A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

快速搭建各种漏洞环境(Various vulnerability environment)

A tool designed to exploit a privilege escalation vulnerability in the sudo program on Unix-like systems. It takes advantage of a specific misconfiguration or flaw in sudo to gain elevated privileges on the system, essentially allowing a regular user to execute commands as the root user.

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

Weekly updated list of missing CVEs in nuclei templates official repository. Mainly built for bug bounty, but useful for penetration tests and vulnerability assessments too.

A script to automate privilege escalation with CVE-2023-22809 vulnerability

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

NVD/CVE as JSON files

CVE-2024-32002 RCE PoC

Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.

Automated privilege escalation of the world's most popular Docker images.

Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]

log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)

PoC repository for CVE-2023-29007

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

Just basic scanner abusing CVE-2020-3452 to enumerate the standard files accessible in the Web Directory of the CISCO ASA applicances.

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

CVE-2020-28243 Local Privledge Escalation Exploit in SaltStack Minion