5 रिपॉजिटरी
Analysis of vulnerabilities that allow an attacker to execute arbitrary code on a remote server.
Distinct from Remote Code Execution Mitigations: Candidates focus on the capability of remote execution or mitigation, not the penetration testing/exploitation of the flaw.
Explore 5 awesome GitHub repositories matching security & cryptography · Remote Code Execution Testing. Refine with filters or upvote what's useful.
SpringBootVulExploit is a collection of scanning and auditing tools designed to identify vulnerabilities, information leaks, and execution vectors within Java-based application frameworks, specifically targeting Spring Boot applications. It provides a suite of exploit techniques, payloads, and security checklists for performing vulnerability analysis. The project features capabilities for triggering remote code execution through injection vectors, deserialization payloads, and malicious configuration files. It includes a scanner for detecting exposed environment variables and internal routing
Provides methods to trigger unauthorized code execution on a server via injection vectors or malicious configuration.
Pikachu is a web security training platform and vulnerable web application sandbox. It provides a containerized lab environment designed for practicing penetration testing and identifying common security flaws. The project serves as an OWASP Top 10 practice lab, offering a simulation suite for critical risks. It includes specific scenarios for practicing the exploitation of SQL injection, cross-site scripting, remote code execution, and broken access control. The environment covers a broad range of security testing simulations, including directory traversal, server-side request forgery, unsa
Provides a simulation for practicing the execution of arbitrary commands on a remote server.
Exphub एक CVE एक्सप्लॉइट स्क्रिप्ट लाइब्रेरी और एंटरप्राइज़ सॉफ़्टवेयर वल्नेरेबिलिटी सूट है, जिसे WebLogic, Struts2, Tomcat और JBoss जैसे सर्वर एनवायरनमेंट में ज्ञात सुरक्षा खामियों को सत्यापित और एक्सप्लॉइट करने के लिए डिज़ाइन किया गया है। यह रिमोट कोड एक्जीक्यूशन टूलकिट और वेब शेल डिप्लॉयमेंट फ्रेमवर्क के रूप में कार्य करता है, जिसका उपयोग अनधिकृत कमांड एक्जीक्यूशन को ट्रिगर करने और रिमोट सिस्टम पर पर्सिस्टेंट एक्सेस स्थापित करने के लिए किया जाता है। इस प्रोजेक्ट में आंतरिक नेटवर्क टोही (reconnaissance) के लिए विशेष यूटिलिटीज शामिल हैं, विशेष रूप से ओपन पोर्ट्स और सेवाओं को स्कैन करने के लिए सर्वर-साइड रिक्वेस्ट फोर्जरी का उपयोग करना। यह एक्सेस कंट्रोल को बायपास करने और अनधिकृत फ़ाइल रीड और अपलोड करने के लिए मैकेनिज्म भी प्रदान करता है। यह सूट वल्नेरेबिलिटी असेसमेंट, पेनेट्रेशन टेस्टिंग और सुरक्षा खामियों की उपस्थिति की पुष्टि करने के लिए प्रूफ-ऑफ़-कॉन्सेप्ट स्क्रिप्ट के निष्पादन सहित व्यापक क्षमता क्षेत्रों को कवर करता है।
Analyzes target software to detect vulnerabilities that allow an attacker to execute arbitrary remote code.
ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl
Generates payloads that trigger system command execution on a target machine to verify RCE vulnerabilities.
This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
Provides tests for command injection and buffer overflows to achieve remote code execution.