A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Gather and update all available and newest CVEs with their PoC.

Open Source Vulnerability Management Platform

快速搭建各种漏洞环境(Various vulnerability environment)

✍️ A curated list of CVE PoCs.

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能

🌴Linux、macOS、Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (提权漏洞合集)

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

面向网络安全从业者的知识文库🍃

A collection of JavaScript engine CVEs with PoCs

cve-search - a tool to perform local searches for known vulnerabilities

🐈Medusa是一个红队武器库平台，目前包括XSS平台、协同平台、CVE监控、免杀生成、DNSLOG、钓鱼邮件、文件获取等功能，持续开发中

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点

CVE Alerting Platform

傻瓜式漏洞PoC测试框架

一个基于 docsify 的综合漏洞知识库，目前漏洞数量 900+

Attack surface mapping