Koleksi exploit databases, PoC repositories, exploit search engines, exploit frameworks, payload references, exploitation technique references, CVE PoC, Nuclei templates, Metasploit modules, dan exploit intelligence untuk lab, patch verification, defensive validation, dan security research legal.
Repo ini fokus ke Exploits Database, PoC Resources, dan Exploit Research.
Isi utamanya adalah:
Exploit database
PoC repository
Exploit search engine
Metasploit modules
Nuclei CVE templates
Payload references
Exploit technique references
CVE-specific exploit references
Exploit intelligence
Patch verification resources
Legal validation tools
Repo ini bukan repository utama untuk vulnerability database. CVE/NVD/vendor advisory hanya disimpan sebagai cross-reference agar exploit/PoC bisa divalidasi dengan benar terhadap affected version, patch status, dan mitigation.
Exploit database digunakan untuk mencari referensi PoC, exploit script, payload, module, exploitability context, dan teknik validasi keamanan.
Use cases yang aman:
Lab pribadi
CTF
Patch verification
Detection engineering
Bug bounty sesuai scope
Internal pentest berizin
SOC enrichment
Defensive exploit validation
Exploitability triage
Security research legal
| Resource | Link | Fungsi |
|---|---|---|
| Exploit-DB | https://www.exploit-db.com/ | Public exploit archive dari OffSec untuk exploit, shellcode, papers, dan PoC references. |
| Exploit Database GitLab Mirror | https://gitlab.com/exploit-database/exploitdb | Mirror repository Exploit-DB untuk local search dan arsip exploit. |
| Searchsploit | https://www.kali.org/tools/exploitdb/ | CLI Kali Linux untuk mencari Exploit-DB secara lokal. |
| Packet Storm Security | https://packetstorm.news/ | Archive exploits, advisories, tools, whitepapers, dan security research. |
| Rapid7 Vulnerability & Exploit Database | https://www.rapid7.com/db/ | Database vulnerability dan exploit module yang terkait ekosistem Rapid7/Metasploit. |
| 0day.today | https://0day.today/ | Exploit marketplace/database; gunakan hanya sebagai referensi riset dan hati-hati terhadap konten berisiko. |
| CXSecurity Exploit Archive | https://cxsecurity.com/exploit/ | Archive exploit dan vulnerability disclosure. |
| Sploitus | https://sploitus.com/ | Search engine untuk exploit dan PoC dari berbagai sumber publik. |
| Vulners Exploit Search | https://vulners.com/search | Search engine vulnerability intelligence dengan exploit/advisory references. |
| InTheWild.io | https://inthewild.io/ | Database eksploitasi in-the-wild dan vulnerability exploitation intelligence. |
| Resource | Link | Fungsi |
|---|---|---|
| ProjectDiscovery Nuclei Templates | https://github.com/projectdiscovery/nuclei-templates | Detection templates untuk CVE, exposure, misconfiguration, dan vulnerability checks. |
| Nuclei Templates CVEs | https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves | Folder CVE templates untuk Nuclei. |
| Awesome CVE PoC | https://github.com/qazbnm456/awesome-cve-poc | Curated CVE PoC references. |
| 0xMarcio CVE | https://github.com/0xMarcio/cve | Koleksi PoC CVE untuk riset/lab. |
| rainpwn exploits | https://github.com/rainpwn/exploits | Koleksi exploit/PoC untuk riset lab legal. |
| chebuya exploits | https://github.com/chebuya/exploits | Koleksi exploit/PoC security research. |
| shadowsock5 Poc | https://github.com/shadowsock5/Poc | Koleksi PoC berbagai produk. |
| Some-PoC-oR-ExP | https://github.com/coffeehb/Some-PoC-oR-ExP | Koleksi PoC/Exploit untuk research; audit sebelum penggunaan. |
| rxerium templates | https://github.com/rxerium/rxerium-templates/tree/main/ | Koleksi Nuclei templates dan detection references. |
| Exploit Development Awesome | https://github.com/FabioBaroni/awesome-exploit-development | Resource exploit development. |
| Awesome Vulnerability Research | https://github.com/re-pronin/awesome-vulnerability-research | Resource vulnerability research dan exploit analysis. |
| js-vuln-db | https://github.com/tunz/js-vuln-db | Collection of JavaScript engine CVEs with PoCs. |
| uxss-db | https://github.com/Metnew/uxss-db | Collection of UXSS CVEs with PoCs. |
