, { @@ -50,13 +50,13 @@ "pushed_at": "2022-04-25T07:53:41Z", "stargazers_count": 382, "watchers_count": 382, - "forks_count": 76, + "forks_count": 77, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 76, + "forks": 77, "watchers": 382, "score": 0 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index a0d7cf8b26..c2ec09f5e0 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -13,10 +13,10 @@ "description": "Apache Log4j 远程代码执行", "fork": false, "created_at": "2021-12-09T15:27:38Z", - "updated_at": "2022-08-10T19:17:56Z", + "updated_at": "2022-08-19T08:55:56Z", "pushed_at": "2022-07-25T20:41:30Z", - "stargazers_count": 26, - "watchers_count": 26, + "stargazers_count": 27, + "watchers_count": 27, "forks_count": 17, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 17, - "watchers": 26, + "watchers": 27, "score": 0 }, { @@ -961,10 +961,10 @@ "description": "Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!", "fork": false, "created_at": "2021-12-12T00:29:03Z", - "updated_at": "2022-07-21T17:40:46Z", + "updated_at": "2022-08-19T09:52:12Z", "pushed_at": "2022-03-10T18:44:50Z", - "stargazers_count": 623, - "watchers_count": 623, + "stargazers_count": 624, + "watchers_count": 624, "forks_count": 101, "allow_forking": true, "is_template": false, @@ -984,7 +984,7 @@ ], "visibility": "public", "forks": 101, - "watchers": 623, + "watchers": 624, "score": 0 }, { @@ -1778,18 +1778,18 @@ "description": "a fast check, if your server could be vulnerable to CVE-2021-44228", "fork": false, "created_at": "2021-12-13T04:14:18Z", - "updated_at": "2022-08-16T20:12:20Z", + "updated_at": "2022-08-19T09:01:04Z", "pushed_at": "2022-01-21T11:43:49Z", - "stargazers_count": 257, - "watchers_count": 257, - "forks_count": 88, + "stargazers_count": 258, + "watchers_count": 258, + "forks_count": 89, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 88, - "watchers": 257, + "forks": 89, + "watchers": 258, "score": 0 }, { @@ -2434,10 +2434,10 @@ "description": "PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs", "fork": false, "created_at": "2021-12-13T21:39:51Z", - "updated_at": "2022-08-05T14:35:31Z", + "updated_at": "2022-08-19T11:54:42Z", "pushed_at": "2021-12-21T01:24:46Z", - "stargazers_count": 283, - "watchers_count": 283, + "stargazers_count": 284, + "watchers_count": 284, "forks_count": 32, "allow_forking": true, "is_template": false, @@ -2445,7 +2445,7 @@ "topics": [], "visibility": "public", "forks": 32, - "watchers": 283, + "watchers": 284, "score": 0 }, { @@ -6008,10 +6008,10 @@ "description": "log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。", "fork": false, "created_at": "2021-12-20T13:41:35Z", - "updated_at": "2022-08-02T01:43:17Z", + "updated_at": "2022-08-19T11:08:38Z", "pushed_at": "2021-12-21T06:11:58Z", - "stargazers_count": 25, - "watchers_count": 25, + "stargazers_count": 26, + "watchers_count": 26, "forks_count": 6, "allow_forking": true, "is_template": false, @@ -6019,7 +6019,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 25, + "watchers": 26, "score": 0 }, { diff --git a/2022/CVE-2022-1015.json b/2022/CVE-2022-1015.json index 5442ced6f7..707a27c6cd 100644 --- a/2022/CVE-2022-1015.json +++ b/2022/CVE-2022-1015.json @@ -73,13 +73,13 @@ "pushed_at": "2022-08-06T12:40:37Z", "stargazers_count": 3, "watchers_count": 3, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 3, "score": 0 } diff --git a/2022/CVE-2022-2022.json b/2022/CVE-2022-2022.json index 9b4575ef35..3b3f7070be 100644 --- a/2022/CVE-2022-2022.json +++ b/2022/CVE-2022-2022.json @@ -13,10 +13,10 @@ "description": "CVE-2022-2022", "fork": false, "created_at": "2021-11-22T12:57:22Z", - "updated_at": "2022-08-19T02:54:39Z", + "updated_at": "2022-08-19T10:20:51Z", "pushed_at": "2022-08-03T08:39:29Z", - "stargazers_count": 322, - "watchers_count": 322, + "stargazers_count": 323, + "watchers_count": 323, "forks_count": 142, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 142, - "watchers": 322, + "watchers": 323, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-22947.json b/2022/CVE-2022-22947.json index f655f02c43..b4463a4849 100644 --- a/2022/CVE-2022-22947.json +++ b/2022/CVE-2022-22947.json @@ -13,10 +13,10 @@ "description": "CVE-2022-22947", "fork": false, "created_at": "2022-03-02T11:58:55Z", - "updated_at": "2022-08-15T15:42:11Z", + "updated_at": "2022-08-19T07:17:12Z", "pushed_at": "2022-03-03T14:03:30Z", - "stargazers_count": 182, - "watchers_count": 182, + "stargazers_count": 183, + "watchers_count": 183, "forks_count": 59, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 59, - "watchers": 182, + "watchers": 183, "score": 0 }, { @@ -1286,10 +1286,10 @@ "description": "Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 注入哥斯拉内存马", "fork": false, "created_at": "2022-05-16T15:27:41Z", - "updated_at": "2022-08-14T06:33:48Z", + "updated_at": "2022-08-19T09:26:23Z", "pushed_at": "2022-05-16T15:33:37Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "forks_count": 2, "allow_forking": true, "is_template": false, @@ -1297,7 +1297,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 4, + "watchers": 5, "score": 0 }, { diff --git a/2022/CVE-2022-2588.json b/2022/CVE-2022-2588.json index 5f20a6b2a6..51373a02df 100644 --- a/2022/CVE-2022-2588.json +++ b/2022/CVE-2022-2588.json @@ -13,10 +13,10 @@ "description": "exploit for CVE-2022-2588", "fork": false, "created_at": "2022-08-11T06:01:24Z", - "updated_at": "2022-08-18T14:42:42Z", + "updated_at": "2022-08-19T10:49:05Z", "pushed_at": "2022-08-11T06:04:18Z", - "stargazers_count": 30, - "watchers_count": 30, + "stargazers_count": 32, + "watchers_count": 32, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 30, + "watchers": 32, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-26134.json b/2022/CVE-2022-26134.json index 7b23493f9a..087b9f2a16 100644 --- a/2022/CVE-2022-26134.json +++ b/2022/CVE-2022-26134.json @@ -13,10 +13,10 @@ "description": "【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。", "fork": false, "created_at": "2022-05-31T07:44:01Z", - "updated_at": "2022-08-19T02:49:04Z", + "updated_at": "2022-08-19T07:18:05Z", "pushed_at": "2022-08-15T07:00:18Z", - "stargazers_count": 668, - "watchers_count": 668, + "stargazers_count": 669, + "watchers_count": 669, "forks_count": 126, "allow_forking": true, "is_template": false, @@ -44,7 +44,7 @@ ], "visibility": "public", "forks": 126, - "watchers": 668, + "watchers": 669, "score": 0 }, { diff --git a/2022/CVE-2022-27255.json b/2022/CVE-2022-27255.json index f3fc5070c3..4cc2d82c53 100644 --- a/2022/CVE-2022-27255.json +++ b/2022/CVE-2022-27255.json @@ -13,18 +13,18 @@ "description": null, "fork": false, "created_at": "2022-07-06T17:29:04Z", - "updated_at": "2022-08-19T03:54:23Z", + "updated_at": "2022-08-19T11:37:12Z", "pushed_at": "2022-08-19T00:41:08Z", - "stargazers_count": 92, - "watchers_count": 92, - "forks_count": 20, + "stargazers_count": 114, + "watchers_count": 114, + "forks_count": 23, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 20, - "watchers": 92, + "forks": 23, + "watchers": 114, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-27925.json