【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。

hack tools

CVE-2023-38831 winrar exploit generator

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)

exploit for f5-big-ip RCE cve-2023-46747

Exploits by 1N3 @CrowdShield @xer0dayz @xerosecurity

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution/CVE-2019-1653/Cisco SNMP RCE/Dump Cisco RV320 Password)

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

Arbitrary SMM code execution exploit for industry-wide 0day vulnerability in AMI Aptio based firmwares

CVE-2024-32640 | Automated SQLi Exploitation PoC

CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support

exploit for cve-2023-47246 SysAid RCE (shell upload)

【Lazy Artifact】A graphical tool that collects urls in batches, and performs various nday detections on the collected urls in batches. It can be used for src mining, cnvd mining, 0day exploitation, building your own arsenal and other scenarios.

Spring Core RCE 0-day Vulnerability (https://share.vx-underground.org/)

CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.

Apache Solr <=8.2.0 Velocity Template 0day Exploit

RTSPhuzz - An RTSP Fuzzer written using the Boofuzz framework