5 个仓库
Analysis of vulnerabilities that allow an attacker to execute arbitrary code on a remote server.
Distinct from Remote Code Execution Mitigations: Candidates focus on the capability of remote execution or mitigation, not the penetration testing/exploitation of the flaw.
Explore 5 awesome GitHub repositories matching security & cryptography · Remote Code Execution Testing. Refine with filters or upvote what's useful.
SpringBootVulExploit is a collection of scanning and auditing tools designed to identify vulnerabilities, information leaks, and execution vectors within Java-based application frameworks, specifically targeting Spring Boot applications. It provides a suite of exploit techniques, payloads, and security checklists for performing vulnerability analysis. The project features capabilities for triggering remote code execution through injection vectors, deserialization payloads, and malicious configuration files. It includes a scanner for detecting exposed environment variables and internal routing
Provides methods to trigger unauthorized code execution on a server via injection vectors or malicious configuration.
Pikachu 是一个 Web 安全培训平台和易受攻击的 Web 应用沙盒。它提供了一个容器化的实验环境,旨在练习渗透测试和识别常见的安全漏洞。 该项目作为 OWASP Top 10 练习实验室,提供了一套针对关键风险的模拟套件。它包括用于练习 SQL 注入、跨站脚本 (XSS)、远程代码执行和失效的访问控制等漏洞利用的具体场景。 该环境涵盖了广泛的安全测试模拟,包括目录遍历、服务端请求伪造 (SSRF)、不安全的文件上传和 XML 外部实体 (XXE) 攻击。它还具有一个管理后台,用于管理钓鱼模拟并监控捕获的会话负载。 整个平台通过容器化镜像部署,该镜像会自动初始化数据库模式并使用种子数据填充环境。
Provides a simulation for practicing the execution of arbitrary commands on a remote server.
Exphub 是一个 CVE 利用脚本库和企业软件漏洞套件,旨在验证和利用 WebLogic、Struts2、Tomcat 和 JBoss 等服务器环境中的已知安全漏洞。它作为一个远程代码执行工具包和 Web Shell 部署框架,用于触发未经授权的命令执行并在远程系统上建立持久访问。 该项目包含用于内网侦察的专用工具,特别是利用服务端请求伪造(SSRF)来扫描开放端口和服务。它还提供了绕过访问控制以及执行未经授权的文件读取和上传的机制。 该套件涵盖了广泛的功能领域,包括漏洞评估、渗透测试以及执行概念验证(PoC)脚本以确认安全漏洞的存在。
Analyzes target software to detect vulnerabilities that allow an attacker to execute arbitrary remote code.
ysoserial.net is a payload generator for .NET deserialization, designed to create malicious serialized objects and structured gadget chains. It serves as a tool for generating command execution strings and security testing suites used to assess vulnerabilities in .NET formatters. The tool enables the creation of sequences of object calls that trigger remote code execution during the reconstruction of serialized data. It produces specialized payloads for executing system commands, loading remote libraries, and accessing local file systems. The project includes capabilities for optimizing payl
Generates payloads that trigger system command execution on a target machine to verify RCE vulnerabilities.
This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part
Provides tests for command injection and buffer overflows to achieve remote code execution.