| SploitScan | https://github.com/xaitax/SploitScan | Tool untuk mencari dan merangkum exploit/PoC terkait CVE untuk riset defensif. |
| Resource | Link | Fungsi |
|---|---|---|
| Grafana-Final-Scanner | https://github.com/Zierax/Grafana-Final-Scanner | Scanner CVE Grafana untuk lab atau validasi legal. |
| apache-vulnerability-testing | https://github.com/mrmtwoj/apache-vulnerability-testing | Pengujian CVE Apache HTTP Server. |
| nginx-rift | https://github.com/depthfirstdisclosures/nginx-rift | Riset CVE Nginx. |
| Livepyre | https://github.com/synacktiv/Livepyre | Riset CVE Laravel Livewire. |
| cPanelSniper | https://github.com/ynsmroztas/cPanelSniper | PoC cPanel/WHM auth bypass chain. |
| watchTowr cPanel WHM AuthBypass to RCE | https://github.com/watchtowrlabs/watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py | PoC cPanel/WHM chain; gunakan hanya untuk lab/validasi patch. |
| CVE-2025-5777 | https://github.com/win3zz/CVE-2025-5777 | PoC/riset CVE-2025-5777 Citrix NetScaler memory leak; lab/legal scope only. |
| CVE-2025-33073 | https://github.com/mverschu/CVE-2025-33073 | PoC CVE-2025-33073 NTLM reflection SMB flaw; lab/legal scope only. |
| Exploit-CVE-2025-24799 | https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799 | PoC/referensi riset CVE-2025-24799 untuk lab atau validasi legal. |
| CVE-2025-55182 React2Shell RCE Shell | https://github.com/M4xSec/CVE-2025-55182-React2Shell-RCE-Shell | PoC React2Shell; simpan sebagai riset/validasi defensif. |
| CVE-2025-55182 advanced scanner | https://github.com/zack0x01/CVE-2025-55182-advanced-scanner- | Scanner React2Shell; gunakan hanya pada scope legal. |
| CVE-2025-55182 shellinteractive | https://github.com/MrR0b0t19/CVE-2025-55182-shellinteractive | PoC interaktif React2Shell; lab/authorized validation only. |
| rschunter | https://github.com/sumanrox/rschunter | Scanner React Server Components CVE hunting. |
| CVE-2025-61882-CVE-2025-61884 | https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884 | Riset Oracle E-Business Suite CVE. |
| CVE-2025-61882 | https://github.com/GhoStZA-debug/CVE-2025-61882 | PoC/referensi CVE-2025-61882; gunakan hanya untuk lab/validasi patch. |
| CVE-2025-61882 Oracle E-Business Suite Pre-Auth RCE Exploit | https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit | PoC/referensi Oracle EBS; gunakan hanya untuk lab atau target berizin. |
| CVE-2025-61884 nuclei template | https://github.com/projectdiscovery/nuclei-templates/blob/main/http%2Fcves%2F2025%2FCVE-2025-61884.yaml | Template deteksi CVE-2025-61884. |
| CVE-2024-21534 | https://github.com/pabloopez/CVE-2024-21534 | PoC/referensi CVE-2024-21534 untuk lab dan validasi patch. |
| CVE-2017-9841-EXPLOIT | https://github.com/K3ysTr0K3R/CVE-2017-9841-EXPLOIT | PoC CVE-2017-9841; gunakan hanya untuk lab/validasi legal. |
| mongobleed | https://github.com/joe-desimone/mongobleed | Riset MongoBleed CVE. |
| CVE-2025-53652 Jenkins Git Parameter Analysis | https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis | Analisis CVE Jenkins Git Parameter. |
| Resource | Link | Fungsi |
|---|---|---|
| Metasploit Framework | https://github.com/rapid7/metasploit-framework | Framework exploit modules, auxiliary modules, dan validation legal di lab/scope. |
| Nuclei | https://github.com/projectdiscovery/nuclei | Template-based scanner untuk CVE/misconfiguration detection. |
| Nuclei-AI-Prompts | https://github.com/reewardius/Nuclei-AI-Prompts | Prompt untuk membantu membuat ide deteksi Nuclei. |
| Nmap NSE Scripts | https://nmap.org/nsedoc/ | Nmap Scripting Engine untuk enumeration dan vulnerability checks. |
| Wapiti | https://github.com/wapiti-scanner/wapiti | Web application vulnerability scanner. |
| Nikto | https://github.com/sullo/nikto | Web server scanner klasik. |
| OWASP ZAP | https://github.com/zaproxy/zaproxy | Open-source web/API proxy dan scanner. |
| sqlmap | https://github.com/sqlmapproject/sqlmap | SQL injection automation tool; gunakan hanya pada scope legal. |
| Ghauri | https://github.com/r0oth3x49/ghauri | SQL injection detection/exploitation helper untuk lab/scope legal. |
