Local Exploit for Meltdown https://github.com/dendisuhubdy/meltdown
Meltdown Spectre PoC https://github.com/paboldin/meltdown-exploit
Meltdown/Spectre PoC 源码集合 https://github.com/turbo/KPTI-PoC-Collection
meltdownspectre补丁 https://github.com/hannob/meltdownspectre-patches
SpecuCheck meltdownspectre win下检查工具 https://github.com/ionescu007/SpecuCheck
Linux本地root提权 https://github.com/5H311-1NJ3C706/local-root-exploits
漏洞研究集合 https://github.com/sergey-pronin/Awesome-Vulnerability-Research
CVE Details是通过读取NVD提供的CVE xml信息并添加exploit-db和metasploit相关模块重新排版布局的网站。 旨在使用户能快速查找到自己要找的漏洞,如按厂商查找按产品查找等。 https://www.cvedetails.com/
Snyk漏洞库 https://github.com/snyk/vulndb
按小时更新的保存使用JSON格式设置的CVE列表信息 https://github.com/CVEProject/cvelist
哈希长度扩展攻击EXP https://github.com/citronneur/rdpy
JAVA反序列化漏洞相关资源列表 https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
JBOSS verify & exp tool https://github.com/joaomatosf/jexboss
些 APT 组(APT28、APT29、APT32、Emotet...)所使用的恶意软件样本 https://github.com/Cherishao/APT-Sample
安卓十月漏洞POC https://github.com/jiayy/android_vuln_poc-exp
在sebug提交的漏洞详情及poc https://github.com/ganliuzhuo/Sebug
PacketWhisper:使用DNS查询和文本隐藏技术 https://github.com/TryCatchHCF/PacketWhisper
ExploitDB官方git版本 https://github.com/offensive-security/exploit-database
Vulncode-DB is a database for vulnerabilities and their corresponding source code https://github.com/google/vulncode-db
php漏洞代码分析 https://github.com/80vul/phpcodz
Parse: PHP安全扫码器 https://github.com/psecio/parse
NodeJsScan-Node.js应用静态安全代码扫码器 https://github.com/ajinabraham/NodeJsScan
proof-of-concept exploits developed by the Semmle Security Research Team. https://github.com/Semmle/SecurityExploits
CVE-2016-2107简单test程序 https://github.com/FiloSottile/CVE-2016-2107
CVE-2015-7547 POC https://github.com/fjserna/CVE-2015-7547
pocassist:全新的开源漏洞测试框架,实现poc在线编辑、运行、批量测试。 https://github.com/jweny/pocassist
一些漏洞和0day的blog https://github.com/pierrekim/pierrekim.github.io JAVA反序列化POC生成工具 https://github.com/frohoff/ysoserial
JAVA反序列化EXP https://github.com/foxglovesec/JavaUnserializeExploits
Jenkins cli漏洞 https://github.com/CaledoniaProject/jenkins-cli-exploit
CVE-2015-2426 EXP (windows内核提权) https://github.com/vlad902/hacking-team-windows-kernel-lpe
web攻击的范例docker环境(php本地文件包含结合phpinfo getshell 以及ssrf结合curl的利用演示) https://github.com/hxer/vulnapp
php7缓存覆写漏洞Demo及相关工具 https://github.com/GoSecure/php7-opcache-override
An exploit for Apache Struts CVE-2018-11776 https://github.com/mazen160/struts-pwn_CVE-2018-11776
Struts2 S2-045-Nmap NSE script https://github.com/Z-0ne/ScanS2-045-Nmap
SS payloads designed to turn alert(1) into P1 https://github.com/hakluke/weaponised-XSS-payloads
XcodeGhost木马样本 https://github.com/XcodeGhostSource/XcodeGhost
scap安全指导 https://github.com/OpenSCAP/scap-security-guide
相对偏学术方向,有不少书籍、会议、报告等推荐 https://github.com/re-pronin/awesome-vulnerability-research
偏Web向的常见漏洞类型案例指导 https://github.com/ngalongc/bug-bounty-reference
13年到现在数十个CVE漏洞的PoC https://github.com/qazbnm456/awesome-cve-poc
恶意软件脚本集 https://github.com/seifreed/malware-scripts
Awesome XSS stuff https://github.com/s0md3v/AwesomeXSS
一大波常见Web攻击Payloads https://github.com/foospidy/payloads
后门仓库,包括各语言直接绑定和反射式的后门,后门加密以及Stager https://github.com/0x00-0x00/ShellPop
常见Web攻击Payloads https://github.com/swisskyrepo/PayloadsAllTheThings
OS X命令行、PowerShell命令行、Google Dorks、Shodan、exploit开发、Java反序列化等列表 https://github.com/coreb1t/awesome-pentest-cheat-sheets
雷石安全实验室出品Shiro命令执行工具 V2.0 https://github.com/tangxiaofeng7/Shiroexploit
Java反序列化技术分享 https://github.com/Y4er/WebLogic-Shiro-shell
漏洞赏金计划集合和著名赏金猎人博客列表 https://github.com/djadmin/awesome-bug-bounty
Exploit开发学习资源 https://github.com/FabioBaroni/awesome-exploit-development
mimic is a tool for covert execution on Linux x86_64. https://github.com/emptymonkey/mimic
二进制EXP编写工具 https://github.com/t00sh/rop-tool
CTF Pwn 类题目脚本编写框架 https://github.com/Gallopsled/pwntools
python写的pwning开发IO库 https://github.com/zTrix/zio
跨平台注入工具( Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.) https://github.com/frida/frida
收集或编写各种漏洞PoC、ExP https://github.com/bollwarm/POC-EXP
xray:一款完善的安全评估工具,支持常见 web 安全问题扫描和POC自定义 https://github.com/chaitin/xray
redteam_vu:红队作战中比较常遇到的一些重点系统漏洞整理。 https://github.com/r0eXpeR/redteam_vul
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善 https://github.com/Mr-xn/Penetration_Testing_POC
基于Docker-Compose的漏洞预构建环境https://vulhub.org https://github.com/vulhub/vulhub
Java安全相关的漏洞和技术demo,原生Java、Fastjson、Jackson、Hessian2、XML反序列化漏洞利用和Dubbo、Shiro、CAS、Tomcat、RMI等框架\中间件\功能的exploits以及Java Security Manager绕过、Dubbo-Hessian2安全加固等等实践代码。 https://github.com/threedr3am/learnjavabug
CNVD-2020-10487(CVE-2020-1938), tomcat ajp 文件读取漏洞poc https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC
python3批量poc检测工具 https://github.com/saucer-man/saucerframe
AJPy aims to craft AJP requests in order to communicate with AJP connectors. https://github.com/hypn0s/AJPy