b/2022/CVE-2022-27925.json index 1407e46753..3b035b1197 100644 --- a/2022/CVE-2022-27925.json +++ b/2022/CVE-2022-27925.json @@ -17,13 +17,13 @@ "pushed_at": "2022-08-13T18:54:58Z", "stargazers_count": 43, "watchers_count": 43, - "forks_count": 17, + "forks_count": 18, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 17, + "forks": 18, "watchers": 43, "score": 0 }, diff --git a/2022/CVE-2022-32832.json b/2022/CVE-2022-32832.json index 01e6d67b23..d1634c7c00 100644 --- a/2022/CVE-2022-32832.json +++ b/2022/CVE-2022-32832.json @@ -13,18 +13,18 @@ "description": "Proof-of-concept and write-up for the CVE-2022-32832 vulnerability patched in iOS 15.6", "fork": false, "created_at": "2022-07-21T13:09:50Z", - "updated_at": "2022-08-19T00:33:45Z", + "updated_at": "2022-08-19T09:32:26Z", "pushed_at": "2022-07-21T13:44:32Z", - "stargazers_count": 72, - "watchers_count": 72, - "forks_count": 6, + "stargazers_count": 73, + "watchers_count": 73, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, - "watchers": 72, + "forks": 7, + "watchers": 73, "score": 0 }, { diff --git a/2022/CVE-2022-33980.json b/2022/CVE-2022-33980.json index 21a2ba4afb..baffb97b1a 100644 --- a/2022/CVE-2022-33980.json +++ b/2022/CVE-2022-33980.json @@ -69,10 +69,10 @@ "description": "CVE", "fork": false, "created_at": "2022-08-10T03:21:19Z", - "updated_at": "2022-08-18T16:26:04Z", + "updated_at": "2022-08-19T07:01:08Z", "pushed_at": "2022-08-10T03:25:06Z", - "stargazers_count": 25, - "watchers_count": 25, + "stargazers_count": 26, + "watchers_count": 26, "forks_count": 6, "allow_forking": true, "is_template": false, @@ -80,7 +80,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 25, + "watchers": 26, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-36271.json b/2022/CVE-2022-36271.json index 789c111e88..20fa8f49df 100644 --- a/2022/CVE-2022-36271.json +++ b/2022/CVE-2022-36271.json @@ -13,10 +13,10 @@ "description": "This is working POC of CVE-2022-36271 ", "fork": false, "created_at": "2022-08-16T19:48:36Z", - "updated_at": "2022-08-19T05:35:55Z", + "updated_at": "2022-08-19T11:05:39Z", "pushed_at": "2022-08-16T19:54:10Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 2, + "watchers": 3, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-37042.json b/2022/CVE-2022-37042.json index 23f647b8b4..ac74a54351 100644 --- a/2022/CVE-2022-37042.json +++ b/2022/CVE-2022-37042.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2022-08-18T18:39:39Z", - "updated_at": "2022-08-19T03:16:01Z", + "updated_at": "2022-08-19T11:08:11Z", "pushed_at": "2022-08-18T18:41:13Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 0, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index 0fa4a9eea1..b59f1263b1 100644 --- a/README.md +++ b/README.md @@ -27472,6 +27472,14 @@ The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does n - [Alexeyan/CVE-2009-4137](https://github.com/Alexeyan/CVE-2009-4137) +### CVE-2009-4623 (2010-01-18) + + +Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator has not followed installation instructions in install.php. NOTE: this might be the same as CVE-2020-35598. + + +- [hupe1980/CVE-2009-4623](https://github.com/hupe1980/CVE-2009-4623) + ### CVE-2009-4660 (2010-03-03) @@ -28062,14 +28070,6 @@ The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the clie ## 2001 -### CVE-2001-0550 (2002-06-25) - - -wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). - - -- [gilberto47831/Network-Filesystem-Forensics](https://github.com/gilberto47831/Network-Filesystem-Forensics) - ### CVE-2001-0680 (2002-03-09)