| commix | https://github.com/commixproject/commix | Command injection testing tool untuk lab/scope legal. |
| Corsy | https://github.com/s0md3v/Corsy | CORS misconfiguration scanner. |
| SSRFmap | https://github.com/swisskyrepo/SSRFmap | SSRF testing framework untuk lab/scope legal. |
| smugglex | https://github.com/hahwul/smugglex | HTTP Request Smuggling scanner. |
| LFImap | https://github.com/hansmach1ne/LFImap | Local File Inclusion scanner. |
| Greenbone / OpenVAS | https://github.com/greenbone/gvmd | Vulnerability scanning dan management platform. |
| Trivy | https://github.com/aquasecurity/trivy | Vulnerability/misconfiguration scanner untuk container, filesystem, IaC, Kubernetes, dan secrets. |
| Grype | https://github.com/anchore/grype | Vulnerability scanner untuk container image dan filesystem. |
| Vuls | https://github.com/future-architect/vuls | Agentless vulnerability scanner untuk Linux/FreeBSD servers. |
| Resource | Link | Fungsi |
|---|---|---|
| PayloadsAllTheThings | https://github.com/swisskyrepo/PayloadsAllTheThings | Payload, bypass, dan technique references untuk banyak vulnerability class. |
| PayloadsAllTheThings - Command Injection | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#filter-bypassesAC | Referensi command injection dan filter bypass. |
| PayloadsAllTheThings - Upload Insecure Files | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files | Referensi bypass upload file dan insecure upload. |
| HackTricks | https://book.hacktricks.xyz/ | Pentest notes, exploitation techniques, cloud, web, Linux/Windows, dan privilege escalation. |
| GTFOBins | https://gtfobins.github.io/ | Unix binaries abuse reference untuk privilege escalation/lab. |
| LOLBAS | https://lolbas-project.github.io/ | Windows living-off-the-land binaries/scripts/libraries reference. |
| WADComs | https://wadcoms.github.io/ | Windows/AD command reference untuk internal assessment. |
| PayloadBox | https://github.com/payloadbox | Payload collections untuk web vulnerability testing. |
| SecLists | https://github.com/danielmiessler/SecLists | Wordlists dan payload lists untuk security testing. |
| Web-Fuzzing-Box | https://github.com/gh0stkey/Web-Fuzzing-Box | Koleksi dictionary dan payload web fuzzing. |
| XSSNow | https://github.com/dr34mhacks/xssnow | Knowledge base payload XSS. |
| XSS-Payloads | https://github.com/orwagodfather/XSS-Payloads | Koleksi payload XSS. |
| Resource | Link | Fungsi |
|---|---|---|
| CISA Known Exploited Vulnerabilities Catalog | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | Catalog vulnerability yang diketahui sudah dieksploitasi di dunia nyata. |
| CISA Alerts & Advisories | https://www.cisa.gov/news-events/cybersecurity-advisories | Advisory keamanan dan alert eksploitasi dari CISA. |
| Google Project Zero | https://googleprojectzero.blogspot.com/ | Vulnerability research dan exploit analysis. |
| Google TAG Blog | https://blog.google/threat-analysis-group/ | Threat analysis, exploitation campaigns, dan threat actor reporting. |
| Microsoft Security Blog | https://www.microsoft.com/en-us/security/blog/ | Security research, threat intelligence, dan vulnerability exploitation trends. |
| Mandiant Blog | https://www.mandiant.com/resources/blog | Threat intelligence, intrusion analysis, exploitation, dan incident response research. |
| Unit 42 Threat Research | https://unit42.paloaltonetworks.com/ | Threat intelligence dan vulnerability exploitation analysis. |
| Cisco Talos Blog | https://blog.talosintelligence.com/ | Threat research, malware, vulnerabilities, dan exploitation trends. |
| Rapid7 Blog | https://www.rapid7.com/blog/ | Vulnerability research, exploit analysis, dan security operations insights. |
| watchTowr Labs | https://labs.watchtowr.com/ | Vulnerability analysis, exploit chain writeups, dan patch validation research. |
| Assetnote Research | https://www.assetnote.io/resources/research | Application security research dan exploitability analysis. |
Bagian ini hanya cross-reference agar PoC/exploit bisa dicek terhadap CVE, affected version, patch, dan vendor advisory. Fokus utama repo tetap exploit database.
