Pocsuite3 is a modular vulnerability testing framework designed for the development and execution of security assessment scripts. It provides a comprehensive toolkit for remote vulnerability verification and exploitation, enabling users to automate the identification of security flaws across network targets. The framework is built on an object-oriented scripting architecture that allows for the creation of custom security modules and plugins. It distinguishes itself through a highly extensible design that supports asynchronous task execution for large-scale infrastructure assessments, alongsi
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing
Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses through automated lateral movement and exploit delivery. It functions as a network security testing system that evaluates security posture by attempting to propagate through vulnerabilities and extract sensitive system credentials. The platform distinguishes itself by simulating specific real-world attacker behaviors, such as ransomware encryption, cryptojacking, and the theft of browser-stored credentials and secure shell keys. It utilizes binary hash randomization to evade antiv
##新版本刚发布 可能存在一些bug,正在修复中,若有问题请提交issue带上图是最好不过辣 关注的人们啊, 被关注不是目的, 要来贡献代码或者反馈bug哦(●'◡'●)ノ♥ ##扫描的漏洞路径如下: - deafult admin & uc_server login page - develop.php - X3 - X3 tools/tools.php ~ Deafult password 188281MWWxjk - X3.1 utility/convert/index.php ~ Remote code execute - 6.x - 6.x my.php ~ SQL -…
The main features of code-scan/dzscan are: Vulnerability Exploitation Frameworks.
Open-source alternatives to code-scan/dzscan include: knownsec/pocsuite3 — Pocsuite3 is a modular vulnerability testing framework designed for the development and execution of security… k8gege/k8tools — K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port… andresriancho/w3af — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities… guardicore/monkey — Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses… zhzyker/exphub — Exphub is a CVE exploit script library and enterprise software vulnerability suite designed to verify and exploit… jaykali/maskphish — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network…