| Resource | Link | Fungsi |
|---|---|---|
| CVE | https://www.cve.org/ | Catalog resmi CVE sebagai referensi identitas vulnerability. |
| NVD | https://nvd.nist.gov/vuln | NVD untuk CVE detail, CVSS, CPE, CWE, reference, dan enrichment. |
| CVE Details | https://www.cvedetails.com/ | Database CVE dengan filter vendor/product/version. |
| GitHub Security Advisories | https://github.com/advisories | Advisory database untuk package dan GitHub ecosystem. |
| OSV | https://osv.dev/ | Open Source Vulnerabilities database untuk package ecosystems. |
| Snyk Vulnerability DB | https://security.snyk.io/ | Vulnerability database untuk dependencies, container, dan package ecosystem. |
| Microsoft Security Response Center | https://msrc.microsoft.com/update-guide/vulnerability | Microsoft vulnerability update guide. |
| Android Security Bulletins | https://source.android.com/docs/security/bulletin | Android security bulletin dan patch information. |
Bagian ini berisi resource high-risk, rawan disalahgunakan, tidak cocok untuk toolkit operasional publik, atau perlu audit ketat. Simpan hanya sebagai awareness, defensive research, atau lab tertutup bila benar-benar diperlukan.
| Resource | Link | Catatan |
|---|---|---|
| AutoSploit | https://github.com/NullArray/AutoSploit | Automated exploitation framework; high-risk, gunakan hanya untuk lab/legal validation. |
| UFONet | https://github.com/epsylon/ufonet | DDoS/botnet-oriented toolkit; jangan gunakan untuk menyerang layanan pihak lain. |
| BurpSuite_Pro | https://github.com/prash0xd/BurpSuite_Pro | Berpotensi cracked/piracy; gunakan Burp Suite resmi. |
| evilginx2 | https://github.com/kgretzky/evilginx2 | Phishing/MFA attack framework; awareness, defense training, atau lab legal only. |
| systemd-backdoor | https://github.com/MatheuZSecurity/systemd-backdoor/ | Backdoor/persistence-related; tidak cocok untuk toolkit operasional publik. |
| D3m0n1z3dShell | https://github.com/MatheuZSecurity/D3m0n1z3dShell | Shell/backdoor-style tooling; research-only. |
| Python-Backdoor | https://github.com/xp4xbox/Python-Backdoor | Backdoor tooling; tidak cocok untuk toolkit operasional publik. |
| intelligentexploit.com via HugeDomains | https://www.hugedomains.com/domain_profile.cfm?d=intelligentexploit.com | Domain profile/penjualan domain, bukan exploit database aktif. |
1. Identify product / version / component
β
2. Confirm CVE, affected version, and vendor advisory
β
3. Search exploit databases and PoC references
β
4. Review PoC source code before running anything
β
5. Reproduce only in local lab or authorized scope
β
6. Capture evidence safely: request/response, logs, screenshots
β
7. Document impact, affected version, and exploitation condition
β
8. Recommend patch, mitigation, detection, and hardening
site:exploit-db.com CVE-2025
site:packetstorm.news CVE-2024 exploit
site:github.com CVE-2025 PoC
site:github.com projectdiscovery nuclei-templates CVE
site:rapid7.com/db/modules CVE
site:sploitus.com CVE product version
site:vulners.com exploit product version
Gunakan semua database, PoC, exploit, payload, scanner, dan referensi ini hanya untuk:
- Lab pribadi
- CTF
- Bug bounty sesuai scope
- Internal pentest berizin
- Patch verification
- Detection engineering
- Malware/vulnerability research legal
- Defensive security
- Security education
Jangan menggunakan exploit, PoC, payload, scanner, search engine, phishing framework, backdoor, persistence tool, atau teknik dari repository ini untuk menyerang, mengeksploitasi, memindai, mengambil data, membuat persistence, melakukan credential theft, atau mengakses sistem pihak lain tanpa izin eksplisit.
Repository ini adalah katalog referensi untuk pembelajaran dan riset keamanan yang etis.